0

hi my computer is displaying this message on avast after opening a suspicious exe file earlier today(stupid me), please point me in the right direction what to do so that i dont need a full format,
my computer is a hp compaq6910p intel centrino t7500, 4gb ddr2 667 kingston,hs2300 wwan,bluetooth etc. decent laptop i think, anyway theres lots of stuff to reinstall which im trying to get around if possible,kind regards,andrew

Edited by misterwasp: mistake

4
Contributors
13
Replies
14
Views
8 Years
Discussion Span
Last Post by crunchie
0

Did you update Avast and do a full scan, then have it remove or quarantine what it found? That would be the first step.
Then do this;
download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer.

Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.

* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

Reboot the system

Download and run a Full System Scan with HiJackThis and save the log.
Post back here with the MBA-M log, the ESET log and the HiJackThis log.

Edited by jholland1964: n/a

0

i, i have attached all scans,hope they help,kind regards,andrew

Attachments
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=b843b43561946348a68e1540cca17aca
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-09-16 11:30:18
# local_time=2009-09-17 12:30:18 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=769 37 100 100 81896751770
# scanned=160514
# found=47
# cleaned=47
# scan_time=7827
C:\Documents and Settings\LaRgEpOrKsWoRd\Local Settings\Temp\NERO1002529\unit_app_75\Toolbar.exe	Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\WINDOWS\system32\spoolsv.exe	Win32/Virut.NBP virus (cleaned - quarantined)	00000000000000000000000000000000	C
F:\JAF_Nokia_BB5_and_BB5Plus_201_FREE_by_Zulea.zip	a variant of Win32/Packed.Themida application (deleted - quarantined)	00000000000000000000000000000000	C
F:\JAF_Suite_Setup_1.0.0.exe	a variant of Win32/Packed.Themida application (deleted - quarantined)	00000000000000000000000000000000	C
F:\v0.915040.rar	a variant of Win32/Packed.Themida application (deleted - quarantined)	00000000000000000000000000000000	C
F:\VRMPFPP_EN.ISO	probably unknown NewHeur_PE virus (deleted - quarantined)	00000000000000000000000000000000	C
F:\advancebox bb5\AdvanceBox_5.0.rar	a variant of Win32/Packed.Themida application (deleted - quarantined)	00000000000000000000000000000000	C
F:\advancebox bb5\AdvanceBox_v2.17.rar	a variant of Win32/Packed.Themida application (deleted - quarantined)	00000000000000000000000000000000	C
F:\advancebox bb5\AdvanceBox_v5.01.rar	a variant of Win32/Packed.Themida application (deleted - quarantined)	00000000000000000000000000000000	C
F:\autodata 3.16 + crack\AdKey.zip	probably a variant of Win32/Agent trojan (deleted - quarantined)	00000000000000000000000000000000	C
F:\colins stuff\3.18_crack.rar	probably a variant of Win32/Agent trojan (deleted - quarantined)	00000000000000000000000000000000	C
F:\colins stuff\7 up	multiple threats (deleted - quarantined)	00000000000000000000000000000000	C
F:\colins stuff\Alcohol_120_Black_Edition_4.0_with_working_crack.rar	a variant of Win32/Adware.Virtumonde.NCC application (deleted - quarantined)	00000000000000000000000000000000	C
F:\colins stuff\avast.Professional.Edi-v4.8.1229.Inc.Keygens.rar	probably a variant of Win32/Agent trojan (deleted - quarantined)	00000000000000000000000000000000	C
F:\colins stuff\keys_power_dvd.rar	probably a variant of Win32/TrojanDownloader.Agent trojan (deleted - quarantined)	00000000000000000000000000000000	C
F:\colins stuff\Nero_8.3.6.0_Lite_and_Micro.rar	a variant of Win32/Adware.Virtumonde.NDN application (deleted - quarantined)	00000000000000000000000000000000	C
F:\colins stuff\QUALITY Norton 360 v2.0.rar	multiple threats (deleted - quarantined)	00000000000000000000000000000000	C
F:\colins stuff\Your.Uninstaller.PRO.2008.v6.2.1267.zip	probably a variant of Win32/Agent trojan (deleted - quarantined)	00000000000000000000000000000000	C
F:\colins stuff\driver geni\Driver.Genius.Pro.v8.0.keygen.rar	probably a variant of Win32/Agent trojan (deleted - quarantined)	00000000000000000000000000000000	C
F:\colins stuff\driver geni\Driver.Genius.Pro.v8.0.+keygen\keygen.exe	probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
F:\colins stuff\Driver.Genius.Pro.v8.0.+keygen\keygen.exe	probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
F:\colins stuff\Evidence Eliminator\Evidence_Eliminator_6.0.rar	probably a variant of Win32/Bifrose trojan (deleted - quarantined)	00000000000000000000000000000000	C
F:\colins stuff\Evidence Eliminator\Evidence Eliminator 6.0\insteelm2.exe	probably a variant of Win32/Bifrose trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
F:\colins stuff\fish tank\dreamaq.exe	a variant of Win32/Adware.Virtumonde.NAZ application (deleted - quarantined)	00000000000000000000000000000000	C
F:\colins stuff\fish tank\dreamaq.rar	a variant of Win32/Adware.Virtumonde.NAZ application (deleted - quarantined)	00000000000000000000000000000000	C
F:\colins stuff\New Folder\NBP.5.35\crack.exe	probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
F:\colins stuff\New Folder\News.Bin.Pro.5.35\NBP.5.35\crack.exe	probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
F:\colins stuff\pro\Total_Commander_Ultima_Prime_4.4.rar	probably a variant of Win32/Spy.Agent trojan (deleted - quarantined)	00000000000000000000000000000000	C
F:\colins stuff\pro\TrendMicro32-bit.rar	Win32/PSW.VB.NCA trojan (deleted - quarantined)	00000000000000000000000000000000	C
F:\colins stuff\pro\Unlocker_1.8.7.0_mahek_cw.rar	Win32/Agent.QBA trojan (deleted - quarantined)	00000000000000000000000000000000	C
F:\colins stuff\pro\WinRar_Password_Remover.rar	probably a variant of Win32/PSW.Agent trojan (deleted - quarantined)	00000000000000000000000000000000	C
F:\files\CloneCD v 5.3.0.1.rar	probably a variant of Win32/IRCBot trojan (deleted - quarantined)	00000000000000000000000000000000	C
F:\files\freeripmp3.exe	Win32/Agent.QBA trojan (deleted - quarantined)	00000000000000000000000000000000	C
F:\files\JAF_Suite_Setup_1.0.0.exe	a variant of Win32/Packed.Themida application (deleted - quarantined)	00000000000000000000000000000000	C
F:\files\Nero-9.0.9.4b_trial.exe	Win32/Toolbar.AskSBar application (deleted - quarantined)	00000000000000000000000000000000	C
F:\files\Nero-9.0.9.4b_trial.rar	Win32/Toolbar.AskSBar application (deleted - quarantined)	00000000000000000000000000000000	C
F:\files\stereocodes.rar	multiple threats (deleted - quarantined)	00000000000000000000000000000000	C
F:\files\autodata 3.18\STOKIE21 AUTODATA CRACK\AdKey.exe	probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
F:\files\autodata 3.18\STOKIE21 AUTODATA CRACK\crack_1\AdKey.exe	probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
F:\files\Nero 9.0.9.4 Ultra Edition & keys\Nero 9.0.9.4 Ultra Edition & keys.zip	Win32/Toolbar.AskSBar application (deleted - quarantined)	00000000000000000000000000000000	C
F:\Newsbin Download\alt.binaries.b4e\Clone CD v5.3.1.0 + Crack!.rar	Win32/TrojanDownloader.Zlob.COJ trojan (deleted - quarantined)	00000000000000000000000000000000	C
F:\Newsbin Download\alt.binaries.b4e\Clone CD v5.3.1.0 + Crack!\asfsafs_original.EXE	Win32/TrojanDownloader.Zlob.COJ trojan (deleted - quarantined)	00000000000000000000000000000000	C
F:\setool\setool2g.exe	a variant of Win32/Packed.Themida application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
F:\setool\v0.915038.rar	a variant of Win32/Packed.Themida application (deleted - quarantined)	00000000000000000000000000000000	C
F:\Torrent Downloads\Autodata 318 unlocking keys\3.18 Unlocking Key 1.exe	probably a variant of Win32/Agent trojan (deleted - quarantined)	00000000000000000000000000000000	C
F:\Torrent Downloads\BayGenie.eBay.Auction.Sniper.Pro.v3.1.4.0\BayGenie.eBay.Auction.Sniper.Pro.v3.1.4.0.rar	probably a variant of Win32/PSW.OnLineGames trojan (deleted - quarantined)	00000000000000000000000000000000	C
F:\Torrent Downloads\USB Thief ~[A]ttitude\USBThief.exe	INF/Autorun virus (deleted - quarantined)	00000000000000000000000000000000	C
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:47:07, on 17/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ifxspmgt.exe
C:\WINDOWS\system32\ifxtcs.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\Novadigm\ManagementAgent\nvdkit.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\system32\AccelerometerSt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HPQ\HP Connection Manager\WaHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\LaRgEpOrKsWoRd\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [IFXSPMGT] C:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WatcherHelper] "C:\Program Files\HPQ\HP Connection Manager\WaHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252586830406
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\ifxtcs.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: Radia Management Agent (rma) - Unkn
Malwarebytes' Anti-Malware 1.41
Database version: 2813
Windows 5.1.2600 Service Pack 3

16/09/2009 22:09:55
mbam-log-2009-09-16 (22-09-55).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 153897
Time elapsed: 1 hour(s), 16 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\svvchost.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\neercrjkip.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
0

mbam log:

Malwarebytes' Anti-Malware 1.41
Database version: 2813
Windows 5.1.2600 Service Pack 3

16/09/2009 22:09:55
mbam-log-2009-09-16 (22-09-55).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 153897
Time elapsed: 1 hour(s), 16 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\svvchost.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\neercrjkip.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.

eset log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=b843b43561946348a68e1540cca17aca
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-09-16 11:30:18
# local_time=2009-09-17 12:30:18 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=769 37 100 100 81896751770
# scanned=160514
# found=47
# cleaned=47
# scan_time=7827
C:\Documents and Settings\LaRgEpOrKsWoRd\Local Settings\Temp\NERO1002529\unit_app_75\Toolbar.exe Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\spoolsv.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
F:\JAF_Nokia_BB5_and_BB5Plus_201_FREE_by_Zulea.zip a variant of Win32/Packed.Themida application (deleted - quarantined) 00000000000000000000000000000000 C
F:\JAF_Suite_Setup_1.0.0.exe a variant of Win32/Packed.Themida application (deleted - quarantined) 00000000000000000000000000000000 C
F:\v0.915040.rar a variant of Win32/Packed.Themida application (deleted - quarantined) 00000000000000000000000000000000 C
F:\VRMPFPP_EN.ISO probably unknown NewHeur_PE virus (deleted - quarantined) 00000000000000000000000000000000 C
F:\advancebox bb5\AdvanceBox_5.0.rar a variant of Win32/Packed.Themida application (deleted - quarantined) 00000000000000000000000000000000 C
F:\advancebox bb5\AdvanceBox_v2.17.rar a variant of Win32/Packed.Themida application (deleted - quarantined) 00000000000000000000000000000000 C
F:\advancebox bb5\AdvanceBox_v5.01.rar a variant of Win32/Packed.Themida application (deleted - quarantined) 00000000000000000000000000000000 C
F:\autodata 3.16 + crack\AdKey.zip probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\3.18_crack.rar probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\7 up multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\Alcohol_120_Black_Edition_4.0_with_working_crack.rar a variant of Win32/Adware.Virtumonde.NCC application (deleted - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\avast.Professional.Edi-v4.8.1229.Inc.Keygens.rar probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\keys_power_dvd.rar probably a variant of Win32/TrojanDownloader.Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\Nero_8.3.6.0_Lite_and_Micro.rar a variant of Win32/Adware.Virtumonde.NDN application (deleted - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\QUALITY Norton 360 v2.0.rar multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\Your.Uninstaller.PRO.2008.v6.2.1267.zip probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\driver geni\Driver.Genius.Pro.v8.0.keygen.rar probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\driver geni\Driver.Genius.Pro.v8.0.+keygen\keygen.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\Driver.Genius.Pro.v8.0.+keygen\keygen.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\Evidence Eliminator\Evidence_Eliminator_6.0.rar probably a variant of Win32/Bifrose trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\Evidence Eliminator\Evidence Eliminator 6.0\insteelm2.exe probably a variant of Win32/Bifrose trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\fish tank\dreamaq.exe a variant of Win32/Adware.Virtumonde.NAZ application (deleted - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\fish tank\dreamaq.rar a variant of Win32/Adware.Virtumonde.NAZ application (deleted - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\New Folder\NBP.5.35\crack.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\New Folder\News.Bin.Pro.5.35\NBP.5.35\crack.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\pro\Total_Commander_Ultima_Prime_4.4.rar probably a variant of Win32/Spy.Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\pro\TrendMicro32-bit.rar Win32/PSW.VB.NCA trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\pro\Unlocker_1.8.7.0_mahek_cw.rar Win32/Agent.QBA trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\pro\WinRar_Password_Remover.rar probably a variant of Win32/PSW.Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\files\CloneCD v 5.3.0.1.rar probably a variant of Win32/IRCBot trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\files\freeripmp3.exe Win32/Agent.QBA trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\files\JAF_Suite_Setup_1.0.0.exe a variant of Win32/Packed.Themida application (deleted - quarantined) 00000000000000000000000000000000 C
F:\files\Nero-9.0.9.4b_trial.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C
F:\files\Nero-9.0.9.4b_trial.rar Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C
F:\files\stereocodes.rar multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
F:\files\autodata 3.18\STOKIE21 AUTODATA CRACK\AdKey.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\files\autodata 3.18\STOKIE21 AUTODATA CRACK\crack_1\AdKey.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\files\Nero 9.0.9.4 Ultra Edition & keys\Nero 9.0.9.4 Ultra Edition & keys.zip Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C
F:\Newsbin Download\alt.binaries.b4e\Clone CD v5.3.1.0 + Crack!.rar Win32/TrojanDownloader.Zlob.COJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\Newsbin Download\alt.binaries.b4e\Clone CD v5.3.1.0 + Crack!\asfsafs_original.EXE Win32/TrojanDownloader.Zlob.COJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\setool\setool2g.exe a variant of Win32/Packed.Themida application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\setool\v0.915038.rar a variant of Win32/Packed.Themida application (deleted - quarantined) 00000000000000000000000000000000 C
F:\Torrent Downloads\Autodata 318 unlocking keys\3.18 Unlocking Key 1.exe probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\Torrent Downloads\BayGenie.eBay.Auction.Sniper.Pro.v3.1.4.0\BayGenie.eBay.Auction.Sniper.Pro.v3.1.4.0.rar probably a variant of Win32/PSW.OnLineGames trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\Torrent Downloads\USB Thief ~[A]ttitude\USBThief.exe INF/Autorun virus (deleted - quarantined) 00000000000000000000000000000000 C


hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:47:07, on 17/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ifxspmgt.exe
C:\WINDOWS\system32\ifxtcs.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\Novadigm\ManagementAgent\nvdkit.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\system32\AccelerometerSt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HPQ\HP Connection Manager\WaHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\LaRgEpOrKsWoRd\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [IFXSPMGT] C:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WatcherHelper] "C:\Program Files\HPQ\HP Connection Manager\WaHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252586830406
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\ifxtcs.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: Radia Management Agent (rma) - Unknown owner - C:/Novadigm/ManagementAgent/nvdkit.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe

--
End of file - 10684 bytes

0

yes its a external with loads of shit on, it was not connected when i had the original problem but thought it best to scan anyway. i have no more avast warnings popping up at present.

0

yes its a external with loads of shit on, it was not connected when i had the original problem but thought it best to scan anyway. i have no more avast warnings popping up at present.

Even though it was not connected when you first got the warning it obviously was/is grossly infected. Do you regularly move files back and forth between the computer and this external drive? Are there P2P sharing files on there? What is it primarily used for?

0

not regularly moving, its a storage drive most of stuff was off my m8colins usb flash drive he needed to empty it to get some stuff off my pc, yes some p2p stuff on there

0

Well, if this also involves a flash drive then it is very possible IT is infected also and should also be scanned, or totally cleaned.

0

What is it primarily used for?

It is used for downloading cracks, keygens and even more malicious crap such as USBThief . . . .

Frankly, it is poetic justice that he got infected..... ;)

PP

0

I am withdrawing my help on this thread because one of the "tools" downloaded was USBThief - This hacktool goes against everything we in the anti-malware community stand for.
It involves the user's active and "hands on" participation in stealing information from a victim's computer therefore we WILL NOT be involved in assisting what many consider illegal activity.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.