hi my computer is displaying this message on avast after opening a suspicious exe file earlier today(stupid me), please point me in the right direction what to do so that i dont need a full format,
my computer is a hp compaq6910p intel centrino t7500, 4gb ddr2 667 kingston,hs2300 wwan,bluetooth etc. decent laptop i think, anyway theres lots of stuff to reinstall which im trying to get around if possible,kind regards,andrew

Recommended Answers

All 13 Replies

Did you update Avast and do a full scan, then have it remove or quarantine what it found? That would be the first step.
Then do this;
download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer.

Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.

* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

Reboot the system

Download and run a Full System Scan with HiJackThis and save the log.
Post back here with the MBA-M log, the ESET log and the HiJackThis log.

i, i have attached all scans,hope they help,kind regards,andrew

any ideas anyone?

Yes. Paste your logs into your post rather than attach them :).

mbam log:

Malwarebytes' Anti-Malware 1.41
Database version: 2813
Windows 5.1.2600 Service Pack 3

16/09/2009 22:09:55
mbam-log-2009-09-16 (22-09-55).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 153897
Time elapsed: 1 hour(s), 16 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\svvchost.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\neercrjkip.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.

eset log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=b843b43561946348a68e1540cca17aca
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-09-16 11:30:18
# local_time=2009-09-17 12:30:18 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=769 37 100 100 81896751770
# scanned=160514
# found=47
# cleaned=47
# scan_time=7827
C:\Documents and Settings\LaRgEpOrKsWoRd\Local Settings\Temp\NERO1002529\unit_app_75\Toolbar.exe Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\spoolsv.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 C
F:\JAF_Nokia_BB5_and_BB5Plus_201_FREE_by_Zulea.zip a variant of Win32/Packed.Themida application (deleted - quarantined) 00000000000000000000000000000000 C
F:\JAF_Suite_Setup_1.0.0.exe a variant of Win32/Packed.Themida application (deleted - quarantined) 00000000000000000000000000000000 C
F:\v0.915040.rar a variant of Win32/Packed.Themida application (deleted - quarantined) 00000000000000000000000000000000 C
F:\VRMPFPP_EN.ISO probably unknown NewHeur_PE virus (deleted - quarantined) 00000000000000000000000000000000 C
F:\advancebox bb5\AdvanceBox_5.0.rar a variant of Win32/Packed.Themida application (deleted - quarantined) 00000000000000000000000000000000 C
F:\advancebox bb5\AdvanceBox_v2.17.rar a variant of Win32/Packed.Themida application (deleted - quarantined) 00000000000000000000000000000000 C
F:\advancebox bb5\AdvanceBox_v5.01.rar a variant of Win32/Packed.Themida application (deleted - quarantined) 00000000000000000000000000000000 C
F:\autodata 3.16 + crack\AdKey.zip probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\3.18_crack.rar probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\7 up multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\Alcohol_120_Black_Edition_4.0_with_working_crack.rar a variant of Win32/Adware.Virtumonde.NCC application (deleted - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\avast.Professional.Edi-v4.8.1229.Inc.Keygens.rar probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\keys_power_dvd.rar probably a variant of Win32/TrojanDownloader.Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\Nero_8.3.6.0_Lite_and_Micro.rar a variant of Win32/Adware.Virtumonde.NDN application (deleted - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\QUALITY Norton 360 v2.0.rar multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\Your.Uninstaller.PRO.2008.v6.2.1267.zip probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\driver geni\Driver.Genius.Pro.v8.0.keygen.rar probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\driver geni\Driver.Genius.Pro.v8.0.+keygen\keygen.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\Driver.Genius.Pro.v8.0.+keygen\keygen.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\Evidence Eliminator\Evidence_Eliminator_6.0.rar probably a variant of Win32/Bifrose trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\Evidence Eliminator\Evidence Eliminator 6.0\insteelm2.exe probably a variant of Win32/Bifrose trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\fish tank\dreamaq.exe a variant of Win32/Adware.Virtumonde.NAZ application (deleted - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\fish tank\dreamaq.rar a variant of Win32/Adware.Virtumonde.NAZ application (deleted - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\New Folder\NBP.5.35\crack.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\New Folder\News.Bin.Pro.5.35\NBP.5.35\crack.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\pro\Total_Commander_Ultima_Prime_4.4.rar probably a variant of Win32/Spy.Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\pro\TrendMicro32-bit.rar Win32/PSW.VB.NCA trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\pro\Unlocker_1.8.7.0_mahek_cw.rar Win32/Agent.QBA trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\colins stuff\pro\WinRar_Password_Remover.rar probably a variant of Win32/PSW.Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\files\CloneCD v 5.3.0.1.rar probably a variant of Win32/IRCBot trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\files\freeripmp3.exe Win32/Agent.QBA trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\files\JAF_Suite_Setup_1.0.0.exe a variant of Win32/Packed.Themida application (deleted - quarantined) 00000000000000000000000000000000 C
F:\files\Nero-9.0.9.4b_trial.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C
F:\files\Nero-9.0.9.4b_trial.rar Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C
F:\files\stereocodes.rar multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
F:\files\autodata 3.18\STOKIE21 AUTODATA CRACK\AdKey.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\files\autodata 3.18\STOKIE21 AUTODATA CRACK\crack_1\AdKey.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\files\Nero 9.0.9.4 Ultra Edition & keys\Nero 9.0.9.4 Ultra Edition & keys.zip Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C
F:\Newsbin Download\alt.binaries.b4e\Clone CD v5.3.1.0 + Crack!.rar Win32/TrojanDownloader.Zlob.COJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\Newsbin Download\alt.binaries.b4e\Clone CD v5.3.1.0 + Crack!\asfsafs_original.EXE Win32/TrojanDownloader.Zlob.COJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\setool\setool2g.exe a variant of Win32/Packed.Themida application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\setool\v0.915038.rar a variant of Win32/Packed.Themida application (deleted - quarantined) 00000000000000000000000000000000 C
F:\Torrent Downloads\Autodata 318 unlocking keys\3.18 Unlocking Key 1.exe probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\Torrent Downloads\BayGenie.eBay.Auction.Sniper.Pro.v3.1.4.0\BayGenie.eBay.Auction.Sniper.Pro.v3.1.4.0.rar probably a variant of Win32/PSW.OnLineGames trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\Torrent Downloads\USB Thief ~[A]ttitude\USBThief.exe INF/Autorun virus (deleted - quarantined) 00000000000000000000000000000000 C


hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:47:07, on 17/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ifxspmgt.exe
C:\WINDOWS\system32\ifxtcs.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\Novadigm\ManagementAgent\nvdkit.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\system32\AccelerometerSt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HPQ\HP Connection Manager\WaHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\LaRgEpOrKsWoRd\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [IFXSPMGT] C:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WatcherHelper] "C:\Program Files\HPQ\HP Connection Manager\WaHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252586830406
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\ifxtcs.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: Radia Management Agent (rma) - Unknown owner - C:/Novadigm/ManagementAgent/nvdkit.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe

--
End of file - 10684 bytes

The bulk of the infections were found by the ESET scanner on "F" Drive. Is this an external drive?

yes its a external with loads of shit on, it was not connected when i had the original problem but thought it best to scan anyway. i have no more avast warnings popping up at present.

yes its a external with loads of shit on, it was not connected when i had the original problem but thought it best to scan anyway. i have no more avast warnings popping up at present.

Even though it was not connected when you first got the warning it obviously was/is grossly infected. Do you regularly move files back and forth between the computer and this external drive? Are there P2P sharing files on there? What is it primarily used for?

not regularly moving, its a storage drive most of stuff was off my m8colins usb flash drive he needed to empty it to get some stuff off my pc, yes some p2p stuff on there

Well, if this also involves a flash drive then it is very possible IT is infected also and should also be scanned, or totally cleaned.

What is it primarily used for?

It is used for downloading cracks, keygens and even more malicious crap such as USBThief . . . .

Frankly, it is poetic justice that he got infected..... ;)

PP

I am withdrawing my help on this thread because one of the "tools" downloaded was USBThief - This hacktool goes against everything we in the anti-malware community stand for.
It involves the user's active and "hands on" participation in stealing information from a victim's computer therefore we WILL NOT be involved in assisting what many consider illegal activity.

Because of the above, this thread is now closed.

Do not post again regarding this issue.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.