Solved: Nat and Win32.Small.dp found with SB S&D / HJT and SB S&D Log pasted.. Please Help!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

JonnyJP

Thread Starter
Joined
Oct 21, 2005
Messages
31
I ran some scans with Ad-Aware SE Personal, Spybot Search & Destroy, eTrust PestPatrol, and eTrust EZ Antivirus today on my boss' laptop and after automatically removing some infections, and manually removing others, both "Nat" and "Win32.Small.dp" continue to be found in Spybot after repeatedly being removed. No other programs seem to be finding anything at all either and Spybot doesn't look like it can remove them. They both have keys in the registry, located close together, named "host" and under data have the same exact IP address. I delete each key and they repeatedly appear again, same with changing their name or data. I don't have the laptop physically with me right now, but will be seeing it tomorrow to try any removal ideas. Any help would be very much appreciated. Thank you in advance. :D

HJT and SB S&D:

Logfile of HijackThis v1.99.1
Scan saved at 5:45:20 PM, on 1/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\Village Tronic VTBook DH\Driver\VTBookGauge.exe
C:\DOCUME~1\DR99E2~1.SAR\LOCALS~1\Temp\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\lxbscoms.exe
C:\DOCUME~1\DR99E2~1.SAR\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
R3 - URLSearchHook: (no name) - {F50A1A57-8491-8A3D-C34C-8CBAA2454696} - C:\WINDOWS\system32\wytckd.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Fidelity Toolbar - {76886F39-D4D8-4f00-A354-3CC1C364F363} - C:\WINDOWS\Downloaded Program Files\FidelityToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,[email protected]
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe -startup
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [VTBookGauge] "C:\Program Files\Village Tronic VTBook DH\Driver\VTBookGauge.exe"
O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\DR99E2~1.SAR\LOCALS~1\Temp\svchost.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Bluetooth.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
O16 - DPF: {76886F39-D4D8-4F00-A354-3CC1C364F363} (Fidelity Toolbar) - http://personal.fidelity.com/products/toolbar/FidelityToolbar.cab
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000273 (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbscoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)

-----------------------------------------------------------

Nat: Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-2722632995-2206220525-1419673115-1005\Software\Microsoft\Internet Explorer\Desktop\host
Win32.Small.dp: Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-2722632995-2206220525-1419673115-1005\Software\Microsoft\Internet Explorer\Security\host

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-01-07 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-01-15 advcheck.dll (1.2.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-01-26 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-01-26 Includes\DialerC.sbi (*)
2006-11-24 Includes\Hijackers.sbi (*)
2007-01-26 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-01-26 Includes\KeyloggersC.sbi (*)
2007-01-12 Includes\Malware.sbi (*)
2007-01-26 Includes\MalwareC.sbi (*)
2007-01-19 Includes\PUPS.sbi (*)
2007-01-26 Includes\PUPSC.sbi (*)
2007-01-26 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-01-26 Includes\SecurityC.sbi (*)
2007-01-26 Includes\Spybots.sbi (*)
2007-01-26 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-12-08 Includes\Trojans.sbi (*)
2007-01-26 Includes\TrojansC.sbi (*)
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually
  • Instead of Windows loading as normal, the Advanced Options Menu should appear
  • Select the first option, to run Windows in Safe Mode, then press Enter
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to the clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
 

JonnyJP

Thread Starter
Joined
Oct 21, 2005
Messages
31
Both seem to be completely gone now... Spybot finds nothing and the files no longer exist where they first were in the registry. Thanks alot cybertech :).
How's everything looking?

EDIT: It looks like I spoke too soon... A little bit after posting this reply I received the 45sec shutdown countdown from "NT/Authority System" with status code 204. My boss received a couple of these today also, before the above removal instructions, but with code 203. All scans are also not showing any infections. Any suggestions? Thank you again for your help so far cybertech.

SDFix Report:

SDFix: Version 1.63

Thu 02/01/2007 - 16:15:10.62

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
COM+ Messages

Path:
"C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000273

COM+ Messages Deleted

Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\DOCUME~1\DR99E2~1.SAR\LOCALS~1\Temp\svchost.exe - Deleted
C:\WINDOWS\system32\autosys.exe - Deleted
C:\WINDOWS\system32\cmd32.exe - Deleted
C:\WINDOWS\system32\unsvchosts.lzma - Deleted
C:\WINDOWS\system32\zlbw.dll - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.

Final Check:

Remaining Services:
------------------


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Documents and Settings\\Dr. Sarmiento\\Local Settings\\Temp\\10.tmp"="C:\\Documents and Settings\\Dr. Sarmiento\\Local Settings\\Temp\\10.tmp:*:Enabled:enable"
"C:\\WINDOWS\\system32\\game1.exe"="C:\\WINDOWS\\system32\\game1.exe:*:Enabled:enable"
"C:\\WINDOWS\\system32\\game4.exe"="C:\\WINDOWS\\system32\\game4.exe:*:Enabled:enable"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\WINDOWS\system32\W?nSxS\w?wexec.exe
C:\WINDOWS\system32\??stem32\msdtc.exe~
C:\hiberfil.sys

Finished

-----------------------------------------------------------------------

HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 4:34:06 PM, on 2/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\Village Tronic VTBook DH\Driver\VTBookGauge.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dr. Sarmiento\Desktop\HijackThis.exe
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\74eac9a4b069a45e3e4e8d162f3dd349\update\update.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
R3 - URLSearchHook: (no name) - {F50A1A57-8491-8A3D-C34C-8CBAA2454696} - C:\WINDOWS\system32\wytckd.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Fidelity Toolbar - {76886F39-D4D8-4f00-A354-3CC1C364F363} - C:\WINDOWS\Downloaded Program Files\FidelityToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,[email protected]
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe -startup
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [VTBookGauge] "C:\Program Files\Village Tronic VTBook DH\Driver\VTBookGauge.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Bluetooth.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
O16 - DPF: {76886F39-D4D8-4F00-A354-3CC1C364F363} (Fidelity Toolbar) - http://personal.fidelity.com/products/toolbar/FidelityToolbar.cab
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbscoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115

JonnyJP

Thread Starter
Joined
Oct 21, 2005
Messages
31
Combofix found some files and rebooted my computer / quarantined them, but the shutdown message is still coming up. I'm about to run it one more time to see if it can remove it the second time. If it removes it and the message is killed, I'll edit the post to let you know. If not let me know what's next.. Thanks again.

Here are the logs:



"Dr. Sarmiento" - 07-02-01 21:37:00 Service Pack 2

ComboFix 07.01.31 - Running from: "C:\Documents and Settings\Dr. Sarmiento\Desktop"



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))





C:\WINDOWS\Downloaded Program Files\Logs

C:\Program Files\Common Files\{3BD9C~1

C:\Program Files\Common Files\{3BD9C~2

C:\Program Files\Common Files\{7BD9C~1

C:\Program Files\Common Files\{7BD9C~2

C:\Program Files\outlook

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\qoobox\purity\WINDOWS\system32\STEM32~1

C:\qoobox\purity\WINDOWS\system32\WNSXS~1

C:\qoobox\purity\WINDOWS\system32\STEM32~1\msdtc.exe~

C:\qoobox\purity\WINDOWS\system32\STEM32~1\??stem32

C:\qoobox\purity\WINDOWS\system32\WNSXS~1\w?wexec.exe





((((((((((((((((((((((((((((((( Files Created from 2007-01-01 to 2007-02-01 ))))))))))))))))))))))))))))))))))





2007-02-01 17:38 <DIR> d-------- C:\WINDOWS\LastGood.Tmp

2007-02-01 16:32 <DIR> d-------- C:\WINDOWS\system32\PreInstall

2007-02-01 16:24 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution

2007-02-01 16:11 <DIR> d-------- C:\SDFix

2007-01-31 08:35 60,416 --a------ C:\WINDOWS\system32\wytckd.dll

2007-01-31 08:35 2 --a------ C:\WINDOWS\system32\wnsintcc.exe

2007-01-28 16:48 <DIR> d-------- C:\Program Files\Lavasoft

2007-01-28 16:48 <DIR> d-------- C:\DOCUME~1\DR99E2~1.SAR\Application Data\Lavasoft

2007-01-27 14:22 0 -rahs---- C:\MSDOS.SYS

2007-01-27 14:22 0 -rahs---- C:\IO.SYS

2007-01-13 16:03 <DIR> d-------- C:\DOCUME~1\DR99E2~1.SAR\Application Data\CyberLink

2007-01-13 15:14 <DIR> d-------- C:\Program Files\YRefresher

2007-01-12 17:07 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2007-01-11 14:58 <DIR> d-------- C:\WINDOWS\Sun

2007-01-11 14:58 <DIR> d-------- C:\DOCUME~1\DR99E2~1.SAR\Application Data\Sun

2007-01-08 15:34 <DIR> d-------- C:\DOCUME~1\DR99E2~1.SAR\Application Data\Google

2007-01-08 15:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google

2007-01-08 13:18 <DIR> d---s---- C:\DOCUME~1\DR99E2~1.SAR\UserData

2007-01-07 19:35 <DIR> d--hs---- C:\RECYCLER

2007-01-07 19:17 <DIR> d---s---- C:\DOCUME~1\ADMINI~1\Temporary Internet Files

2007-01-07 19:17 <DIR> d---s---- C:\DOCUME~1\ADMINI~1\History

2007-01-07 19:16 <DIR> d-------- C:\WINDOWS\Prefetch

2007-01-07 19:03 6,144 --a------ C:\WINDOWS\system32\ftlx041e.dll

2007-01-07 19:03 5,632 --a------ C:\WINDOWS\system32\kbdusa.dll

2007-01-07 19:03 185,344 --a------ C:\WINDOWS\system32\Thawbrkr.dll

2007-01-07 19:03 10,752 --a------ C:\WINDOWS\system32\c_iscii.dll

2007-01-07 17:43 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2007-01-07 17:43 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2007-01-07 17:43 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2007-01-07 17:38 <DIR> d-------- C:\Program Files\SpywareGuard

2007-01-07 17:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy

2007-01-07 17:31 <DIR> d-------- C:\Program Files\SpywareBlaster

2007-01-07 17:11 <DIR> d-------- C:\Program Files\Village Tronic VTBook DH

2007-01-07 16:58 68,224 --a------ C:\WINDOWS\system32\drivers\P-PCI.SYS

2007-01-07 16:19 <DIR> d-------- C:\Program Files\Microsoft ActiveSync

2007-01-07 16:18 <DIR> d-------- C:\WINDOWS\SHELLNEW

2007-01-07 16:17 <DIR> d-------- C:\Program Files\Microsoft.NET

2007-01-07 15:55 <DIR> d-------- C:\WINDOWS\CAVTemp

2007-01-07 15:55 <DIR> d-------- C:\Program Files\Common Files\Scanner

2007-01-07 15:51 <DIR> d-------- C:\Program Files\Lexmark

2007-01-07 15:50 <DIR> d-------- C:\DOCUME~1\DR99E2~1.SAR\Application Data\HP

2007-01-07 15:49 <DIR> d-------- C:\Program Files\Lx_cats

2007-01-07 15:48 983,107 --a------ C:\WINDOWS\system32\lxbsgf.dll

2007-01-07 15:48 90,112 --a------ C:\WINDOWS\system32\lxbscur.dll

2007-01-07 15:48 69,632 --a------ C:\WINDOWS\system32\lxbscu.dll

2007-01-07 15:48 536,576 --a------ C:\WINDOWS\system32\lxbsjswr.dll

2007-01-07 15:48 520,192 --a------ C:\WINDOWS\system32\lxbscomc.dll

2007-01-07 15:48 495,616 --a------ C:\WINDOWS\system32\lxbshbn1.dll

2007-01-07 15:48 471,040 --a------ C:\WINDOWS\system32\lxbspmui.dll

2007-01-07 15:48 450,560 --a------ C:\WINDOWS\system32\lxbslmpm.dll

2007-01-07 15:48 421,888 --a------ C:\WINDOWS\system32\lxbscoms.exe

2007-01-07 15:48 40,960 --a------ C:\WINDOWS\system32\lxbsvs.dll

2007-01-07 15:48 385,024 --a------ C:\WINDOWS\system32\lxbscomm.dll

2007-01-07 15:48 376,832 --a------ C:\WINDOWS\system32\lxbsutil.dll

2007-01-07 15:48 344,064 --a------ C:\WINDOWS\system32\lxbscfg.exe

2007-01-07 15:48 294,912 --a------ C:\WINDOWS\system32\lxbsih.exe

2007-01-07 15:48 126,976 --a------ C:\WINDOWS\system32\lxbsprox.dll

2007-01-07 15:48 114,688 --a------ C:\WINDOWS\system32\lxbspplc.dll

2007-01-07 15:48 1,048,576 --a------ C:\WINDOWS\system32\lxbsserv.dll

2007-01-07 15:48 1,040,384 --a------ C:\WINDOWS\system32\lxbsusb1.dll

2007-01-07 15:48 <DIR> d-------- C:\Program Files\Lexmark 810 Series

2007-01-07 15:44 26,787 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys

2007-01-07 15:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\CA

2007-01-07 15:43 95,760 --a------ C:\WINDOWS\system32\ISafeIf.dll

2007-01-07 15:43 75,280 --a------ C:\WINDOWS\system32\VetRedir.dll

2007-01-07 15:43 75,280 --a------ C:\WINDOWS\system32\iSafProd.dll

2007-01-07 15:43 629,264 --a------ C:\WINDOWS\system32\drivers\VetEFile.sys

2007-01-07 15:43 244,240 --a------ C:\WINDOWS\unicows.dll

2007-01-07 15:43 21,043 --a------ C:\WINDOWS\system32\drivers\Vet-Filt.sys

2007-01-07 15:43 16,227 --a------ C:\WINDOWS\system32\drivers\VetFDDNT.sys

2007-01-07 15:43 15,490 --a------ C:\WINDOWS\system32\drivers\Vet-Rec.sys

2007-01-07 15:43 112,144 --a------ C:\WINDOWS\AVShlExt.dll

2007-01-07 15:43 108,592 --a------ C:\WINDOWS\system32\drivers\VetEBoot.sys

2007-01-07 15:43 103,952 --a------ C:\WINDOWS\UnVet32.exe

2007-01-07 15:43 <DIR> d-------- C:\Program Files\CA

2007-01-07 15:38 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2007-01-07 15:31 <DIR> d-------- C:\WINDOWS\pss

2007-01-07 15:30 <DIR> d-------- C:\DOCUME~1\DR99E2~1.SAR\Bluetooth Software

2007-01-07 15:26 <DIR> d-------- C:\WINDOWS\system32\appmgmt

2007-01-07 15:10 <DIR> d-------- C:\Program Files\WIDCOMM

2007-01-07 15:06 <DIR> d--h----- C:\DOCUME~1\DR99E2~1.SAR\Temporary Internet Files

2007-01-07 15:06 <DIR> d--h----- C:\DOCUME~1\DR99E2~1.SAR\History

2007-01-07 15:06 <DIR> d-------- C:\DOCUME~1\DR99E2~1.SAR\Application Data\Intuit

2007-01-07 15:05 <DIR> d---s---- C:\DOCUME~1\DEFAUL~1\Temporary Internet Files

2007-01-07 15:05 <DIR> d---s---- C:\DOCUME~1\DEFAUL~1\History

2007-01-07 15:05 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Application Data\Intuit





(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))



Rootkit driver huy32 is present. A rootkit scan is required



2007-01-31 16:59 -------- d---s---- C:\Documents and Settings\Dr. Sarmiento\Application Data\microsoft

2007-01-28 16:48 -------- d-------- C:\Documents and Settings\Dr. Sarmiento\Application Data\lavasoft

2007-01-13 16:03 -------- d-------- C:\Documents and Settings\Dr. Sarmiento\Application Data\cyberlink

2007-01-12 17:32 -------- d-------- C:\Documents and Settings\Dr. Sarmiento\Application Data\hp

2007-01-11 14:58 -------- d-------- C:\Documents and Settings\Dr. Sarmiento\Application Data\sun

2007-01-08 15:34 -------- d-------- C:\Documents and Settings\Dr. Sarmiento\Application Data\google

2007-01-08 15:33 -------- d-------- C:\Program Files\google

2007-01-07 22:07 -------- d-------- C:\Program Files\hpq

2007-01-07 16:13 -------- d-------- C:\Program Files\rgb

2007-01-07 16:10 -------- d-------- C:\Program Files\microsoft money 2006

2007-01-07 15:54 -------- d-------- C:\Documents and Settings\Dr. Sarmiento\Application Data\macromedia

2007-01-07 15:35 -------- d-------- C:\Program Files\symantec

2007-01-07 15:35 -------- d-------- C:\Program Files\hp

2007-01-07 15:35 -------- d-------- C:\Program Files\Common Files\symantec shared

2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll





(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))



*Note* empty entries & legit default entries are not shown



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"

"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"

"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

"nwiz"="nwiz.exe /installquiet /nodetect"

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe"

"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"

"QPService"="\"C:\\Program Files\\HP\\QuickPlay\\QPService.exe\""

"HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"

"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"

"CaISSDT"="\"C:\\Program Files\\CA\\eTrust Internet Security Suite\\caissdt.exe\""

"CaAvTray"="\"C:\\Program Files\\CA\\eTrust Internet Security Suite\\eTrust EZ Antivirus\\CAVTray.exe\""

"CAVRID"="\"C:\\Program Files\\CA\\eTrust Internet Security Suite\\eTrust EZ Antivirus\\CAVRID.exe\""

"LXBSCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXBStime.dll,[email protected]"

"MemoryCardManager"="C:\\Program Files\\Lexmark\\Lexmark Precision Photo\\MemCard.exe -startup"

"eTrustPPAP"="\"C:\\Program Files\\CA\\eTrust Internet Security Suite\\eTrust PestPatrol Anti-Spyware\\PPActiveDetection.exe\""

"VTBookGauge"="\"C:\\Program Files\\Village Tronic VTBook DH\\Driver\\VTBookGauge.exe\""

"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\

65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"=""

"hkey"="HKLM"

"command"=""

"inimapping"="0"



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlPanel]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="cmd32"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\cmd32.exe internat.dll,LoadKeyboardProfile"

"inimapping"="0"



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctpmon]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ctpmon"

"hkey"="HKCU"

"command"="ctpmon.exe"

"inimapping"="0"



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ISUSPM"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -startup"

"inimapping"="0"



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="issch"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"

"inimapping"="0"



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="dumprep 0 -k"

"hkey"="HKLM"

"command"="%systemroot%\\system32\\dumprep 0 -k"

"inimapping"="0"



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lnwin.exe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="lnwin"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\lnwin.exe"

"inimapping"="0"



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="regsvr32 /s mqrt"

"hkey"="HKLM"

"command"="regsvr32 /s mqrt.dll"

"inimapping"="0"



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="QlbCtrl"

"hkey"="HKLM"

"command"="%ProgramFiles%\\Hewlett-Packard\\HP Quick Launch Buttons\\QlbCtrl.exe /Start"

"inimapping"="0"



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="RecGuard"

"hkey"="HKLM"

"command"="C:\\Windows\\SMINST\\RecGuard.exe"

"inimapping"="0"



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scbu]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="msdtc"

"hkey"="HKCU"

"command"="\"C:\\WINDOWS\\system32\\STEM32~1\\msdtc.exe\" -vt yazb"

"inimapping"="0"



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidzpwfw]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="w?wexec"

"hkey"="HKCU"

"command"="\"C:\\WINDOWS\\system32\\W?nSxS\\w?wexec.exe\" 99001122"

"inimapping"="0"



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysinter]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="adirss"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\adirss.exe"

"inimapping"="0"



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\taskdir]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="taskdir"

"hkey"="HKCU"

"command"="C:\\WINDOWS\\system32\\taskdir.exe"

"inimapping"="0"



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{7BD9CAEC-0724-1033-0613-060426060001}]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Update"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\{7BD9CAEC-0724-1033-0613-060426060001}\\Update.exe\" te-110-12-0000273"

"inimapping"="0"



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{7BD9CAEC-0725-1033-0613-060426060001}]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Update"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\{7BD9CAEC-0725-1033-0613-060426060001}\\Update.exe\" te-110-12-0000273"

"inimapping"="0"



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"wscsvc"=dword:00000002

"wuauserv"=dword:00000002



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\

63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\

6d,73,73,74,79,6c,65,73,00

"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\

73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00



[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"





[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService REG_MULTI_SZ DnsCache\0\0

DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

termsvcs REG_MULTI_SZ TermService\0\0





[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]

Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480



Completion time: 07-02-01 21:40:19

-----------------------------------------------------------------

Logfile of HijackThis v1.99.1

Scan saved at 9:58:37 PM, on 2/1/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe

C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe

C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe

C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe

C:\Program Files\Village Tronic VTBook DH\Driver\VTBookGauge.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

C:\WINDOWS\system32\mqsvc.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\WINDOWS\msagent\AgentSvr.exe

C:\Documents and Settings\Dr. Sarmiento\Desktop\HijackThis.exe



R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop

R3 - URLSearchHook: (no name) - {F50A1A57-8491-8A3D-C34C-8CBAA2454696} - C:\WINDOWS\system32\wytckd.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Fidelity Toolbar - {76886F39-D4D8-4f00-A354-3CC1C364F363} - C:\WINDOWS\Downloaded Program Files\FidelityToolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"

O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"

O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,[email protected]

O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe -startup

O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"

O4 - HKLM\..\Run: [VTBookGauge] "C:\Program Files\Village Tronic VTBook DH\Driver\VTBookGauge.exe"

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop

O16 - DPF: {76886F39-D4D8-4F00-A354-3CC1C364F363} (Fidelity Toolbar) - http://personal.fidelity.com/products/toolbar/FidelityToolbar.cab

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbscoms.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
 

JonnyJP

Thread Starter
Joined
Oct 21, 2005
Messages
31
I went ahead and installed AVG AntiSpyware 7.5 on the computer, ran a full scan and 14 infections were found with 48 objects total infected. I chose "Delete" for all actions to take and the program went through the process of removing them. I then restarted my computer, ran AVG again to do another full scan and it found 3 of the same 14 infections it found before.. This time I chose the action taken for them to be "Delete After Reboot." AVG prompted to resart the PC, when windows came back up I didn't notice AVG run to follow through on the removal, but I went ahead and did another full scan (this time finding nothing).

Apart from that, when I try to update windows through IE it finishes the downloading process and begins to install them but once it gets past 2 or 3 the PC blacks out, I get a quick blue screen with an error on it, and the computer just boots back into windows. It does this repeatedly with no success. I am also getting a "services and app" error "Send/Don't Send Error Report" each time the computer boots, sometimes following with the NT shutdown message. Thanks again for all your help.

Here is the last AVG Report, where it found 3 infections (that should now be gone), and a new HJT log (I also have the 1st AVG report with the 14 infections if needed):

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------



+ Created at: 2:15:25 AM 2/2/2007

+ Scan result:


C:\System Volume Information\_restore{92EC12A7-009B-4D77-899D-FF91068A8284}\RP41\A0022075.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{92EC12A7-009B-4D77-899D-FF91068A8284}\RP41\A0022069.dll -> Adware.Softomate : No action taken.
C:\System Volume Information\_restore{92EC12A7-009B-4D77-899D-FF91068A8284}\RP41\A0022070.dll -> Adware.Softomate : No action taken.
C:\System Volume Information\_restore{92EC12A7-009B-4D77-899D-FF91068A8284}\RP41\A0022071.dll -> Adware.Softomate : No action taken.
C:\System Volume Information\_restore{92EC12A7-009B-4D77-899D-FF91068A8284}\RP41\A0022072.dll -> Adware.Softomate : No action taken.
C:\System Volume Information\_restore{92EC12A7-009B-4D77-899D-FF91068A8284}\RP41\A0022073.dll -> Adware.Softomate : No action taken.
C:\System Volume Information\_restore{92EC12A7-009B-4D77-899D-FF91068A8284}\RP41\A0022074.dll -> Adware.Softomate : No action taken.
C:\System Volume Information\_restore{92EC12A7-009B-4D77-899D-FF91068A8284}\RP41\A0022068.exe -> Trojan.Small : No action taken.


::Report end

----------------------------------------------------------

Logfile of HijackThis v1.99.1

Scan saved at 2:26:23 AM, on 2/2/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe

C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe

C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe

C:\Program Files\Village Tronic VTBook DH\Driver\VTBookGauge.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\WINDOWS\system32\mqsvc.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

C:\Documents and Settings\Dr. Sarmiento\Desktop\HijackThis.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop

R3 - URLSearchHook: (no name) - {F50A1A57-8491-8A3D-C34C-8CBAA2454696} - C:\WINDOWS\system32\wytckd.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Fidelity Toolbar - {76886F39-D4D8-4f00-A354-3CC1C364F363} - C:\WINDOWS\Downloaded Program Files\FidelityToolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"

O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"

O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,[email protected]

O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe -startup

O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"

O4 - HKLM\..\Run: [VTBookGauge] "C:\Program Files\Village Tronic VTBook DH\Driver\VTBookGauge.exe"

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop

O16 - DPF: {76886F39-D4D8-4F00-A354-3CC1C364F363} (Fidelity Toolbar) - http://personal.fidelity.com/products/toolbar/FidelityToolbar.cab

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbscoms.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
 

JonnyJP

Thread Starter
Joined
Oct 21, 2005
Messages
31
My boss didn't want to deal with the hassle so he called HP technical support and they talked him through reinstalling windows. I know we would've gotten it running fine soon if he just would've waited, but he's not the most patient person. Thank you again for all your time and help cybertech. :rolleyes:
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Thanks for letting me know! (y)

I know you put a lot of work into trying to fix his machine...

Next time he wants help you should tell him to call HP! ;)
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top