Hi, I am having some trouble with Trojans being detected on my buddies laptop....here is the HJ log, any help with removal is greatly appreciated, thanks!

(I forgot the name of the trojans that Avast found, but there were several it found and supposedly removed) There was also a program called "Error Safe" which I deleted as most of the trojans came from that directory.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:59:47 AM, on 2/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SpywareBot\SpywareBotSrv.srv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: {b63b7351-1868-88ba-3764-430435cd32f3} - {3f23dc53-4034-4673-ab88-86811537b36b} - C:\WINDOWS\system32\gqtetbvt.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {92335157-984B-4692-8405-530335CA9F27} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [3574f1da] "rundll32.exe" "C:\WINDOWS\system32\jrfledom.dll",b
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [BackupNotify] "C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe"
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = ?
O4 - Global Startup: D-Link REG Utility.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/assets/activexplayer/SMALStreaming.cab
O20 - Winlogon Notify: wvuvssq - wvuvssq.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SpywareBot Scanning Engine (SpywareBotSrv) - Unknown owner - C:\Program Files\SpywareBot\SpywareBotSrv.srv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Internet Explorer\didozyxus.html

--
End of file - 10023 bytes

I know I probably shouldn't have but I downloaded ComboFix and ran it, here's the logfile for it..........

ComboFix 08-02.05.3 - Registered User 2008-02-06 12:28:13.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.284 [GMT -8:00]
Running from: C:\Documents and Settings\Registered User\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
C:\Documents and Settings\Registered User\Application Data\ECURIT~1
C:\Documents and Settings\Registered User\Application Data\WinAntiSpyware 2006
C:\Documents and Settings\Registered User\Application Data\WinAntiSpyware 2006\Logs\update.log
C:\Documents and Settings\Registered User\err.log
C:\Documents and Settings\Registered User\My Documents\ECURIT~1
C:\Documents and Settings\Registered User\My Documents\YSTEM3~1
C:\Program Files\Common Files\dobe~1
C:\Program Files\Internet Explorer\didozyxus.html
C:\Program Files\MyWay
C:\Program Files\MyWay\myBar\History\search
C:\Program Files\MyWay\myBar\Settings\prevcfg.htm
C:\Program Files\MyWay\myBar\Settings\settings.dat
C:\Program Files\MyWay\myBar\Settings\settings.htm
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\ecurit~1
C:\WINDOWS\ecurit~1\?ecurity\
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\system32\chkconfig
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\F1
C:\WINDOWS\system32\H1
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\oouwyriy.ini2
C:\WINDOWS\system32\oouwyriy.tmp
C:\WINDOWS\system32\racle~1
C:\WINDOWS\system32\tmps9
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\winticomsv.exe
C:\WINDOWS\wr.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NETWORK_MONITOR
-------\Network Monitor
-------\nm


((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 )))))))))))))))))))))))))))))))
.

2008-02-06 12:21 . 2008-02-06 12:21 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-02-06 03:21 . 2008-02-06 03:21 1,158 --a------ C:\WINDOWS\mozver.dat
2008-02-06 02:59 . 2008-02-06 02:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-06 02:55 . 2007-12-06 18:12 110,592 --a------ C:\WINDOWS\system32\SynTPCo4.dll
2008-02-06 01:55 . 2008-02-06 01:55 <DIR> d-------- C:\Program Files\CCleaner
2008-02-06 01:51 . 2007-12-04 04:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-06 01:51 . 2007-12-04 06:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-06 01:51 . 2007-12-04 06:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-06 01:51 . 2007-12-04 06:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-06 01:51 . 2007-12-04 06:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-06 01:51 . 2007-12-04 06:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-06 01:50 . 2008-02-06 01:50 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-06 01:50 . 2007-12-04 05:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-06 01:50 . 2004-01-09 01:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-06 01:44 . 2008-02-06 01:44 2 --a------ C:\WINDOWS\msoffice.ini
2008-02-05 22:50 . 2008-02-06 01:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-24 14:07 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-01-24 14:07 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 11:16 --------- d-----w C:\Program Files\Ipod Video Converter
2008-02-06 11:13 --------- d-----w C:\Program Files\Free iPod Video Converter
2008-02-06 11:05 --------- d-----w C:\Program Files\InterActual
2008-02-06 11:05 --------- d-----w C:\Program Files\Incomplete
2008-02-06 10:46 --------- d-----w C:\Program Files\Pure Networks
2008-02-06 10:46 --------- d-----w C:\Program Files\Common Files\AOL
2008-02-06 10:15 --------- d-----w C:\Program Files\Common Files\Error Safe
2008-02-06 09:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-23 00:14 --------- d-----w C:\Documents and Settings\Registered User\Application Data\AdobeUM
2008-01-09 08:08 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-07 01:41 220,032 ----a-w C:\WINDOWS\system32\drivers\SynTP.sys
2007-09-07 07:14 378 ----a-w C:\Documents and Settings\Registered User\Application Data\internaldb1942.dat
2007-09-07 07:13 177,152 ----a-w C:\Documents and Settings\Registered User\Application Data\internaldb4827.dat
2007-09-07 07:13 151 ----a-w C:\Documents and Settings\Registered User\Application Data\internaldb2216.dat
2007-09-07 07:13 13,046 ----a-w C:\Documents and Settings\Registered User\Application Data\internaldb5436.dat
2007-09-07 07:13 0 ----a-w C:\Documents and Settings\Registered User\Application Data\internaldb4604.dat
2007-03-03 18:18 29,424 ----a-w C:\Documents and Settings\Incomplete\downloads.dat
2006-11-26 00:30 177,152 ----a-w C:\Documents and Settings\Registered User\Application Data\internaldb1869.dat
2006-11-21 02:23 0 ----a-w C:\Documents and Settings\Registered User\Application Data\internaldb2391.dat
2006-11-16 18:25 0 ----a-w C:\Documents and Settings\Registered User\Application Data\internaldb153.dat
2006-11-13 01:12 0 ----a-w C:\Documents and Settings\Registered User\Application Data\internaldb3902.dat
2006-11-13 01:12 0 ----a-w C:\Documents and Settings\Registered User\Application Data\internaldb1538.dat
2006-07-17 05:10 1,664 ----a-w C:\Documents and Settings\Registered User\Application Data\ViewerApp.dat
2007-08-16 05:13 6,473 -csh--w C:\WINDOWS\system32\edeeg.bak1
2007-08-27 04:50 1,600,996 -csh--w C:\WINDOWS\system32\edeeg.bak2
2007-09-07 07:08 1,601,225 --sh--w C:\WINDOWS\system32\edeeg.ini2
2007-10-18 20:24 710,653 --sh--w C:\WINDOWS\system32\jgnpqlnd.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3f23dc53-4034-4673-ab88-86811537b36b}]
2007-11-18 22:03 69908 --a------ C:\WINDOWS\system32\gqtetbvt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24 1694208]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [2007-07-19 21:54 3564344]
"BackupNotify"="C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-08 19:34 32768]
"MoneyAgent"="c:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 11:00 200704]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 18:44 1200128]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-10-30 00:46 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-10-30 00:33 118784]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48 36975]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01 110592]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 09:15 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 17:20 1024000]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 07:38 241664]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-07-30 07:33 286720]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-12-16 09:09 26112]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 19:15 271672]
"3574f1da"="rundll32.exe" [2004-08-04 00:00 33280 C:\WINDOWS\system32\rundll32.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 05:00 79224]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 21:54 5361464]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
D-Link AirPlus G Wireless Utility.lnk - C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe [2005-12-28 10:57:47 774220]
D-Link REG Utility.lnk - C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\Reg.exe [2005-12-28 10:57:46 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 04:19:24 237568]
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2004-12-17 14:14:00 151552]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2004-01-28 22:36:18 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuvssq]
wvuvssq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" /pause

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS [2007-07-19 21:42]
R1 AntiSpyFilter;AntiSpyFilter;C:\WINDOWS\system32\DRIVERS\antispyfilter.sys [2007-08-10 12:09]
R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:00]
S2 SpywareBotSrv;SpywareBot Scanning Engine;"C:\Program Files\SpywareBot\SpywareBotSrv.srv.exe" []

.
Contents of the 'Scheduled Tasks' folder
"2007-08-20 18:40:44 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-06 20:45:08 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-10 07:58:00 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"
- c:\Program Files\Easy Internet signup\HPSdpApp.exe
"2008-02-06 19:54:26 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job"
- C:\Program Files\SpywareBot\SpywareBot.ex
- C:\Program Files\SpywareBot
"2008-02-06 10:51:56 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-06 12:36:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\acs.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-02-06 12:47:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-06 20:47:11
.
2008-02-06 04:10:33 --- E O F ---