Solved

Cannot install anti-virus software or Spyspot S&D etc.  Suspect virus?  HJT logs inside

Posted on 2007-11-27
28
3,421 Views
Last Modified: 2013-12-06
Hi everyone, I'm new here.  
My question hasn't even been answered on other forums and I'm getting desperate.

I think I have a virus.  I use avast! and it scanned a file and said it was fine so I opened it, then avast shut down and I can't get it to work anymore.  I uninstalled and reinstalled, then ran a boot scan which picked up Win32 Downloader-JJ in netsecurity.dll - it was moved to the chest during that process.  When I get into windows, a message flashes up saying that ashServ.exe has had 'unauthorized changes' and is dangerous to run - yes or no?  I've clicked on both and avast doesn't start any time.  I've also tried to install AVG and Spybot, with no luck.  I can't execute the programs and they always go back to the initial installation to restart the install.  The only thing that works is the avast boot scan after i first install it, then it wigs out on me.  
I know there is a virus on my system but without these programs I don't even know what I'm looking for.
I can't find information on Downloader-JJ, and I am currently left unprotected without anti-virus software and am not happy.  

I thought I'd start by posting my HJT log, although I don't see anything hinky with it.  I'm not an expert though.  If someone could help me, I would be eternally greatful

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:31:11 AM, on 28/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Integard\Integard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Integard\IntegardTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Sarah Hadlow\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 127.0.0.2 integard
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [IntegardTray] C:\Program Files\Integard\IntegardTray.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\integard\integard.dll
O10 - Unknown file in Winsock LSP: c:\program files\integard\integard.dll
O10 - Unknown file in Winsock LSP: c:\program files\integard\integard.dll
O10 - Unknown file in Winsock LSP: c:\program files\integard\integard.dll
O10 - Unknown file in Winsock LSP: c:\program files\integard\integard.dll
O10 - Unknown file in Winsock LSP: c:\program files\integard\integard.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=presario&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://javajunkie80.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Integard Service (INTEGARD) - Race River Corporation - C:\Program Files\Integard\Integard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10682 bytes
0
Comment
Question by:anthrogirl
  • 12
  • 7
  • 6
  • +2
28 Comments
 
LVL 66

Expert Comment

by:johnb6767
Comment Utility
Have you totally uninstalled Avast!?

Overall log looks good....
0
 
LVL 66

Expert Comment

by:johnb6767
Comment Utility
Have you also tried disabling Integard while trying to install these apps?

Housecall Online Free Virus Scanner
http:\\housecall.trendmicro.com
Great to do an online Scan in Safe Mode w/ networking
0
 

Author Comment

by:anthrogirl
Comment Utility
I uninstalled integuard and still couldn't install anything.

Also, I can't boot into safe mode.  Windows tells me it was unsuccessful in the last boot and to select a normal windows boot.  That's the only way I have access to the system.

There seems to be no information anywhere on this.  
0
 

Author Comment

by:anthrogirl
Comment Utility
Oh!  An avast won't totally uninstall.  I go to uninstall it from the control panel and it just launches into the setup - like it's not already on the computer.
As you can see from the logs, it is on the computer, but components either aren't running or are missing.

Could this be a new virus on the loose?
0
 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
You could try LSPFix1 to repair your Winsock 2 settings, if you can download it.  Problem can be caused improperly removed software, resulting in loss of Internet access.

"LSPFix 1":
http://www.cnet.com.au/downloads/0,239030384,10417025s,00.htm

Some information on >INTEGARDTRAY.EXE
http://www.prevx.com/filenames/X572533080950933840-0/INTEGARDTRAY.EXE.html
0
 

Author Comment

by:anthrogirl
Comment Utility
I haven't lost any access to the internet.  In fact, I haven't lost anything at all as far as I know.
i just can't use any security software, which of course just opens me up to a whole lot of other nasty stuff online.

I am pretty sure that the .exe file that avast scanned as fine and then I opened (and NOTHING HAPPENED when I executed the file) is the problem.  I believe a virus or trojan or something was released onto my computer and i'm fairly sure it must be pretty new because no-one else, bar one or two I've now found, has this problem and there have been no solutions other than to reinstall windows.  This is drastic for me as I have all of my uni work on it.  I am in the process of backing up...but I'd love to be able to fix this without reinstalling.

The things I need to overcome to remove it are:
*  Finding out what it is and where it is
*  No use of anti-virus software as it's disabled
*  No use of safe mode.

0
 
LVL 27

Accepted Solution

by:
Jonvee earned 250 total points
Comment Utility
>other than to reinstall windows<    that's pretty drastic & hopefully not necessary.

Have you tried 'Stinger', a utility that cleans the system of viruses that block anti virus software. Suggest you run it to make sure that disabling viruses are not present >
http://vil.nai.com/vil/stinger/

If unsuccessful we could try a rootkit search.  You could run Combofix.
Download ComboFix and save to your Desktop >
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double click "combofix.exe" and follow the prompts.
When it's finished it will have produced a Logfile, probably at C:\ComboFix.txt.
You could post that log together with a HijackThis log, in a reply for us.

Please do not mouseclick combofix's window while its running, it may cause it to hang/stall.

You can uninstall ComboFix as follows >
Start > Run > then type "ComboFix /u" (with no quotes, and space between x and / )
Then hit enter, which should reset the clock settings, re-hide system hidden files, reset System Restore, etc..
0
 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
It's approaching midnight here, but you're in good hands with John6767.
Please ignore my earlier reference to INTEGARDTRAY.EXE which may not be relevant.  
Then, failing all else, and *before* you start considering a reinstall, you may want to consider what appears to be the only reference to Integard on the net.  It suggested the following >>

Download LSP-Fix from >>
http://cexx.org/lspfix.htm

Then reboot in Safe mode (if you can, by now!)
Run LSP-Fix, then remove Integard.dll from the Winsock LSP chain
Run Regedit, and delete:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesINTEGARD
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunIntegardTray
Reboot.

You may then like to post us another HijackThis log.  Thanks.  Will drop by early tomorrow.
0
 
LVL 66

Assisted Solution

by:johnb6767
johnb6767 earned 150 total points
Comment Utility
Do you still have that file on your machine that you think dropped a payload on you?

If so.....
upload it here.....

Jotti's malware scan 2.99
http://virusscan.jotti.org/
This is an Online Scanner you can upload suspicious files to for scanning from multiple engines at once....

Turn on your XP Firewall while you are at it, for good measures....

I would start looking at Rootkits.....

Sophos Anti-Rootkit - Find and remove any rootkit that is hidden ...
http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html

RootkitRevealer v1.71
http://www.microsoft.com/technet/sysinternals/Utilities/RootkitRevealer.mspx

0
 
LVL 66

Expert Comment

by:johnb6767
Comment Utility
Most importantly, run ComboFix, and post the logfile. I am extremely curious as to whatfiles have been modified recently in your C:\Windows, System32 and Drivers folders.....

0
 

Author Comment

by:anthrogirl
Comment Utility
Stinger returned nothing.

Spoke with my computer guys (was picking up daughter's computer) and they were interested too.

Am going to do the combo fix thing.  This was suggested in another forum too, so definitely my next step.  Computer guys will do a complete wipe and install for me if I don't get it fixed myself - I would do it but working on my own computer freaks me out...

Will post soon with combofix and HJT logs

0
 

Author Comment

by:anthrogirl
Comment Utility
ComboFix won't run on my computer.  There are no prompts, just a blue DOS type screen with a flashing curser at the beginning.  Nothing is happening at all.

0
 
LVL 66

Expert Comment

by:johnb6767
Comment Utility
Just let it sit..... That is it working.....
0
 

Author Comment

by:anthrogirl
Comment Utility
O...k...will let you know.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 66

Expert Comment

by:johnb6767
Comment Utility
"I am pretty sure that the .exe file that avast scanned as fine and then I opened (and NOTHING HAPPENED when I executed the file) is the problem"

LOL...Just reminded me of a few weeks ago, when I almost tanked my main system by playing with a rootkit.....I knew what it was when I downloaded it, and decided to watch what it did.....

Ooops.....
0
 
LVL 6

Expert Comment

by:Hardi
Comment Utility
I just got the same problem last week.
ComboFix fixed it for me.
One of my trojan files was "srosa" in Windows folder
0
 
LVL 47

Expert Comment

by:rpggamergirl
Comment Utility
When did this start happening? Is your System Restore working? you can also try rolling back to a point before the problem started.

You said you uninstalled Integard, but it's still there.

You can fix these entries:
O1 - Hosts: 127.0.0.2 integard
O4 - HKLM\..\Run: [IntegardTray] C:\Program Files\Integard\IntegardTray.exe


Delete this service --> INTEGARD
Go to Start Menu > Run > type

cmd

Press OK then type or copy and paste these commands onto the cmd screen pressing Enter after each line:

sc stop INTEGARD
sc delete INTEGARD

exit


And delete this folder --> c:\program files\integard
You'll probably lose internet connection, if it happens just run LSPfix.
0
 

Author Comment

by:anthrogirl
Comment Utility
ComboFix took 2 hours to complete.  I too had srosa i believe:


Here are my logs

ComboFix 07-11-19.4 - Sarah Hadlow 2007-11-28 13:16:36.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.565 [GMT 10:00]
Running from: C:\Documents and Settings\Sarah Hadlow\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\exefld
C:\WINDOWS\exefld\50137203.exe
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SROSA
-------\srosa


(((((((((((((((((((((((((   Files Created from 2007-10-28 to 2007-11-28  )))))))))))))))))))))))))))))))
.

2007-11-28 07:22      2,137,600      --a------      C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2007-11-27 23:46      <DIR>      d--------      C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-27 21:34      <DIR>      d--------      C:\Program Files\Alwil Software
2007-11-27 21:34      801,144      --a------      C:\WINDOWS\system32\aswBoot.exe
2007-11-27 21:34      380,928      --a------      C:\WINDOWS\system32\actskin4.ocx
2007-11-27 21:34      95,608      --a------      C:\WINDOWS\system32\AvastSS.scr
2007-11-27 21:34      94,416      --a------      C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-27 21:34      92,848      --a------      C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-27 21:34      42,912      --a------      C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-27 21:34      26,624      --a------      C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-27 21:34      23,152      --a------      C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-27 21:02      <DIR>      d--------      C:\My iPod
2007-11-27 19:50      <DIR>      d--------      C:\Program Files\ffdshow
2007-11-27 19:50      7,680      --a------      C:\WINDOWS\system32\ff_vfw.dll
2007-11-27 19:50      547      --a------      C:\WINDOWS\system32\ff_vfw.dll.manifest
2007-11-27 19:34      <DIR>      d--------      C:\Program Files\Virtual Dub
2007-11-22 15:35      <DIR>      d--------      C:\Program Files\Xvid
2007-11-22 14:44      <DIR>      d--------      C:\Program Files\Lame MP3 Codec
2007-11-22 14:44      1,048,576      --a------      C:\WINDOWS\system32\lameACM.acm
2007-11-22 14:44      65,024      --a------      C:\WINDOWS\IFinst26.exe
2007-11-22 14:43      <DIR>      d--------      C:\Program Files\LG Media Center
2007-11-21 10:31      <DIR>      d--------      C:\Documents and Settings\Sarah Hadlow\Application Data\Mattel
2007-11-17 14:01      <DIR>      d--------      C:\Program Files\iriverter
2007-11-05 13:53      <DIR>      d--------      C:\Program Files\Microsoft ActiveSync

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-28 01:55      ---------      d-----w      C:\Program Files\PowerArchiver
2007-11-28 00:06      ---------      d-----w      C:\Program Files\PC Connectivity Solution
2007-11-27 11:13      ---------      d--h--w      C:\Program Files\InstallShield Installation Information
2007-11-27 11:13      ---------      d-----w      C:\Program Files\FoxyTunes
2007-11-27 10:55      ---------      d-----w      C:\Program Files\eMule
2007-11-27 10:14      ---------      d-----w      C:\Program Files\Replay Converter
2007-11-24 12:14      ---------      d-----w      C:\Program Files\Common Files\Macromedia Shared
2007-11-24 12:13      ---------      d-----w      C:\Program Files\Macromedia
2007-11-24 12:08      ---------      d-----w      C:\Program Files\Common Files\Macromedia
2007-11-09 09:48      ---------      d-----w      C:\Program Files\EA GAMES
2007-11-08 08:05      ---------      d-----w      C:\Program Files\iTunes
2007-11-08 08:05      ---------      d-----w      C:\Program Files\iPod
2007-11-08 08:04      ---------      d-----w      C:\Program Files\QuickTime
2007-11-05 09:31      ---------      d-----w      C:\Program Files\TMX
2007-11-01 06:52      ---------      d-----w      C:\Program Files\Google
2007-10-26 02:54      ---------      d-----w      C:\Program Files\Java
2007-10-26 00:54      ---------      d-----w      C:\Program Files\ModTheSims2.com
2007-10-20 03:28      ---------      d-----w      C:\Program Files\Boardmaker with SD Pro
2007-10-17 23:05      ---------      d-----w      C:\Program Files\SlySoft
2007-10-12 21:41      ---------      d-----w      C:\Documents and Settings\Sarah Hadlow\Application Data\Jasc
2007-10-12 10:48      ---------      d-----w      C:\Documents and Settings\Sarah Hadlow\Application Data\uTorrent
2007-10-05 02:54      ---------      d-----w      C:\Program Files\Virtools
2007-04-09 18:37      0      ----a-w      C:\Documents and Settings\Sarah Hadlow\Application Data\wklnhst.dat
2005-09-24 15:49      12,288      ----a-w      C:\WINDOWS\Fonts\RandFont.dll
2006-11-08 19:59      22      --sha-w      C:\WINDOWS\SMINST\HPCD.sys
2005-07-14 18:31      27,648      --sha-w      C:\WINDOWS\system32\AVSredirect.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 07:00]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 15:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 22:17]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 22:13]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 22:17]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-03 01:02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 15:22]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-06-23 16:43]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-02 17:21]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 12:50]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 12:23]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 23:00]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 23:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 23:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 23:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 23:00]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-14 21:16]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-29 05:21]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-25 02:39:30]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 06:05:56]

[color=red]SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrbsvsd.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-22 03:27:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-28 15:21:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????[??????`?@?????L?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-28 15:22:12 - machine was rebooted
.
      --- E O F ---




HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:29:59 PM, on 28/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Sarah Hadlow\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=presario&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://javajunkie80.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Unknown owner - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (file missing)

--
End of file - 10018 bytes


0
 

Author Comment

by:anthrogirl
Comment Utility
AVG INSTALLED!

I've just had to finish making the chicken coop but came back after Combo Fix etc and AVG installed properly and is protecting my computer.
I will stick with AVG.

If anyone can see anything else going on with my computer through the logs, please let me know.  I'd love to not have anything else go wrong in the next few weeks.

0
 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
Ahh, that's good news, thought ComboFix would improve the situation !

Your HijackThis log now looks very clean.  Although not essential, you may wish to fix these two 'harmless' entries >

O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
0
 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
Your clean log file, should you wish to view it >>
http://www.hijackthis.de/logfiles/a93a47ac2daf1522780eb66631a3d991.html

Good luck with your Uni work in the next few weeks!
0
 

Author Comment

by:anthrogirl
Comment Utility
It was very good.  I'll keep it in mind for next time.

The weather channel is my weather plug-in for IE7 - I can't be bothered looking out the window.  

Spybot S&D found some adware etc on the comptuer which I removed.  And the safeboot registry key was damaged (I saw that in the combo fix log).  I fixed that and can now boot to safe mode too!

my internet is running MUCH faster and I'm no longer considering changing ISP's because of the slack speed.
0
 

Author Comment

by:anthrogirl
Comment Utility
Thanks so much to everyone who helped me out.  I really do appreciate it.  You've saved me $50 and the loss of my uni work!  I get my grades on Friday, but I worked SO hard this semester and still havent' backed up my papers and essays etc.
0
 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
> still havent' backed up my papers and essays etc<
Guess you'll be making that top priority now!

Another very good Malware scanner for your 'Toolkit' is Ad-Aware 2007 7.0.2.5.  
As per normal, update before scanning >>
http://www.majorgeeks.com/Ad-Aware_SE_Personal_d506.html

More recently, Superantispyware has become a very popular anti-Malware scanner >
http://www.superantispyware.com/
0
 

Author Comment

by:anthrogirl
Comment Utility
Excellent!
I will get them and add it to the list of programs I'm going to put onto a CD for further problems if they occur.

So far I've got HTJ
Combo Fix
Spybot S&D
Avast Free
AVG Free
Ad-Aware
Superantispyware
Cleanup!

Any others?

Backing up those files is definitely top priority.  I just finished my entire degree and I worked my butt off this semester.  First time for everything ;)
0
 
LVL 47

Expert Comment

by:rpggamergirl
Comment Utility
Glad to know that problem is solved.

I wouldn't suggest keeping Combofix. It should be uninstalled, it's a very powerful tool, it can call batch files, exes, scripts to run.
It's not meant for public use but under guidance of helpers. And the tool is updated often so no gain in keeping it.

Start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
0
 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
Two more good, free, Online virus scanners >
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
and ..
"Housecall Online Free Virus Scanner" (recommended earlier by Johnb6767 :
http://housecall.trendmicro.com
0
 

Author Comment

by:anthrogirl
Comment Utility
I did uninstall it but was going to put it on a disk - won't do that now - thankyou for the information on it.

Thanks for the online ones - might be a good idea to keep them in mind too.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

In this article we have discussed the manual scenarios to recover data from Windows 10 through some backup and recovery tools which are offered by it.
The article will include the best Data Recovery Tools along with their Features, Capabilities, and their Download Links. Hope you’ll enjoy it and will choose the one as required by you.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now