?
Solved

Cannot install anti-virus software or Spyspot S&D etc.  Suspect virus?  HJT logs inside

Posted on 2007-11-27
28
Medium Priority
?
3,457 Views
Last Modified: 2013-12-06
Hi everyone, I'm new here.  
My question hasn't even been answered on other forums and I'm getting desperate.

I think I have a virus.  I use avast! and it scanned a file and said it was fine so I opened it, then avast shut down and I can't get it to work anymore.  I uninstalled and reinstalled, then ran a boot scan which picked up Win32 Downloader-JJ in netsecurity.dll - it was moved to the chest during that process.  When I get into windows, a message flashes up saying that ashServ.exe has had 'unauthorized changes' and is dangerous to run - yes or no?  I've clicked on both and avast doesn't start any time.  I've also tried to install AVG and Spybot, with no luck.  I can't execute the programs and they always go back to the initial installation to restart the install.  The only thing that works is the avast boot scan after i first install it, then it wigs out on me.  
I know there is a virus on my system but without these programs I don't even know what I'm looking for.
I can't find information on Downloader-JJ, and I am currently left unprotected without anti-virus software and am not happy.  

I thought I'd start by posting my HJT log, although I don't see anything hinky with it.  I'm not an expert though.  If someone could help me, I would be eternally greatful

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:31:11 AM, on 28/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Integard\Integard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Integard\IntegardTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Sarah Hadlow\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 127.0.0.2 integard
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [IntegardTray] C:\Program Files\Integard\IntegardTray.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\integard\integard.dll
O10 - Unknown file in Winsock LSP: c:\program files\integard\integard.dll
O10 - Unknown file in Winsock LSP: c:\program files\integard\integard.dll
O10 - Unknown file in Winsock LSP: c:\program files\integard\integard.dll
O10 - Unknown file in Winsock LSP: c:\program files\integard\integard.dll
O10 - Unknown file in Winsock LSP: c:\program files\integard\integard.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=presario&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://javajunkie80.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Integard Service (INTEGARD) - Race River Corporation - C:\Program Files\Integard\Integard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10682 bytes
0
Comment
Question by:anthrogirl
  • 12
  • 7
  • 6
  • +2
28 Comments
 
LVL 66

Expert Comment

by:johnb6767
ID: 20361545
Have you totally uninstalled Avast!?

Overall log looks good....
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 20361564
Have you also tried disabling Integard while trying to install these apps?

Housecall Online Free Virus Scanner
http:\\housecall.trendmicro.com
Great to do an online Scan in Safe Mode w/ networking
0
 

Author Comment

by:anthrogirl
ID: 20361733
I uninstalled integuard and still couldn't install anything.

Also, I can't boot into safe mode.  Windows tells me it was unsuccessful in the last boot and to select a normal windows boot.  That's the only way I have access to the system.

There seems to be no information anywhere on this.  
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:anthrogirl
ID: 20361861
Oh!  An avast won't totally uninstall.  I go to uninstall it from the control panel and it just launches into the setup - like it's not already on the computer.
As you can see from the logs, it is on the computer, but components either aren't running or are missing.

Could this be a new virus on the loose?
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 20361898
You could try LSPFix1 to repair your Winsock 2 settings, if you can download it.  Problem can be caused improperly removed software, resulting in loss of Internet access.

"LSPFix 1":
http://www.cnet.com.au/downloads/0,239030384,10417025s,00.htm

Some information on >INTEGARDTRAY.EXE
http://www.prevx.com/filenames/X572533080950933840-0/INTEGARDTRAY.EXE.html
0
 

Author Comment

by:anthrogirl
ID: 20361966
I haven't lost any access to the internet.  In fact, I haven't lost anything at all as far as I know.
i just can't use any security software, which of course just opens me up to a whole lot of other nasty stuff online.

I am pretty sure that the .exe file that avast scanned as fine and then I opened (and NOTHING HAPPENED when I executed the file) is the problem.  I believe a virus or trojan or something was released onto my computer and i'm fairly sure it must be pretty new because no-one else, bar one or two I've now found, has this problem and there have been no solutions other than to reinstall windows.  This is drastic for me as I have all of my uni work on it.  I am in the process of backing up...but I'd love to be able to fix this without reinstalling.

The things I need to overcome to remove it are:
*  Finding out what it is and where it is
*  No use of anti-virus software as it's disabled
*  No use of safe mode.

0
 
LVL 27

Accepted Solution

by:
Jonvee earned 1000 total points
ID: 20362044
>other than to reinstall windows<    that's pretty drastic & hopefully not necessary.

Have you tried 'Stinger', a utility that cleans the system of viruses that block anti virus software. Suggest you run it to make sure that disabling viruses are not present >
http://vil.nai.com/vil/stinger/

If unsuccessful we could try a rootkit search.  You could run Combofix.
Download ComboFix and save to your Desktop >
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double click "combofix.exe" and follow the prompts.
When it's finished it will have produced a Logfile, probably at C:\ComboFix.txt.
You could post that log together with a HijackThis log, in a reply for us.

Please do not mouseclick combofix's window while its running, it may cause it to hang/stall.

You can uninstall ComboFix as follows >
Start > Run > then type "ComboFix /u" (with no quotes, and space between x and / )
Then hit enter, which should reset the clock settings, re-hide system hidden files, reset System Restore, etc..
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 20362288
It's approaching midnight here, but you're in good hands with John6767.
Please ignore my earlier reference to INTEGARDTRAY.EXE which may not be relevant.  
Then, failing all else, and *before* you start considering a reinstall, you may want to consider what appears to be the only reference to Integard on the net.  It suggested the following >>

Download LSP-Fix from >>
http://cexx.org/lspfix.htm

Then reboot in Safe mode (if you can, by now!)
Run LSP-Fix, then remove Integard.dll from the Winsock LSP chain
Run Regedit, and delete:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesINTEGARD
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunIntegardTray
Reboot.

You may then like to post us another HijackThis log.  Thanks.  Will drop by early tomorrow.
0
 
LVL 66

Assisted Solution

by:johnb6767
johnb6767 earned 600 total points
ID: 20362530
Do you still have that file on your machine that you think dropped a payload on you?

If so.....
upload it here.....

Jotti's malware scan 2.99
http://virusscan.jotti.org/
This is an Online Scanner you can upload suspicious files to for scanning from multiple engines at once....

Turn on your XP Firewall while you are at it, for good measures....

I would start looking at Rootkits.....

Sophos Anti-Rootkit - Find and remove any rootkit that is hidden ...
http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html

RootkitRevealer v1.71
http://www.microsoft.com/technet/sysinternals/Utilities/RootkitRevealer.mspx

0
 
LVL 66

Expert Comment

by:johnb6767
ID: 20362534
Most importantly, run ComboFix, and post the logfile. I am extremely curious as to whatfiles have been modified recently in your C:\Windows, System32 and Drivers folders.....

0
 

Author Comment

by:anthrogirl
ID: 20362653
Stinger returned nothing.

Spoke with my computer guys (was picking up daughter's computer) and they were interested too.

Am going to do the combo fix thing.  This was suggested in another forum too, so definitely my next step.  Computer guys will do a complete wipe and install for me if I don't get it fixed myself - I would do it but working on my own computer freaks me out...

Will post soon with combofix and HJT logs

0
 

Author Comment

by:anthrogirl
ID: 20362682
ComboFix won't run on my computer.  There are no prompts, just a blue DOS type screen with a flashing curser at the beginning.  Nothing is happening at all.

0
 
LVL 66

Expert Comment

by:johnb6767
ID: 20362831
Just let it sit..... That is it working.....
0
 

Author Comment

by:anthrogirl
ID: 20362839
O...k...will let you know.
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 20362864
"I am pretty sure that the .exe file that avast scanned as fine and then I opened (and NOTHING HAPPENED when I executed the file) is the problem"

LOL...Just reminded me of a few weeks ago, when I almost tanked my main system by playing with a rootkit.....I knew what it was when I downloaded it, and decided to watch what it did.....

Ooops.....
0
 
LVL 6

Expert Comment

by:Hardi
ID: 20362968
I just got the same problem last week.
ComboFix fixed it for me.
One of my trojan files was "srosa" in Windows folder
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 20362986
When did this start happening? Is your System Restore working? you can also try rolling back to a point before the problem started.

You said you uninstalled Integard, but it's still there.

You can fix these entries:
O1 - Hosts: 127.0.0.2 integard
O4 - HKLM\..\Run: [IntegardTray] C:\Program Files\Integard\IntegardTray.exe


Delete this service --> INTEGARD
Go to Start Menu > Run > type

cmd

Press OK then type or copy and paste these commands onto the cmd screen pressing Enter after each line:

sc stop INTEGARD
sc delete INTEGARD

exit


And delete this folder --> c:\program files\integard
You'll probably lose internet connection, if it happens just run LSPfix.
0
 

Author Comment

by:anthrogirl
ID: 20363441
ComboFix took 2 hours to complete.  I too had srosa i believe:


Here are my logs

ComboFix 07-11-19.4 - Sarah Hadlow 2007-11-28 13:16:36.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.565 [GMT 10:00]
Running from: C:\Documents and Settings\Sarah Hadlow\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\exefld
C:\WINDOWS\exefld\50137203.exe
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SROSA
-------\srosa


(((((((((((((((((((((((((   Files Created from 2007-10-28 to 2007-11-28  )))))))))))))))))))))))))))))))
.

2007-11-28 07:22      2,137,600      --a------      C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2007-11-27 23:46      <DIR>      d--------      C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-27 21:34      <DIR>      d--------      C:\Program Files\Alwil Software
2007-11-27 21:34      801,144      --a------      C:\WINDOWS\system32\aswBoot.exe
2007-11-27 21:34      380,928      --a------      C:\WINDOWS\system32\actskin4.ocx
2007-11-27 21:34      95,608      --a------      C:\WINDOWS\system32\AvastSS.scr
2007-11-27 21:34      94,416      --a------      C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-27 21:34      92,848      --a------      C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-27 21:34      42,912      --a------      C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-27 21:34      26,624      --a------      C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-27 21:34      23,152      --a------      C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-27 21:02      <DIR>      d--------      C:\My iPod
2007-11-27 19:50      <DIR>      d--------      C:\Program Files\ffdshow
2007-11-27 19:50      7,680      --a------      C:\WINDOWS\system32\ff_vfw.dll
2007-11-27 19:50      547      --a------      C:\WINDOWS\system32\ff_vfw.dll.manifest
2007-11-27 19:34      <DIR>      d--------      C:\Program Files\Virtual Dub
2007-11-22 15:35      <DIR>      d--------      C:\Program Files\Xvid
2007-11-22 14:44      <DIR>      d--------      C:\Program Files\Lame MP3 Codec
2007-11-22 14:44      1,048,576      --a------      C:\WINDOWS\system32\lameACM.acm
2007-11-22 14:44      65,024      --a------      C:\WINDOWS\IFinst26.exe
2007-11-22 14:43      <DIR>      d--------      C:\Program Files\LG Media Center
2007-11-21 10:31      <DIR>      d--------      C:\Documents and Settings\Sarah Hadlow\Application Data\Mattel
2007-11-17 14:01      <DIR>      d--------      C:\Program Files\iriverter
2007-11-05 13:53      <DIR>      d--------      C:\Program Files\Microsoft ActiveSync

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-28 01:55      ---------      d-----w      C:\Program Files\PowerArchiver
2007-11-28 00:06      ---------      d-----w      C:\Program Files\PC Connectivity Solution
2007-11-27 11:13      ---------      d--h--w      C:\Program Files\InstallShield Installation Information
2007-11-27 11:13      ---------      d-----w      C:\Program Files\FoxyTunes
2007-11-27 10:55      ---------      d-----w      C:\Program Files\eMule
2007-11-27 10:14      ---------      d-----w      C:\Program Files\Replay Converter
2007-11-24 12:14      ---------      d-----w      C:\Program Files\Common Files\Macromedia Shared
2007-11-24 12:13      ---------      d-----w      C:\Program Files\Macromedia
2007-11-24 12:08      ---------      d-----w      C:\Program Files\Common Files\Macromedia
2007-11-09 09:48      ---------      d-----w      C:\Program Files\EA GAMES
2007-11-08 08:05      ---------      d-----w      C:\Program Files\iTunes
2007-11-08 08:05      ---------      d-----w      C:\Program Files\iPod
2007-11-08 08:04      ---------      d-----w      C:\Program Files\QuickTime
2007-11-05 09:31      ---------      d-----w      C:\Program Files\TMX
2007-11-01 06:52      ---------      d-----w      C:\Program Files\Google
2007-10-26 02:54      ---------      d-----w      C:\Program Files\Java
2007-10-26 00:54      ---------      d-----w      C:\Program Files\ModTheSims2.com
2007-10-20 03:28      ---------      d-----w      C:\Program Files\Boardmaker with SD Pro
2007-10-17 23:05      ---------      d-----w      C:\Program Files\SlySoft
2007-10-12 21:41      ---------      d-----w      C:\Documents and Settings\Sarah Hadlow\Application Data\Jasc
2007-10-12 10:48      ---------      d-----w      C:\Documents and Settings\Sarah Hadlow\Application Data\uTorrent
2007-10-05 02:54      ---------      d-----w      C:\Program Files\Virtools
2007-04-09 18:37      0      ----a-w      C:\Documents and Settings\Sarah Hadlow\Application Data\wklnhst.dat
2005-09-24 15:49      12,288      ----a-w      C:\WINDOWS\Fonts\RandFont.dll
2006-11-08 19:59      22      --sha-w      C:\WINDOWS\SMINST\HPCD.sys
2005-07-14 18:31      27,648      --sha-w      C:\WINDOWS\system32\AVSredirect.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 07:00]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 15:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 22:17]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 22:13]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 22:17]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-03 01:02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 15:22]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-06-23 16:43]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-02 17:21]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 12:50]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 12:23]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 23:00]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 23:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 23:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 23:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 23:00]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-14 21:16]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-29 05:21]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-25 02:39:30]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 06:05:56]

[color=red]SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrbsvsd.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-22 03:27:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-28 15:21:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????[??????`?@?????L?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-28 15:22:12 - machine was rebooted
.
      --- E O F ---




HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:29:59 PM, on 28/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Sarah Hadlow\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=presario&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://javajunkie80.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Unknown owner - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (file missing)

--
End of file - 10018 bytes


0
 

Author Comment

by:anthrogirl
ID: 20363643
AVG INSTALLED!

I've just had to finish making the chicken coop but came back after Combo Fix etc and AVG installed properly and is protecting my computer.
I will stick with AVG.

If anyone can see anything else going on with my computer through the logs, please let me know.  I'd love to not have anything else go wrong in the next few weeks.

0
 
LVL 27

Expert Comment

by:Jonvee
ID: 20363924
Ahh, that's good news, thought ComboFix would improve the situation !

Your HijackThis log now looks very clean.  Although not essential, you may wish to fix these two 'harmless' entries >

O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 20363954
Your clean log file, should you wish to view it >>
http://www.hijackthis.de/logfiles/a93a47ac2daf1522780eb66631a3d991.html

Good luck with your Uni work in the next few weeks!
0
 

Author Comment

by:anthrogirl
ID: 20363969
It was very good.  I'll keep it in mind for next time.

The weather channel is my weather plug-in for IE7 - I can't be bothered looking out the window.  

Spybot S&D found some adware etc on the comptuer which I removed.  And the safeboot registry key was damaged (I saw that in the combo fix log).  I fixed that and can now boot to safe mode too!

my internet is running MUCH faster and I'm no longer considering changing ISP's because of the slack speed.
0
 

Author Comment

by:anthrogirl
ID: 20363974
Thanks so much to everyone who helped me out.  I really do appreciate it.  You've saved me $50 and the loss of my uni work!  I get my grades on Friday, but I worked SO hard this semester and still havent' backed up my papers and essays etc.
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 20364010
> still havent' backed up my papers and essays etc<
Guess you'll be making that top priority now!

Another very good Malware scanner for your 'Toolkit' is Ad-Aware 2007 7.0.2.5.  
As per normal, update before scanning >>
http://www.majorgeeks.com/Ad-Aware_SE_Personal_d506.html

More recently, Superantispyware has become a very popular anti-Malware scanner >
http://www.superantispyware.com/
0
 

Author Comment

by:anthrogirl
ID: 20364030
Excellent!
I will get them and add it to the list of programs I'm going to put onto a CD for further problems if they occur.

So far I've got HTJ
Combo Fix
Spybot S&D
Avast Free
AVG Free
Ad-Aware
Superantispyware
Cleanup!

Any others?

Backing up those files is definitely top priority.  I just finished my entire degree and I worked my butt off this semester.  First time for everything ;)
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 20364725
Glad to know that problem is solved.

I wouldn't suggest keeping Combofix. It should be uninstalled, it's a very powerful tool, it can call batch files, exes, scripts to run.
It's not meant for public use but under guidance of helpers. And the tool is updated often so no gain in keeping it.

Start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 20364923
Two more good, free, Online virus scanners >
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
and ..
"Housecall Online Free Virus Scanner" (recommended earlier by Johnb6767 :
http://housecall.trendmicro.com
0
 

Author Comment

by:anthrogirl
ID: 20368851
I did uninstall it but was going to put it on a disk - won't do that now - thankyou for the information on it.

Thanks for the online ones - might be a good idea to keep them in mind too.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
If you are like me and like multiple layers of protection, read on!
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question