Solved Lsass.exe and Services.exe Bad Image messages - DLL is not valid

wiggles123 · Sep 4, 2011

Hi, I am pretty much a novice with computers and would like help with fixing the problem I have right now.
When I turn on my laptop, I am getting 2 messages that pop up before I get to the windows log in screen.
The messages are: 1) "lsass.exe - Bad Image The application or DLL C:\Progra~1\Google\Google~1\GOEC62~1.DLL is not valid Windows image. Please check against your installation..." and 2) "Services.exe - Bad Image The application or DLL C:\Progra~1\Google\Google~1\GOEC62~1.DLL is not valid Windows image. Please check against your installation..."

I did some searching online about this and came across the TechSpot website. I have followed the 6 step prelim virus/spyware/malware removal instructions and would like help with determining if my laptop is infected or has another type of problem. The requested logs are below.
Any help with this matter is greatly appreciated. Thank you!

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7647

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

04/09/2011 3:24:09 AM
mbam-log-2011-09-04 (03-24-09).txt

Scan type: Quick scan
Objects scanned: 194865
Time elapsed: 8 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-09-04 03:38:29
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 SAMSUNG_HM060HC rev.YJ100-15
Running: tx8wkhc4.exe; Driver: C:\DOCUME~1\Vic\LOCALS~1\Temp\uftdypow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Vic at 4:00:51 on 2011-09-04
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.412 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=4061030
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRunOnce: [RunNarrator] Narrator.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{C12390C0-F206-42A3-A431-837F2DF1390F} : DhcpNameServer = 192.168.2.1 192.168.2.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\toolbar\ctbr.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\vic\application data\mozilla\firefox\profiles\mqfp2jaz.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\vic\application data\mozilla\firefox\profiles\mqfp2jaz.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 297168]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-8-24 328536]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2011-8-29 94880]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-12 984392]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2010-12-5 18560]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-10 14336]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-08-11 16:06:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-25 13:44:10 89680 ----a-w- c:\documents and settings\vic\MSSSerif120.fon
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 4:02:18.81 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 06/11/2006 6:19:24 PM
System Uptime: 03/09/2011 4:46:03 PM (12 hours ago)
.
Motherboard: Dell Inc. | | 0RJ272
Processor: Intel(R) Pentium(R) M processor 1.70GHz | Microprocessor | 1695/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 53 GiB total, 11.538 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01C91028&REV_02\4&2FA23535&0&00F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01C91028&REV_02\4&2FA23535&0&00F0
Service: bcm4sbxp
.
==== System Restore Points ===================
.
RP799: 06/06/2011 10:31:32 AM - System Checkpoint
RP800: 09/06/2011 7:28:12 PM - System Checkpoint
RP801: 13/06/2011 6:32:09 PM - System Checkpoint
RP802: 15/06/2011 5:51:39 PM - System Checkpoint
RP803: 15/06/2011 11:52:00 PM - Software Distribution Service 3.0
RP804: 20/06/2011 11:18:09 AM - Removed Apple Software Update
RP805: 20/06/2011 11:43:21 AM - Software Distribution Service 3.0
RP806: 22/06/2011 8:54:23 PM - System Checkpoint
RP807: 24/06/2011 12:20:40 PM - System Checkpoint
RP808: 25/06/2011 2:09:59 PM - System Checkpoint
RP809: 27/06/2011 8:00:42 PM - System Checkpoint
RP810: 29/06/2011 9:24:27 PM - Software Distribution Service 3.0
RP811: 02/07/2011 6:42:40 PM - System Checkpoint
RP812: 04/07/2011 9:06:07 AM - System Checkpoint
RP813: 05/07/2011 10:31:28 PM - System Checkpoint
RP814: 05/07/2011 10:49:19 PM - Software Distribution Service 3.0
RP815: 08/07/2011 3:29:54 PM - System Checkpoint
RP816: 11/07/2011 6:54:12 PM - System Checkpoint
RP817: 13/07/2011 5:04:37 PM - System Checkpoint
RP818: 13/07/2011 5:38:47 PM - Software Distribution Service 3.0
RP819: 14/07/2011 11:29:49 AM - Installed 3DVIA player 5.0
RP820: 15/07/2011 6:33:28 PM - System Checkpoint
RP821: 16/07/2011 8:09:49 PM - System Checkpoint
RP822: 18/07/2011 6:53:52 PM - System Checkpoint
RP823: 20/07/2011 9:37:19 PM - System Checkpoint
RP824: 22/07/2011 11:55:36 AM - System Checkpoint
RP825: 25/07/2011 4:40:12 PM - System Checkpoint
RP826: 26/07/2011 6:01:29 PM - System Checkpoint
RP827: 27/07/2011 10:20:53 PM - System Checkpoint
RP828: 29/07/2011 11:29:15 AM - System Checkpoint
RP829: 30/07/2011 6:49:51 PM - System Checkpoint
RP830: 02/08/2011 6:31:18 PM - System Checkpoint
RP831: 03/08/2011 8:46:31 PM - System Checkpoint
RP832: 03/08/2011 11:55:13 PM - Installed Java(TM) 6 Update 26
RP833: 08/08/2011 12:15:07 PM - System Checkpoint
RP834: 11/08/2011 10:59:34 AM - Software Distribution Service 3.0
RP835: 16/08/2011 4:07:46 PM - System Checkpoint
RP836: 17/08/2011 8:30:42 PM - System Checkpoint
RP837: 20/08/2011 12:41:49 AM - System Checkpoint
RP838: 21/08/2011 3:22:29 AM - System Checkpoint
RP839: 22/08/2011 11:50:20 AM - System Checkpoint
RP840: 24/08/2011 1:35:42 PM - System Checkpoint
RP841: 24/08/2011 3:15:30 PM - Software Distribution Service 3.0
RP842: 24/08/2011 10:44:10 PM - Installed Windows XP KB892130.
RP843: 24/08/2011 10:44:31 PM - Installed %1 %2.
RP844: 24/08/2011 10:44:58 PM - Installed Windows XP Update for Microsoft Windows (KB971513).
RP845: 24/08/2011 10:45:31 PM - Installed %1 %2.
RP846: 24/08/2011 10:51:04 PM - Installed Windows XP KB2447568.
RP847: 24/08/2011 10:52:39 PM - Installed Windows XP KB2492386.
RP848: 27/08/2011 1:13:54 PM - System Checkpoint
RP849: 28/08/2011 9:29:52 PM - System Checkpoint
RP850: 31/08/2011 1:01:11 AM - System Checkpoint
RP851: 01/09/2011 6:28:25 PM - System Checkpoint
RP852: 02/09/2011 11:03:20 PM - System Checkpoint
RP853: 03/09/2011 11:55:34 PM - System Checkpoint
.
==== Installed Programs ======================
.
.
3DVIA player 5.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.1.0
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Advanced SystemCare 4
AVG 2011
Broadcom Management Programs
Canon Camera Access Library
Canon Camera Support Core Library
Canon Easy-PhotoPrint EX
Canon G.726 WMP-Decoder
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator EX 4.1
Canon MX410 series MP Drivers
Canon My Printer
Canon RAW Image Task for ZoomBrowser EX
Canon Solution Menu EX
Canon Speed Dial Utility
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Citrix XenApp Plugin for Hosted Apps
Conexant HDA D110 MDC V.92 Modem
Crawler Toolbar with Web Security Guard
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Reset Tool
Dell Support 3.2
Dell System Restore
Dell Wireless WLAN Card
Digital Line Detect
ffdshow [rev 1355] [2007-07-15]
Garmin City Navigator North America NT 2011.10 Update
Garmin Communicator Plugin with myGarmin Agent
Garmin USB Drivers
High Definition Audio Driver Package - KB835221
Hotfix 2050 for SQL Server 2000 ENU (KB948110)
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver for Mobile
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) 6 Update 5
Java(TM) 6 Update 7
LeapFrog Connect
LeapFrog Tag Junior Plugin
Malwarebytes' Anti-Malware version 1.51.1.1800
Map Button (Windows Live Toolbar)
McAfee SiteAdvisor
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Small Business Edition 2003
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Modem Helper
Mozilla Firefox 6.0.1 (x86 en-US)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4SP2
NetWaiting
OneCare Advisor (Windows Live Toolbar)
Picasa 3
Popup Blocker (Windows Live Toolbar)
PowerDVD 5.9
QuickSet
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
SearchAssist
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype™ 3.5
Smart Menus (Windows Live Toolbar)
Soap 3.0 Toolkit
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Synaptics Pointing Device Driver
UFile 2008
UFile 2009
UFile 2010
UFile Updater 2008
UFile Updater 2009
UFile Updater 2010
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)
VLC media player 1.1.11
WebFldrs XP
Winamp
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Favorites for Windows Live Toolbar
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
Wise Registry Cleaner 6.14
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
30/08/2011 9:22:05 PM, error: Print [19] - Sharing printer failed + 1722, Printer NEC SuperScript 1400 (Copy 2) share name Printer.
02/09/2011 10:36:15 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service.
01/09/2011 5:45:07 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} to the user VICTORIA\Guest SID (S-1-5-21-1437911744-3663186046-1121994624-501). This security permission can be modified using the Component Services administrative tool.
01/09/2011 10:21:12 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Spooler service.
.
==== End Of File ===========================

Bobbye · Sep 4, 2011

Welcome to TechSpot! I'll help get the bad image 'better looking!

My Guidelines: please read and follow:

Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
Read my instructions carefully. If you don't understand or have a problem, ask me.
If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
Follow the order of the tasks I give you. Order is crucial in cleaning process.
File sharing programs should be uninstalled or disabled during the cleaning process..
Observe these:
[o] Don't use any other cleaning programs or scans while I'm helping you.
[o] Don't use a Registry cleaner or make any changes in the Registry.
[o] Don't download and install new programs- except those I give you.
Please let me know if there is any change in the system.

If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
You have several outdated version of Java on the system. These are vulnerabilities. The following will remove all of them. You can then get the latest version v6u27 using the link at the end:
You have multiple old versions of Java and do not have the current version. The best way to handle that is to run the following: Note: I do not want this log!

Please download JavaRa and unzip it to your desktop.

Important!***Please close any instances of Internet Explorer before continuing!***

Double-click on JavaRa.exe to start the program.
From the drop-down menu, choose English and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that
a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location.Note: Do not leave this log.

Download and install then most current version and update of Java RuntimeEnvironment (JRE)HERE.
Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
===========================================
There will also be malware in the Java cache, so it needs to be emptied:
To clear the Java Plug-in cache:

[1]. Click Start > Control Panel.
[2]. Double-click the Java icon in the control panel.

The Java Control Panel appears.

[3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.

[4] Click Delete Files.The Delete Temporary Files dialog box appears.

[5]. Click OK on Delete Temporary Files window.
Note: This deletes all the Downloaded Applications and Applets from the cache.
[6]. Click Apply> OK on Temporary Files Settings window.

Images courtesy java.com
============================================
You will need to temporarily uninstall AVG to run Combofix:
Download AppRemover and save to the desktop

Double click the setup on the desktop> click Next
Select “Remove Security Application”
Let scan finish to determine security apps
A screen like below will appear:
Click on Next after choice has been made
Check the AVG program you want to uninstall
After uninstall shows complete, follow online prompts to Exit the program.

Temporary AV: Use one:
Avira-AntiVir-Personal-Free-Antivirus
Avast Free Version
=============================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

Click START> then RUN
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

Double click combofix.exe & follow the prompts.
ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
.Click on Yes, to continue scanning for malware
.If Combofix asks you to update the program, allow
.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
.Close any open browsers.
.Double click combofix.exe

& follow the prompts to run.
When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
==================================
FYI: you are using 2 Site Advisors- AVG and McAfee: please remove one of them.
You also have several search engines running: Google, Yahoo, Windows Live and Crawler. Since both of the bad image messages appear to be connected to the Google Desktop (GOEC062~1.DLL) try uninstalling it, then reinstalling it.

Please leave the Combofix log in your next reply.

wiggles123 · Sep 4, 2011

Thank you Bobbye for helping me with this issue.
I followed the instructions you provided in your post and in the order it was typed out.
FYI, my default browser is Firefox and during some of the steps you outlined, some things happened that were not described in your post.
For example, when I ran the JavaRa program, it did not produce a notice telling me a log file was created nor a pop up of the log file appeared. I waited awhile and nothing happened as the install screen disappeared, so I went ahead and downloaded the latest Java version 6 update 27. I hope that's ok.
Also, after I downloaded Combofix to my desktop and double clicked it, the program installed the Recovery Console as you outlined, however after that it did a scan and rebooted the laptop by itself (I actually had to go the bathroom during the scan and when i came back, the laptop was at the blue Windows log in screen) Then I logged back in and Combofix blue screen was there with the message "Preparing Log Report". Then a log report was generated and that is the report I have copied below. I hope I did it right since I did not double click the Combofix.exe to run another scan as per your instructions.

The last set of instructions you left was to Uninstall Google desktop (re: GOEC062~1.DLL). I don't think I had that installed as I could not find it in the "Add/Remove Programs" list nor did i find it when I clicked Start --> All Programs. Is this a problem?
I also removed the Windows Live and Crawler Toolbars since you mentioned that I had 4 different ones.
Please let me know if I messed up any of the steps and need to redo something.
Thank you so much!

ComboFix 11-09-04.03 - Vic 04/09/2011 22:49:10.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.649 [GMT -4:00]
Running from: c:\documents and settings\Vic\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\MSI6C.tmp.5e585687.ini
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini.inuse
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini
c:\documents and settings\Ron\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Ron\Local Settings\Application Data\ApplicationHistory\MSI6C.tmp.5e585687.ini
c:\documents and settings\Ron\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Ron\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini.inuse
c:\documents and settings\Ron\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini
c:\documents and settings\Vic\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Vic\Local Settings\Application Data\ApplicationHistory\MSI6C.tmp.5e585687.ini
c:\documents and settings\Vic\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Vic\Local Settings\Application Data\ApplicationHistory\OUTLOOK.EXE.c1b4c359.ini
c:\documents and settings\Vic\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini
c:\documents and settings\Vic\Local Settings\Application Data\ApplicationHistory\SL45.tmp.96e04485.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_USNJSVC
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2011-08-05 to 2011-09-05 )))))))))))))))))))))))))))))))
.
.
2011-09-05 02:24 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-05 02:24 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-05 02:24 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-05 02:24 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-05 02:24 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-05 02:24 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-05 02:24 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-05 02:24 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-05 02:22 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-09-05 02:22 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-05 02:21 . 2011-09-05 02:21 -------- d-----w- c:\program files\AVAST Software
2011-09-05 02:21 . 2011-09-05 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-09-04 07:14 . 2011-09-04 07:14 -------- d-----w- c:\documents and settings\Vic\Application Data\Malwarebytes
2011-09-04 07:13 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-04 07:13 . 2011-09-04 07:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-09-04 07:13 . 2011-09-04 07:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-04 07:13 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-03 17:51 . 2011-08-30 19:41 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-09-03 17:51 . 2011-08-30 19:41 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-08-30 02:42 . 2011-08-30 02:42 -------- d-----w- c:\program files\Common Files\McAfee
2011-08-25 04:58 . 2011-08-25 04:58 -------- d-----w- c:\documents and settings\Vic\Application Data\vlc
2011-08-25 04:56 . 2011-08-25 04:56 -------- d-----w- c:\program files\VideoLAN
2011-08-25 04:08 . 2011-09-03 20:55 -------- d-----w- c:\documents and settings\Vic\Application Data\Wise Registry Cleaner
2011-08-25 04:08 . 2011-08-25 04:08 -------- d-----w- c:\program files\Wise Registry Cleaner
2011-08-25 02:45 . 2011-08-25 02:45 -------- d-----w- c:\windows\system32\winrm
2011-08-25 02:45 . 2011-08-25 02:45 -------- d-----w- c:\windows\system32\GroupPolicy
2011-08-25 02:45 . 2011-08-25 02:46 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-08-25 01:59 . 2011-08-25 01:59 -------- d-----w- c:\documents and settings\Vic\Application Data\IObit
2011-08-25 01:59 . 2011-08-25 01:59 -------- d-----w- c:\program files\IObit
2011-08-15 16:51 . 2011-08-15 16:51 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEPPEX2
2011-08-15 16:51 . 2011-08-15 16:51 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonEPP
2011-08-15 16:50 . 2011-08-15 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Canon IJ Network Tool
2011-08-15 16:49 . 2010-09-13 18:42 114688 ----a-w- c:\windows\system32\CNC410I.dll
2011-08-15 16:49 . 2010-09-13 18:44 106496 ----a-w- c:\windows\system32\CNC410U.dll
2011-08-15 16:49 . 2010-09-13 18:42 1347584 ----a-w- c:\windows\system32\CNC410C.dll
2011-08-15 16:49 . 2010-09-06 21:03 315392 ----a-w- c:\windows\system32\CNC410L.dll
2011-08-15 16:49 . 2011-08-15 16:49 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJFAX
2011-08-15 16:38 . 2011-08-15 16:38 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2011-08-15 16:38 . 2011-08-15 16:38 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-08-15 16:38 . 2010-09-07 01:58 180224 ----a-w- c:\windows\system32\CNMIUAL.DLL
2011-08-15 16:37 . 2011-08-15 16:37 -------- d--h--w- c:\program files\CanonBJ
2011-08-15 16:22 . 2011-08-15 16:22 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJSolutionMenuEX
2011-08-15 15:05 . 2008-08-25 22:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2011-08-15 15:01 . 2011-08-15 16:44 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJWSpt
2011-08-15 14:56 . 2010-10-21 09:00 257024 ----a-w- c:\windows\system32\CNCALAL.DLL
2011-08-15 14:56 . 2010-09-20 09:00 74752 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAL.DLL
2011-08-15 14:56 . 2010-09-20 09:00 28672 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAL.DLL
2011-08-15 14:56 . 2010-09-20 09:00 303104 ----a-w- c:\windows\system32\CNMLMAL.DLL
2011-08-15 14:55 . 2011-08-15 14:55 -------- d-----w- c:\windows\system32\STRING
2011-08-15 14:55 . 2010-09-08 07:26 34816 ----a-w- c:\windows\system32\CNMNPUI.DLL
2011-08-15 14:55 . 2010-09-08 07:26 342016 ----a-w- c:\windows\system32\CNMNPPM.DLL
2011-08-10 23:33 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 23:33 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-04 13:33 . 2011-04-06 23:47 89680 ----a-w- c:\documents and settings\Vic\MSSSerif120.fon
2011-08-11 16:06 . 2011-06-08 23:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-19 09:05 . 2010-07-27 18:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-19 06:40 . 2008-05-25 06:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-15 13:29 . 2006-10-30 19:40 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-10 18:51 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2004-08-10 19:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-08-10 18:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-10 18:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-08-10 18:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-10 18:51 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-10 18:51 293376 ----a-w- c:\windows\system32\winsrv.dll
2008-08-16 21:42 . 2008-08-16 21:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 21:42 . 2008-08-16 21:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 21:42 . 2008-08-16 21:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 21:42 . 2008-08-16 21:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 21:43 . 2008-08-16 21:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 21:42 . 2008-08-16 21:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 21:42 . 2008-08-16 21:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 12:41 . 2008-05-21 12:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 12:41 . 2008-05-21 12:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 12:41 . 2008-05-21 12:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 17:58 . 2008-06-05 17:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 21:42 . 2008-08-16 21:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2011-08-30 22:59 . 2011-09-03 17:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-07-25 17:08 2569616 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2010-09-14 22:09 1213848 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2006-08-04 00:51 1032192 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2006-04-06 14:51 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-15 02:46 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-15 02:50 114688 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-15 02:49 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScannerSelectorEX]
2010-09-09 18:38 452016 ----a-w- c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 08:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2010-11-19 18:38 193880 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyGarminAgent]
2010-03-16 13:36 337256 ----a-w- c:\program files\Garmin\MyGarminAgent\myGarminAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-09-01 20:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 17:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-03-09 00:48 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-05-22 14:00 273544 ----a-w- c:\program files\Real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-01-15 22:54 37376 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*

isabled:Windows Remote Management
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [04/09/2011 10:24 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [04/09/2011 10:24 PM 309848]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [24/08/2011 9:59 PM 328536]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/09/2011 10:24 PM 19544]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [29/08/2011 10:42 PM 94880]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [05/12/2010 7:10 PM 18560]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [10/08/2004 2:51 PM 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWSNX
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-05 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
.
2011-09-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1437911744-3663186046-1121994624-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-09-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1437911744-3663186046-1121994624-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Vic\Application Data\Mozilla\Firefox\Profiles\mqfp2jaz.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d039710&v=7.007.026.001&i=23&tp=ab&iy=b&ychte=ca&lng=en-US&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-04 22:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3564)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\sitead~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\rundll32.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
.
**************************************************************************
.
Completion time: 2011-09-04 23:07:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-05 03:07
.
Pre-Run: 12,981,485,568 bytes free
Post-Run: 13,199,241,216 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 3E2DAE91D371B1431702B7C9EC945BCE

wiggles123 · Sep 5, 2011

Hi Bobbye, one more thing I wanted to note was that I just restarted my laptop and I noticed that the 2 "Bad Image" messages I was getting are no longer popping up.
I look forward to your additional instructions to make sure everything is cleaned up. Thanks!

Bobbye · Sep 5, 2011

Sounds like Combofix was just one step ahead of you. The log looks god though, so don't worry.

I'm trying to remove some of the excess search and start pages you have. Many are close to duplicates and you don't need 2 processes running.

The improvement was most likely due to the deletions in Combofix. I'm almost finished setting up some script for you to run in Combofix.

Please check Add/Remove Programs and make sure the only version of Java is v6u27> The multiple versions are still showing in the add ons. I can remove these if needed.

Since the Google Desktop 'bad image' messages are gone, we'll cross that off the worry list!
====================================
About the antivirus programs:
1. AVG on system when we began
2. Uninstall AVG
3. Installed temporary Avast 9/5/2011
***If you had McAfee Security, it appears that you did not uninstall it properly. Please run this to remove it:
Uninstall: McAfee Removal
4. McAfee installed 8/30/2011
McAfee SiteAdvisor Service now running
McAfee spam running
**********************
5. Installed c:\program files\Wise Registry Cleaner<<<< Please uninstall- we don't recommend that anyone use a registry cleaner.
6. Installed c:\program files\IObit for Advanced System Care<<<<Please uninstall- this program is not good to have on the system- their home site is also poorly rated.
========================
Please run the following online virus scan while I finish up the script:

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESETOnlineScan
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
[o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
[o] Double click on the

on your desktop.
Check 'Yes I accept terms of use.'
Click Start button
Accept any security warnings from your browser.
Uncheck 'Remove found threats'
Check 'Scan archives/
Leave remaining settings as is.
Press the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
When the scan completes, press List of found threats
Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
Push the Back button
Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

wiggles123 · Sep 5, 2011

Hi Bobbye,
I followed your instructions again and went into the Add/Remove Programs and removed the older Java version. But I also saw several "J2SE Runtime Environment 5.0 Updates" listed - should these be removed as well?
I then uninstalled the McAfee Site advisor and then ran the McAfee removal program as per your link to remove all McAfee related programs. I also removed the WISE registry cleaner and IObit programs.
Then I ran the ESET scanner and good news, no malware/infections found so no log to show you.

I'll be waiting for your next set of instructions. Thank you!

Bobbye · Sep 5, 2011

Update me on the system. Are the original problem resolved? Are there any new problems?

wiggles123 · Sep 6, 2011

Hi Bobbye,
Everything seems to be running fine now. I have not had the original Bad Image messages pop up anymore during boot up or restarts. I have not noticed any new problems either. Anything else I need to do? You mentioned some script to run in ComboFix. Thanks.

wiggles123 · Sep 7, 2011

Hi Bobbye, just another quick system update. The original problem has not shown up today. Things seem to be running fine.

Bobbye · Sep 10, 2011

Thanks for your patience. I think there was a conspiracy to keep me off the computer because it's been one thing after another!
Please run this Custom CFScript:

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

Code:

KIllAll::
File::
Folder::
c:\documents and settings\Vic\Application Data\Wise Registry Cleaner
c:\program files\Wise Registry Cleaner
c:\documents and settings\Vic\Application Data\IObit
c:\program files\IObit
DDS::
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
mSearchAssistant = hxxp://www.google.com/ie
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: 1 (0x1) - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"=-
"Search Protection"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"=-
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScannerSelectorEX]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Recommend you stop all of the following Tasks:

2011-09-05 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
.
2011-09-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1437911744-3663186046-1121994624-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-09-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1437911744-3663186046-1121994624-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

Click on Start> Run> type in cmd> enter> at the blinking C Prompt type in each of the following with 'enter' after each:
Note: there is a space before each /

Code:

schtasks /end /RealUpgradeLogon

schtasks /end /RealUpgradeScheduledTasks

schtasks /end /MSNTBUP.EXE

In response, SchTasks.exe stops the instance of Notepad.exe that the task started, and it displays the following success message:

SUCCESS: The Scheduled Task "xxxxxx" has been terminated successfully.

If you have a problem or want to see other options, check HERE for the specific Commands.
===========================================
Then run this to make sure all the bad entries have been removed:
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.

Extract it to a directory on your hard drive called c:\HijackThis.
Then navigate to that directory and double-click on the hijackthis.exe file.
When started click on the Scan button and then the Save Log button to create a log of your information.
The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

.

wiggles123 · Sep 10, 2011

Hi Bobbye,
No problem about the delay. Everyone is busy these days and you are taking time out to help me out so it is greatly appreciated.
I ran the ComboFix script as you instructed and have the log, but I'll post in my next reply because I ran into a slight problem with the next step you gave me.
I tried stopping the 3 tasks you listed using the "cmd" method as you described, but got the messages below. So I'm not sure what to do now. I tried the link you attached but it took me to microsoft page that had many links and I looked at some of them and I couldn't make sense out of it. What am I doing wrong here?

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Vic>schtasks /end /RealUpgradeLogon
'schtasks' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\Vic>schtasks /end /RealUpgradeScheduledTasks
'schtasks' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\Vic>schtasks /end /MSNTBUP.EXE
'schtasks' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\Vic>

Bobbye · Sep 11, 2011

Okay, let just do it the old fashion way: if you use the Real Player, you can keep it:

REAL PLAYER:
1. UNCHECK all 'Real', Real Player' and 'Real One' entries on the Startup menu
2. If you use Real Player disable the auto-update feature in your Tools- Preferences- Automatic Services- AutoUpdate (In RealPlayer).
3. Right click on Start> Explore> Programs> Common> Real Update> right click> delete the file "realshed.exe"

If you get any error message about the program being in use< you can do one of 2 things:
1. Boot into Safe Mode to do the above
or
2. Open the Task Manager> Processes tab> highlight> End Task on any RP processes.

wiggles123 · Sep 11, 2011

Hi Bobbye,
I actually removed the RealPlayer progrma since I do not use it often, so I hope that solves that issue of it starting up on its own.

Here is the ComboFix log and HijackThis log as requested.

ComboFix 11-09-10.03 - Vic 10/09/2011 15:30:07.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.656 [GMT -4:00]
Running from: c:\documents and settings\Vic\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Vic\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Vic\Application Data\IObit
c:\documents and settings\Vic\Application Data\IObit\Advanced SystemCare V4\AutoSweep.ini
c:\documents and settings\Vic\Application Data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-08-24(23-42-21).reg
c:\documents and settings\Vic\Application Data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-09-03(13-34-06).reg
c:\documents and settings\Vic\Application Data\IObit\Advanced SystemCare V4\Ignore.ini
c:\documents and settings\Vic\Application Data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-08-24(23-42-21).txt
c:\documents and settings\Vic\Application Data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-09-03(13-34-06).txt
c:\documents and settings\Vic\Application Data\IObit\Advanced SystemCare V4\Main.ini
c:\documents and settings\Vic\Application Data\IObit\Advanced SystemCare V4\PMonitor\Config.ini
c:\documents and settings\Vic\Application Data\IObit\Uninstall Unwanted Apps.lnk
c:\program files\bae\BAE.dll
c:\program files\IObit
c:\program files\IObit\Advanced SystemCare 4\checkinfo.txt
c:\program files\IObit\Advanced SystemCare 4\DiskScan.log
c:\program files\IObit\Advanced SystemCare 4\LatestNews\imagenews.png
c:\program files\IObit\Advanced SystemCare 4\LatestNews\LatestNews.ini
c:\program files\IObit\Advanced SystemCare 4\License.dat
c:\program files\IObit\Advanced SystemCare 4\Update\Update.Ini
c:\program files\yahoo!\search protection\SearchProtection.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-08-10 to 2011-09-10 )))))))))))))))))))))))))))))))
.
.
2011-09-05 21:45 . 2011-09-05 21:45 -------- d-----w- c:\program files\ESET
2011-09-05 02:24 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-05 02:24 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-05 02:24 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-05 02:24 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-05 02:24 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-05 02:24 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-05 02:24 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-05 02:24 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-05 02:22 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-09-05 02:22 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-05 02:21 . 2011-09-05 02:21 -------- d-----w- c:\program files\AVAST Software
2011-09-05 02:21 . 2011-09-05 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-09-04 07:14 . 2011-09-04 07:14 -------- d-----w- c:\documents and settings\Vic\Application Data\Malwarebytes
2011-09-04 07:13 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-04 07:13 . 2011-09-04 07:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-09-04 07:13 . 2011-09-04 07:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-04 07:13 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-03 17:51 . 2011-08-30 19:41 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-09-03 17:51 . 2011-08-30 19:41 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-09-03 10:17 . 2011-09-03 10:17 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
2011-08-25 04:58 . 2011-08-25 04:58 -------- d-----w- c:\documents and settings\Vic\Application Data\vlc
2011-08-25 04:56 . 2011-08-25 04:56 -------- d-----w- c:\program files\VideoLAN
2011-08-25 02:45 . 2011-08-25 02:45 -------- d-----w- c:\windows\system32\winrm
2011-08-25 02:45 . 2011-08-25 02:45 -------- d-----w- c:\windows\system32\GroupPolicy
2011-08-25 02:45 . 2011-08-25 02:46 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-08-15 16:51 . 2011-08-15 16:51 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEPPEX2
2011-08-15 16:51 . 2011-08-15 16:51 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonEPP
2011-08-15 16:50 . 2011-08-15 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Canon IJ Network Tool
2011-08-15 16:49 . 2010-09-13 18:42 114688 ----a-w- c:\windows\system32\CNC410I.dll
2011-08-15 16:49 . 2010-09-13 18:44 106496 ----a-w- c:\windows\system32\CNC410U.dll
2011-08-15 16:49 . 2010-09-13 18:42 1347584 ----a-w- c:\windows\system32\CNC410C.dll
2011-08-15 16:49 . 2010-09-06 21:03 315392 ----a-w- c:\windows\system32\CNC410L.dll
2011-08-15 16:49 . 2011-08-15 16:49 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJFAX
2011-08-15 16:38 . 2011-08-15 16:38 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2011-08-15 16:38 . 2011-08-15 16:38 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-08-15 16:38 . 2010-09-07 01:58 180224 ----a-w- c:\windows\system32\CNMIUAL.DLL
2011-08-15 16:37 . 2011-08-15 16:37 -------- d--h--w- c:\program files\CanonBJ
2011-08-15 16:22 . 2011-08-15 16:22 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJSolutionMenuEX
2011-08-15 15:05 . 2008-08-25 22:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2011-08-15 15:01 . 2011-08-15 16:44 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJWSpt
2011-08-15 14:56 . 2010-10-21 09:00 257024 ----a-w- c:\windows\system32\CNCALAL.DLL
2011-08-15 14:56 . 2010-09-20 09:00 74752 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAL.DLL
2011-08-15 14:56 . 2010-09-20 09:00 28672 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAL.DLL
2011-08-15 14:56 . 2010-09-20 09:00 303104 ----a-w- c:\windows\system32\CNMLMAL.DLL
2011-08-15 14:55 . 2011-08-15 14:55 -------- d-----w- c:\windows\system32\STRING
2011-08-15 14:55 . 2010-09-08 07:26 34816 ----a-w- c:\windows\system32\CNMNPUI.DLL
2011-08-15 14:55 . 2010-09-08 07:26 342016 ----a-w- c:\windows\system32\CNMNPPM.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-04 13:33 . 2011-04-06 23:47 89680 ----a-w- c:\documents and settings\Vic\MSSSerif120.fon
2011-09-03 10:17 . 2004-08-10 18:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-11 16:06 . 2011-06-08 23:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-19 09:05 . 2010-07-27 18:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-19 06:40 . 2008-05-25 06:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-15 13:29 . 2006-10-30 19:40 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-10 18:51 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2004-08-10 19:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-08-10 18:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-10 18:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-08-10 18:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-10 18:51 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-10 18:51 293376 ----a-w- c:\windows\system32\winsrv.dll
2008-08-16 21:42 . 2008-08-16 21:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 21:42 . 2008-08-16 21:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 21:42 . 2008-08-16 21:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 21:42 . 2008-08-16 21:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 21:43 . 2008-08-16 21:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 21:42 . 2008-08-16 21:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 21:42 . 2008-08-16 21:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 12:41 . 2008-05-21 12:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 12:41 . 2008-05-21 12:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 12:41 . 2008-05-21 12:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 17:58 . 2008-06-05 17:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 21:42 . 2008-08-16 21:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2011-09-08 19:23 . 2011-09-03 17:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-05_02.59.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-10 19:44 . 2011-09-10 19:44 16384 c:\windows\temp\Perflib_Perfdata_784.dat
+ 2011-09-10 19:44 . 2011-09-10 19:44 16384 c:\windows\temp\Perflib_Perfdata_708.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-07-25 17:08 2569616 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2010-09-14 22:09 1213848 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2006-08-04 00:51 1032192 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2006-04-06 14:51 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-15 02:46 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-15 02:50 114688 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-15 02:49 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScannerSelectorEX]
2010-09-09 18:38 452016 ----a-w- c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 08:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2010-11-19 18:38 193880 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyGarminAgent]
2010-03-16 13:36 337256 ----a-w- c:\program files\Garmin\MyGarminAgent\myGarminAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-09-01 20:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 17:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-03-09 00:48 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-05-22 14:00 273544 ----a-w- c:\program files\Real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-01-15 22:54 37376 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*

isabled:Windows Remote Management
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [04/09/2011 10:24 PM 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [04/09/2011 10:24 PM 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/09/2011 10:24 PM 20568]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [05/12/2010 7:10 PM 18560]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [10/08/2004 2:51 PM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1437911744-3663186046-1121994624-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-09-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1437911744-3663186046-1121994624-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\documents and settings\Vic\Application Data\Mozilla\Firefox\Profiles\mqfp2jaz.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d039710&v=7.007.026.001&i=23&tp=ab&iy=b&ychte=ca&lng=en-US&q=
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-10 15:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2388)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
.
**************************************************************************
.
Completion time: 2011-09-10 16:00:29 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-10 20:00
ComboFix2.txt 2011-09-05 03:07
.
Pre-Run: 12,615,098,368 bytes free
Post-Run: 12,605,558,784 bytes free
.
- - End Of File - - 8A652F83453FFB9EE65DABA3F0471B21

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:16:40 PM, on 11/09/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=4061030
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7497 bytes

Bobbye · Sep 13, 2011

The Adobe Reader is way out of date. You have v7< current is v10. Please update: Adobe Reader site . Uninstall any earlier updates as they are vulnerabilities.
==========================
Please reopen HijackThis to 'do system scan only.' Check each of the following, if present:
Note: Please print the following> You can use it to help find the Startup processes and uncheck using msconfig.

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

Close all Windows except HijackThis and click on "Fix Checked'
========================================
Click on Start> Run> type in services.msc> enter> find each of the following> Double click to open> set Startup Type as given:
JavaQuickStart (jqs) Set to Disabled> Stop the Service
Canon Camera Access Library 8 (CCALib8)> set to Manual
Exit Services
==========================================
Canon puts a large number of processes on the system. None need to start on boot and run in the background: The following are all installed> If any are on the Startup menu they can be unchecked> This will not remove the program- only stop it from starting on boot and running in the background:

Canon Camera Access Library
Canon Camera Support Core Library
Canon Easy-PhotoPrint EX
Canon G.726 WMP-Decoder
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator EX 4.1
Canon MX410 series MP Drivers
Canon My Printer
Canon RAW Image Task for ZoomBrowser EX
Canon Solution Menu EX
Canon Speed Dial Utility
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility

=============================================
Please use Windows Explorer to delete the program for the iObit Advanced SystemCare.[/b[. Stay away from the iObit sites. They are not good sites and are rated poorly.

Any processes for the following can be unchecked on the Startup Meun> Most are auto-updates. The only program I allow to auto-update is the AV program.
=============================================
Combofix is okay> You can remove all of the tools we used and the files and folders they created

Uninstall ComboFix and all Backups of the files it deleted

Click START> then RUN

Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Download OTCleanIt by OldTimer and save it to your Desktop.

Double click OTCleanIt.exe.

Click the CleanUp! button.

Select Yes when the "Begin cleanup Process?" prompt appears.

If you are prompted to Reboot during the cleanup, select Yes.

The tool will delete itself once it finishes.

-----
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
------------------------------------------

You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.

Go to Start > All Programs > Accessories > System Tools

Click "System Restore".

Choose "Create a Restore Point" on the first screen then click "Next".

Give the Restore Point a name> click "Create".

Go back and follow the path to > System Tools.
[*]Choose Disc Cleanup
[*]Click "OK" to select the partition or drive you want.
[*]Click the "More Options" Tab.
[*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Empty the Recycle Bin

Let me know if you have any questions.

wiggles123 · Sep 14, 2011

Hi Bobbye,
Before I go through all your steps, can you clarify 2 things for me.
1 - For the second step you want me to rerun the HijackThis scan and then check those listed items to "Fix checked". Do I do that first and then run the msconfig to stop the same listed items in the Startup process?
2 - For the following step in your process you said "Any processes for the following can be unchecked on the Startup Meun> Most are auto-updates. The only program I allow to auto-update is the AV program." I did not see any thing listed so I am not sure exactly which ones I should uncheck.
Thanks!

Bobbye · Sep 14, 2011

Any processes for the following can be unchecked on the Startup Meun>

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

1. Run HijackThis with the above checked> don't reboot or they will restart if still on startup.
2. Then take those entries off of Startup.

Sorry- that wasn't clear I meant the processes 'above' instead of 'below.' My bad.

wiggles123 · Sep 15, 2011

Hi Bobbye,
I went through all the steps you outlined. I didn't find all the entries you listed below when I reran HijackThis and also in Startup I did not find many of them. I uninstalled everything that you had me download and run over the past week and manually deleted any remaining items not removed in that process. I finally created the new restore point at the end.
I would like to know what your recommendations are for the security and scanning programs I should have installed to prevent future problems (i.e. should I download Malwarebytes again or some other programs and run that periodically) and the routine steps I should take on a regular basis to make sure everything is clean. I know you mentioned in an earlier post that the iObit programs are no good and not to use any registry cleaner. I had those installed based on what I read from CNET and it's editors picks for maintaining a "clean" system that would run more efficiently.
Any last advice on this would be greatly appreciated.
Thank you once again for helping me with cleaning my laptop with your step by step instructions

Bobbye · Sep 19, 2011

I'm so sorry- I got behind and can't seem to catch up! Here are my security recommendations:

Tips for added security and safer browsing: (Links are in Bold Blue)

Browser Security
[o] Safe Settings (Please ignore the suggestion to use the Registry Editor in this section "Creating a Custom Security Zone")
[o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
[o] Replace the Host Files
[o] Google Toolbar Pop Up Blocker
[o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
Have layered Security:
[o]Antivirus :(only one):Both of the following programs are free and known to be good:
[o]Avira-AntiVir-Personal-Free-Antivirus
[o]Avast-Free Antivirus
[o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
[o]Comodo
[o]Zone Alarm
Antimalware: I recommend all of the following:
[o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
[o]Spybot Search & Destroy
Updates: Stay current:
[o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
[o]Adobe Reader Install current, uninstall old.
[o]Java Updates Install current, uninstall old.
Tracking Cookies
Reset Cookie:
[o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
[o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
AdBlock Plus
Easy List
[o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
Do regular Maintenance
Clean the temporary internet files often:
[o] Temporary File Cleaner
[o] ATF Cleaner by Atribune
Restore Points:
[o]See System Restore Guide
Safe Email Handling
[o] Don't open email from anyone you don't know.
[o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
[o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.

Please let me know if you find any bad link.

Let me know if you have any more questions.

wiggles123 · Sep 20, 2011

Hi Bobbye,
Thank you so much for all your help and the security recommendations.
I've installed your recommended programs. But I was wondering since I use Firefox as my main browser, should I install the add-on program called "NoScripts" to Firefox?
Also under your first section "Browser Security", are all those suggestions only related to using Internet Explorer? I read the info in your link for replacing the Host File - does this only apply to using IE or can I also do this with Firefox?
And the link for the "Temporary File Cleaner" appears to be broken.

Bobbye · Sep 20, 2011

You're very welcome.
I also have Firefox as my default browser. Some of the information is more specific to IE- the first 2 under Browser Security are for IE, but most others can also be applied to Firefox. No Scripts is up to you. I don't have it, but I see other that do.

Thank you for the TFC information> this should work: http://oldtimer.geekstogo.com/TFC.exe

The only difference in the links is that old one has 'tfc' and this one has 'TFC'
-------------------------------
If you put the Site Advisor WOT on the system, do a search for Iobit. Click on the small circle next to the color code and it will tell you where they fail in the ratings. I do a lot of searching and have to be very careful of the sites I go to. I am constantly amazed at the number of sites with the red or amber rating.

wiggles123 · Sep 21, 2011

The WOT add on looks helpful so i'm going to use that and I'm going to look into the Host file replacement. Seems a little technical to me when reading the link you sent, but I'll work my way through it and try it.
Thanks once again Bobbye and to the TechSpot team!

Bobbye · Sep 22, 2011

You're welcome.

Peace

Solved Lsass.exe and Services.exe Bad Image messages - DLL is not valid

Posts: 14 +0

Posts: 16,313 +36

Posts: 14 +0

Posts: 14 +0

Posts: 16,313 +36

Posts: 14 +0

Posts: 16,313 +36

Posts: 14 +0

Posts: 14 +0

Posts: 16,313 +36

Posts: 14 +0

Posts: 16,313 +36

Posts: 14 +0

Posts: 16,313 +36

Posts: 14 +0

Posts: 16,313 +36

Posts: 14 +0

Posts: 16,313 +36

Posts: 14 +0

Posts: 16,313 +36

Posts: 14 +0

Posts: 16,313 +36

Similar threads