Lsass.exe and Services.exe Bad Image messages - DLL is not valid

Solved
By wiggles123
Sep 4, 2011
Topic Status:
Not open for further replies.
  1. Hi, I am pretty much a novice with computers and would like help with fixing the problem I have right now.
    When I turn on my laptop, I am getting 2 messages that pop up before I get to the windows log in screen.
    The messages are: 1) "lsass.exe - Bad Image The application or DLL C:\Progra~1\Google\Google~1\GOEC62~1.DLL is not valid Windows image. Please check against your installation..." and 2) "Services.exe - Bad Image The application or DLL C:\Progra~1\Google\Google~1\GOEC62~1.DLL is not valid Windows image. Please check against your installation..."

    I did some searching online about this and came across the TechSpot website. I have followed the 6 step prelim virus/spyware/malware removal instructions and would like help with determining if my laptop is infected or has another type of problem. The requested logs are below.
    Any help with this matter is greatly appreciated. Thank you!


    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7647

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    04/09/2011 3:24:09 AM
    mbam-log-2011-09-04 (03-24-09).txt

    Scan type: Quick scan
    Objects scanned: 194865
    Time elapsed: 8 minute(s), 1 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-09-04 03:38:29
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 SAMSUNG_HM060HC rev.YJ100-15
    Running: tx8wkhc4.exe; Driver: C:\DOCUME~1\Vic\LOCALS~1\Temp\uftdypow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
    Run by Vic at 4:00:51 on 2011-09-04
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.412 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\avgchsvx.exe
    C:\Program Files\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=4061030
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uDefault_Search_URL = hxxp://www.google.com/ie
    mDefault_Page_URL = hxxp://www.yahoo.com/
    mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    mStart Page = hxxp://www.yahoo.com/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
    BHO: 1 (0x1) - No File
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
    TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
    uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    dRunOnce: [RunNarrator] Narrator.exe
    IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
    IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: Crawler Search - tbr:iemenu
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
    IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
    IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
    IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
    DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
    TCP: Interfaces\{C12390C0-F206-42A3-A431-837F2DF1390F} : DhcpNameServer = 192.168.2.1 192.168.2.1
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\toolbar\ctbr.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\vic\application data\mozilla\firefox\profiles\mqfp2jaz.default\
    FF - prefs.js: browser.search.selectedEngine - Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca
    FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mcafee&p=
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\documents and settings\vic\application data\mozilla\firefox\profiles\mqfp2jaz.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
    FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
    FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
    FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 297168]
    R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-8-24 328536]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2011-8-29 94880]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-12 984392]
    S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2010-12-5 18560]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-10 14336]
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2011-08-11 16:06:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-25 13:44:10 89680 ----a-w- c:\documents and settings\vic\MSSSerif120.fon
    2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
    2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
    .
    ============= FINISH: 4:02:18.81 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 06/11/2006 6:19:24 PM
    System Uptime: 03/09/2011 4:46:03 PM (12 hours ago)
    .
    Motherboard: Dell Inc. | | 0RJ272
    Processor: Intel(R) Pentium(R) M processor 1.70GHz | Microprocessor | 1695/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 53 GiB total, 11.538 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Broadcom 440x 10/100 Integrated Controller
    Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01C91028&REV_02\4&2FA23535&0&00F0
    Manufacturer: Broadcom
    Name: Broadcom 440x 10/100 Integrated Controller
    PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01C91028&REV_02\4&2FA23535&0&00F0
    Service: bcm4sbxp
    .
    ==== System Restore Points ===================
    .
    RP799: 06/06/2011 10:31:32 AM - System Checkpoint
    RP800: 09/06/2011 7:28:12 PM - System Checkpoint
    RP801: 13/06/2011 6:32:09 PM - System Checkpoint
    RP802: 15/06/2011 5:51:39 PM - System Checkpoint
    RP803: 15/06/2011 11:52:00 PM - Software Distribution Service 3.0
    RP804: 20/06/2011 11:18:09 AM - Removed Apple Software Update
    RP805: 20/06/2011 11:43:21 AM - Software Distribution Service 3.0
    RP806: 22/06/2011 8:54:23 PM - System Checkpoint
    RP807: 24/06/2011 12:20:40 PM - System Checkpoint
    RP808: 25/06/2011 2:09:59 PM - System Checkpoint
    RP809: 27/06/2011 8:00:42 PM - System Checkpoint
    RP810: 29/06/2011 9:24:27 PM - Software Distribution Service 3.0
    RP811: 02/07/2011 6:42:40 PM - System Checkpoint
    RP812: 04/07/2011 9:06:07 AM - System Checkpoint
    RP813: 05/07/2011 10:31:28 PM - System Checkpoint
    RP814: 05/07/2011 10:49:19 PM - Software Distribution Service 3.0
    RP815: 08/07/2011 3:29:54 PM - System Checkpoint
    RP816: 11/07/2011 6:54:12 PM - System Checkpoint
    RP817: 13/07/2011 5:04:37 PM - System Checkpoint
    RP818: 13/07/2011 5:38:47 PM - Software Distribution Service 3.0
    RP819: 14/07/2011 11:29:49 AM - Installed 3DVIA player 5.0
    RP820: 15/07/2011 6:33:28 PM - System Checkpoint
    RP821: 16/07/2011 8:09:49 PM - System Checkpoint
    RP822: 18/07/2011 6:53:52 PM - System Checkpoint
    RP823: 20/07/2011 9:37:19 PM - System Checkpoint
    RP824: 22/07/2011 11:55:36 AM - System Checkpoint
    RP825: 25/07/2011 4:40:12 PM - System Checkpoint
    RP826: 26/07/2011 6:01:29 PM - System Checkpoint
    RP827: 27/07/2011 10:20:53 PM - System Checkpoint
    RP828: 29/07/2011 11:29:15 AM - System Checkpoint
    RP829: 30/07/2011 6:49:51 PM - System Checkpoint
    RP830: 02/08/2011 6:31:18 PM - System Checkpoint
    RP831: 03/08/2011 8:46:31 PM - System Checkpoint
    RP832: 03/08/2011 11:55:13 PM - Installed Java(TM) 6 Update 26
    RP833: 08/08/2011 12:15:07 PM - System Checkpoint
    RP834: 11/08/2011 10:59:34 AM - Software Distribution Service 3.0
    RP835: 16/08/2011 4:07:46 PM - System Checkpoint
    RP836: 17/08/2011 8:30:42 PM - System Checkpoint
    RP837: 20/08/2011 12:41:49 AM - System Checkpoint
    RP838: 21/08/2011 3:22:29 AM - System Checkpoint
    RP839: 22/08/2011 11:50:20 AM - System Checkpoint
    RP840: 24/08/2011 1:35:42 PM - System Checkpoint
    RP841: 24/08/2011 3:15:30 PM - Software Distribution Service 3.0
    RP842: 24/08/2011 10:44:10 PM - Installed Windows XP KB892130.
    RP843: 24/08/2011 10:44:31 PM - Installed %1 %2.
    RP844: 24/08/2011 10:44:58 PM - Installed Windows XP Update for Microsoft Windows (KB971513).
    RP845: 24/08/2011 10:45:31 PM - Installed %1 %2.
    RP846: 24/08/2011 10:51:04 PM - Installed Windows XP KB2447568.
    RP847: 24/08/2011 10:52:39 PM - Installed Windows XP KB2492386.
    RP848: 27/08/2011 1:13:54 PM - System Checkpoint
    RP849: 28/08/2011 9:29:52 PM - System Checkpoint
    RP850: 31/08/2011 1:01:11 AM - System Checkpoint
    RP851: 01/09/2011 6:28:25 PM - System Checkpoint
    RP852: 02/09/2011 11:03:20 PM - System Checkpoint
    RP853: 03/09/2011 11:55:34 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    .
    3DVIA player 5.0
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 9 ActiveX
    Adobe Help Center 1.0
    Adobe Photoshop CS2
    Adobe Reader 7.1.0
    Adobe Shockwave Player 11.5
    Adobe Stock Photos 1.0
    Advanced SystemCare 4
    AVG 2011
    Broadcom Management Programs
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Easy-PhotoPrint EX
    Canon G.726 WMP-Decoder
    Canon IJ Network Scanner Selector EX
    Canon IJ Network Tool
    Canon MovieEdit Task for ZoomBrowser EX
    Canon MP Navigator EX 4.1
    Canon MX410 series MP Drivers
    Canon My Printer
    Canon RAW Image Task for ZoomBrowser EX
    Canon Solution Menu EX
    Canon Speed Dial Utility
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC
    Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities EOS Utility
    Canon Utilities MyCamera
    Canon Utilities MyCamera DC
    Canon Utilities PhotoStitch
    Canon Utilities RemoteCapture DC
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    Citrix XenApp Plugin for Hosted Apps
    Conexant HDA D110 MDC V.92 Modem
    Crawler Toolbar with Web Security Guard
    Critical Update for Windows Media Player 11 (KB959772)
    Dell Driver Reset Tool
    Dell Support 3.2
    Dell System Restore
    Dell Wireless WLAN Card
    Digital Line Detect
    ffdshow [rev 1355] [2007-07-15]
    Garmin City Navigator North America NT 2011.10 Update
    Garmin Communicator Plugin with myGarmin Agent
    Garmin USB Drivers
    High Definition Audio Driver Package - KB835221
    Hotfix 2050 for SQL Server 2000 ENU (KB948110)
    Hotfix 2055 for SQL Server 2000 ENU (KB960082)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) Graphics Media Accelerator Driver for Mobile
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java Auto Updater
    Java(TM) 6 Update 26
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    LeapFrog Connect
    LeapFrog Tag Junior Plugin
    Malwarebytes' Anti-Malware version 1.51.1.1800
    Map Button (Windows Live Toolbar)
    McAfee SiteAdvisor
    MCU
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office File Validation Add-In
    Microsoft Office Outlook 2003 with Business Contact Manager Update
    Microsoft Office Small Business Edition 2003
    Microsoft Office Standard Edition 2003
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Silverlight
    Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Modem Helper
    Mozilla Firefox 6.0.1 (x86 en-US)
    MSN
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML4SP2
    NetWaiting
    OneCare Advisor (Windows Live Toolbar)
    Picasa 3
    Popup Blocker (Windows Live Toolbar)
    PowerDVD 5.9
    QuickSet
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    SearchAssist
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Skype™ 3.5
    Smart Menus (Windows Live Toolbar)
    Soap 3.0 Toolkit
    Sonic DLA
    Sonic MyDVD LE
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    Synaptics Pointing Device Driver
    UFile 2008
    UFile 2009
    UFile 2010
    UFile Updater 2008
    UFile Updater 2009
    UFile Updater 2010
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows Internet Explorer 8 (KB971180)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2492386)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    URL Assistant
    Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)
    VLC media player 1.1.11
    WebFldrs XP
    Winamp
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
    Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Favorites for Windows Live Toolbar
    Windows Live Messenger
    Windows Live Outlook Toolbar (Windows Live Toolbar)
    Windows Live Sign-in Assistant
    Windows Live Toolbar
    Windows Live Toolbar Extension (Windows Live Toolbar)
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows XP Service Pack 3
    Wise Registry Cleaner 6.14
    Yahoo! Browser Services
    Yahoo! Install Manager
    Yahoo! Internet Mail
    Yahoo! Messenger
    Yahoo! Search Protection
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    30/08/2011 9:22:05 PM, error: Print [19] - Sharing printer failed + 1722, Printer NEC SuperScript 1400 (Copy 2) share name Printer.
    02/09/2011 10:36:15 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service.
    01/09/2011 5:45:07 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} to the user VICTORIA\Guest SID (S-1-5-21-1437911744-3663186046-1121994624-501). This security permission can be modified using the Component Services administrative tool.
    01/09/2011 10:21:12 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Spooler service.
    .
    ==== End Of File ===========================
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Welcome to TechSpot! I'll help get the bad image 'better looking!

    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    You have several outdated version of Java on the system. These are vulnerabilities. The following will remove all of them. You can then get the latest version v6u27 using the link at the end:
    You have multiple old versions of Java and do not have the current version. The best way to handle that is to run the following: Note: I do not want this log!

    Please download JavaRa and unzip it to your desktop.

    Important!***Please close any instances of Internet Explorer before continuing!***
    • Double-click on JavaRa.exe to start the program.
    • From the drop-down menu, choose English and click on Select.
    • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
    • Click Yes when prompted. When JavaRa is done, a notice will appear that
      a logfile has been produced. Click OK.
    • A logfile will pop up. Please save it to a convenient location.Note: Do not leave this log.
    Download and install then most current version and update of Java RuntimeEnvironment (JRE)HERE.
    Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
    ===========================================
    There will also be malware in the Java cache, so it needs to be emptied:
    To clear the Java Plug-in cache:

    • [1]. Click Start > Control Panel.
      [2]. Double-click the Java icon in the control panel. [​IMG] The Java Control Panel appears.
      [​IMG]
      [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
      [​IMG]
      [4] Click Delete Files.The Delete Temporary Files dialog box appears.
      [​IMG]
      [5]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [6]. Click Apply> OK on Temporary Files Settings window.
    Images courtesy java.com
    ============================================
    You will need to temporarily uninstall AVG to run Combofix:
    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.

    Temporary AV: Use one:
    Avira-AntiVir-Personal-Free-Antivirus
    Avast Free Version
    =============================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ==================================
    FYI: you are using 2 Site Advisors- AVG and McAfee: please remove one of them.
    You also have several search engines running: Google, Yahoo, Windows Live and Crawler. Since both of the bad image messages appear to be connected to the Google Desktop (GOEC062~1.DLL) try uninstalling it, then reinstalling it.

    Please leave the Combofix log in your next reply.
  3. wiggles123

    wiggles123 Newcomer, in training Topic Starter

    Thank you Bobbye for helping me with this issue.
    I followed the instructions you provided in your post and in the order it was typed out.
    FYI, my default browser is Firefox and during some of the steps you outlined, some things happened that were not described in your post.
    For example, when I ran the JavaRa program, it did not produce a notice telling me a log file was created nor a pop up of the log file appeared. I waited awhile and nothing happened as the install screen disappeared, so I went ahead and downloaded the latest Java version 6 update 27. I hope that's ok.
    Also, after I downloaded Combofix to my desktop and double clicked it, the program installed the Recovery Console as you outlined, however after that it did a scan and rebooted the laptop by itself (I actually had to go the bathroom during the scan and when i came back, the laptop was at the blue Windows log in screen) Then I logged back in and Combofix blue screen was there with the message "Preparing Log Report". Then a log report was generated and that is the report I have copied below. I hope I did it right since I did not double click the Combofix.exe to run another scan as per your instructions.

    The last set of instructions you left was to Uninstall Google desktop (re: GOEC062~1.DLL). I don't think I had that installed as I could not find it in the "Add/Remove Programs" list nor did i find it when I clicked Start --> All Programs. Is this a problem?
    I also removed the Windows Live and Crawler Toolbars since you mentioned that I had 4 different ones.
    Please let me know if I messed up any of the steps and need to redo something.
    Thank you so much!

    ComboFix 11-09-04.03 - Vic 04/09/2011 22:49:10.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.649 [GMT -4:00]
    Running from: c:\documents and settings\Vic\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory
    c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\MSI6C.tmp.5e585687.ini
    c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
    c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini.inuse
    c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini
    c:\documents and settings\Ron\Local Settings\Application Data\ApplicationHistory
    c:\documents and settings\Ron\Local Settings\Application Data\ApplicationHistory\MSI6C.tmp.5e585687.ini
    c:\documents and settings\Ron\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
    c:\documents and settings\Ron\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini.inuse
    c:\documents and settings\Ron\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini
    c:\documents and settings\Vic\Local Settings\Application Data\ApplicationHistory
    c:\documents and settings\Vic\Local Settings\Application Data\ApplicationHistory\MSI6C.tmp.5e585687.ini
    c:\documents and settings\Vic\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
    c:\documents and settings\Vic\Local Settings\Application Data\ApplicationHistory\OUTLOOK.EXE.c1b4c359.ini
    c:\documents and settings\Vic\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini
    c:\documents and settings\Vic\Local Settings\Application Data\ApplicationHistory\SL45.tmp.96e04485.ini
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_USNJSVC
    -------\Service_usnjsvc
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-05 to 2011-09-05 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-05 02:24 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-09-05 02:24 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-09-05 02:24 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-09-05 02:24 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-09-05 02:24 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-09-05 02:24 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-09-05 02:24 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-09-05 02:24 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-09-05 02:22 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
    2011-09-05 02:22 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
    2011-09-05 02:21 . 2011-09-05 02:21 -------- d-----w- c:\program files\AVAST Software
    2011-09-05 02:21 . 2011-09-05 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
    2011-09-04 07:14 . 2011-09-04 07:14 -------- d-----w- c:\documents and settings\Vic\Application Data\Malwarebytes
    2011-09-04 07:13 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-09-04 07:13 . 2011-09-04 07:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-09-04 07:13 . 2011-09-04 07:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-04 07:13 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-03 17:51 . 2011-08-30 19:41 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
    2011-09-03 17:51 . 2011-08-30 19:41 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
    2011-08-30 02:42 . 2011-08-30 02:42 -------- d-----w- c:\program files\Common Files\McAfee
    2011-08-25 04:58 . 2011-08-25 04:58 -------- d-----w- c:\documents and settings\Vic\Application Data\vlc
    2011-08-25 04:56 . 2011-08-25 04:56 -------- d-----w- c:\program files\VideoLAN
    2011-08-25 04:08 . 2011-09-03 20:55 -------- d-----w- c:\documents and settings\Vic\Application Data\Wise Registry Cleaner
    2011-08-25 04:08 . 2011-08-25 04:08 -------- d-----w- c:\program files\Wise Registry Cleaner
    2011-08-25 02:45 . 2011-08-25 02:45 -------- d-----w- c:\windows\system32\winrm
    2011-08-25 02:45 . 2011-08-25 02:45 -------- d-----w- c:\windows\system32\GroupPolicy
    2011-08-25 02:45 . 2011-08-25 02:46 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
    2011-08-25 01:59 . 2011-08-25 01:59 -------- d-----w- c:\documents and settings\Vic\Application Data\IObit
    2011-08-25 01:59 . 2011-08-25 01:59 -------- d-----w- c:\program files\IObit
    2011-08-15 16:51 . 2011-08-15 16:51 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEPPEX2
    2011-08-15 16:51 . 2011-08-15 16:51 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonEPP
    2011-08-15 16:50 . 2011-08-15 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Canon IJ Network Tool
    2011-08-15 16:49 . 2010-09-13 18:42 114688 ----a-w- c:\windows\system32\CNC410I.dll
    2011-08-15 16:49 . 2010-09-13 18:44 106496 ----a-w- c:\windows\system32\CNC410U.dll
    2011-08-15 16:49 . 2010-09-13 18:42 1347584 ----a-w- c:\windows\system32\CNC410C.dll
    2011-08-15 16:49 . 2010-09-06 21:03 315392 ----a-w- c:\windows\system32\CNC410L.dll
    2011-08-15 16:49 . 2011-08-15 16:49 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJFAX
    2011-08-15 16:38 . 2011-08-15 16:38 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
    2011-08-15 16:38 . 2011-08-15 16:38 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
    2011-08-15 16:38 . 2010-09-07 01:58 180224 ----a-w- c:\windows\system32\CNMIUAL.DLL
    2011-08-15 16:37 . 2011-08-15 16:37 -------- d--h--w- c:\program files\CanonBJ
    2011-08-15 16:22 . 2011-08-15 16:22 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJSolutionMenuEX
    2011-08-15 15:05 . 2008-08-25 22:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
    2011-08-15 15:01 . 2011-08-15 16:44 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJWSpt
    2011-08-15 14:56 . 2010-10-21 09:00 257024 ----a-w- c:\windows\system32\CNCALAL.DLL
    2011-08-15 14:56 . 2010-09-20 09:00 74752 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAL.DLL
    2011-08-15 14:56 . 2010-09-20 09:00 28672 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAL.DLL
    2011-08-15 14:56 . 2010-09-20 09:00 303104 ----a-w- c:\windows\system32\CNMLMAL.DLL
    2011-08-15 14:55 . 2011-08-15 14:55 -------- d-----w- c:\windows\system32\STRING
    2011-08-15 14:55 . 2010-09-08 07:26 34816 ----a-w- c:\windows\system32\CNMNPUI.DLL
    2011-08-15 14:55 . 2010-09-08 07:26 342016 ----a-w- c:\windows\system32\CNMNPPM.DLL
    2011-08-10 23:33 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
    2011-08-10 23:33 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-04 13:33 . 2011-04-06 23:47 89680 ----a-w- c:\documents and settings\Vic\MSSSerif120.fon
    2011-08-11 16:06 . 2011-06-08 23:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-19 09:05 . 2010-07-27 18:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-07-19 06:40 . 2008-05-25 06:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-07-15 13:29 . 2006-10-30 19:40 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-08 14:02 . 2004-08-10 18:51 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2011-06-24 14:10 . 2004-08-10 19:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2011-06-23 18:36 . 2004-08-10 18:51 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-06-23 18:36 . 2004-08-10 18:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-06-23 18:36 . 2004-08-10 18:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-06-23 12:05 . 2004-08-10 18:51 385024 ----a-w- c:\windows\system32\html.iec
    2011-06-20 17:44 . 2004-08-10 18:51 293376 ----a-w- c:\windows\system32\winsrv.dll
    2008-08-16 21:42 . 2008-08-16 21:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
    2008-08-16 21:42 . 2008-08-16 21:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    2008-08-16 21:42 . 2008-08-16 21:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2008-08-16 21:42 . 2008-08-16 21:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
    2008-08-16 21:43 . 2008-08-16 21:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2008-08-16 21:42 . 2008-08-16 21:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2008-08-16 21:42 . 2008-08-16 21:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2008-05-21 12:41 . 2008-05-21 12:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
    2008-05-21 12:41 . 2008-05-21 12:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
    2008-05-21 12:41 . 2008-05-21 12:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
    2008-06-05 17:58 . 2008-06-05 17:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2008-08-16 21:42 . 2008-08-16 21:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    2011-08-30 22:59 . 2011-09-03 17:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
    "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]
    "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2010-07-25 17:08 2569616 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
    2010-09-14 22:09 1213848 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
    2006-08-04 00:51 1032192 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    2006-04-06 14:51 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    2005-10-15 02:46 77824 ----a-w- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    2005-10-15 02:50 114688 ----a-w- c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    2005-10-15 02:49 94208 ----a-w- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScannerSelectorEX]
    2010-09-09 18:38 452016 ----a-w- c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
    2003-09-10 08:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
    2010-11-19 18:38 193880 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyGarminAgent]
    2010-03-16 13:36 337256 ----a-w- c:\program files\Garmin\MyGarminAgent\myGarminAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2006-09-01 20:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2011-06-09 17:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2006-03-09 00:48 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2011-05-22 14:00 273544 ----a-w- c:\program files\Real\realplayer\Update\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2008-01-15 22:54 37376 ----a-w- c:\program files\Winamp\winampa.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [04/09/2011 10:24 PM 441176]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [04/09/2011 10:24 PM 309848]
    R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [24/08/2011 9:59 PM 328536]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/09/2011 10:24 PM 19544]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [29/08/2011 10:42 PM 94880]
    S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [05/12/2010 7:10 PM 18560]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [10/08/2004 2:51 PM 14336]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWSNX
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-05 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
    .
    2011-09-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1437911744-3663186046-1121994624-1007.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    2011-09-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1437911744-3663186046-1121994624-1007.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://www.yahoo.com/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: Crawler Search - tbr:iemenu
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
    IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
    IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
    TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
    Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
    FF - ProfilePath - c:\documents and settings\Vic\Application Data\Mozilla\Firefox\Profiles\mqfp2jaz.default\
    FF - prefs.js: browser.search.selectedEngine - Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d039710&v=7.007.026.001&i=23&tp=ab&iy=b&ychte=ca&lng=en-US&q=
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-09-04 22:59
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3564)
    c:\windows\system32\WININET.dll
    c:\progra~1\mcafee\sitead~1\saHook.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\WLTRYSVC.EXE
    c:\windows\System32\bcmwltry.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\stsystra.exe
    .
    **************************************************************************
    .
    Completion time: 2011-09-04 23:07:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-09-05 03:07
    .
    Pre-Run: 12,981,485,568 bytes free
    Post-Run: 13,199,241,216 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 3E2DAE91D371B1431702B7C9EC945BCE
  4. wiggles123

    wiggles123 Newcomer, in training Topic Starter

    Hi Bobbye, one more thing I wanted to note was that I just restarted my laptop and I noticed that the 2 "Bad Image" messages I was getting are no longer popping up.
    I look forward to your additional instructions to make sure everything is cleaned up. Thanks!
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Sounds like Combofix was just one step ahead of you. The log looks god though, so don't worry.

    I'm trying to remove some of the excess search and start pages you have. Many are close to duplicates and you don't need 2 processes running.

    The improvement was most likely due to the deletions in Combofix. I'm almost finished setting up some script for you to run in Combofix.

    Please check Add/Remove Programs and make sure the only version of Java is v6u27> The multiple versions are still showing in the add ons. I can remove these if needed.

    Since the Google Desktop 'bad image' messages are gone, we'll cross that off the worry list!
    ====================================
    About the antivirus programs:
    1. AVG on system when we began
    2. Uninstall AVG
    3. Installed temporary Avast 9/5/2011
    ***If you had McAfee Security, it appears that you did not uninstall it properly. Please run this to remove it:
    Uninstall: McAfee Removal
    4. McAfee installed 8/30/2011
    McAfee SiteAdvisor Service now running
    McAfee spam running
    **********************
    5. Installed c:\program files\Wise Registry Cleaner<<<< Please uninstall- we don't recommend that anyone use a registry cleaner.
    6. Installed c:\program files\IObit for Advanced System Care<<<<Please uninstall- this program is not good to have on the system- their home site is also poorly rated.
    ========================
    Please run the following online virus scan while I finish up the script:
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
  6. wiggles123

    wiggles123 Newcomer, in training Topic Starter

    Hi Bobbye,
    I followed your instructions again and went into the Add/Remove Programs and removed the older Java version. But I also saw several "J2SE Runtime Environment 5.0 Updates" listed - should these be removed as well?
    I then uninstalled the McAfee Site advisor and then ran the McAfee removal program as per your link to remove all McAfee related programs. I also removed the WISE registry cleaner and IObit programs.
    Then I ran the ESET scanner and good news, no malware/infections found so no log to show you.

    I'll be waiting for your next set of instructions. Thank you!
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Update me on the system. Are the original problem resolved? Are there any new problems?
  8. wiggles123

    wiggles123 Newcomer, in training Topic Starter

    Hi Bobbye,
    Everything seems to be running fine now. I have not had the original Bad Image messages pop up anymore during boot up or restarts. I have not noticed any new problems either. Anything else I need to do? You mentioned some script to run in ComboFix. Thanks.
  9. wiggles123

    wiggles123 Newcomer, in training Topic Starter

    Hi Bobbye, just another quick system update. The original problem has not shown up today. Things seem to be running fine.
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Thanks for your patience. I think there was a conspiracy to keep me off the computer because it's been one thing after another!
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    KIllAll::
    File::
    Folder::
    c:\documents and settings\Vic\Application Data\Wise Registry Cleaner
    c:\program files\Wise Registry Cleaner
    c:\documents and settings\Vic\Application Data\IObit
    c:\program files\IObit
    DDS::
    mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchAssistant = hxxp://www.google.com/ie
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
    BHO: 1 (0x1) - No File
    BHO: 1 (0x1) - No File
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
    TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
    TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
    uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
    mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
    IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: Crawler Search - tbr:iemenu
    Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "YSearchProtection"=-
    "Search Protection"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "YSearchProtection"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScannerSelectorEX]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Recommend you stop all of the following Tasks:
    Click on Start> Run> type in cmd> enter> at the blinking C Prompt type in each of the following with 'enter' after each:
    Note: there is a space before each /
    Code:
    schtasks /end /RealUpgradeLogon
    
    schtasks /end /RealUpgradeScheduledTasks
    
    schtasks /end /MSNTBUP.EXE
    
    In response, SchTasks.exe stops the instance of Notepad.exe that the task started, and it displays the following success message:

    SUCCESS: The Scheduled Task "xxxxxx" has been terminated successfully.

    If you have a problem or want to see other options, check HERE for the specific Commands.
    ===========================================
    Then run this to make sure all the bad entries have been removed:
    Download HijackThis and save to your desktop.
    • Extract it to a directory on your hard drive called c:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.


    .
  11. wiggles123

    wiggles123 Newcomer, in training Topic Starter

    Hi Bobbye,
    No problem about the delay. Everyone is busy these days and you are taking time out to help me out so it is greatly appreciated.
    I ran the ComboFix script as you instructed and have the log, but I'll post in my next reply because I ran into a slight problem with the next step you gave me.
    I tried stopping the 3 tasks you listed using the "cmd" method as you described, but got the messages below. So I'm not sure what to do now. I tried the link you attached but it took me to microsoft page that had many links and I looked at some of them and I couldn't make sense out of it. What am I doing wrong here?


    Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\Vic>schtasks /end /RealUpgradeLogon
    'schtasks' is not recognized as an internal or external command,
    operable program or batch file.

    C:\Documents and Settings\Vic>schtasks /end /RealUpgradeScheduledTasks
    'schtasks' is not recognized as an internal or external command,
    operable program or batch file.

    C:\Documents and Settings\Vic>schtasks /end /MSNTBUP.EXE
    'schtasks' is not recognized as an internal or external command,
    operable program or batch file.

    C:\Documents and Settings\Vic>
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Okay, let just do it the old fashion way: if you use the Real Player, you can keep it:

    REAL PLAYER:
    1. UNCHECK all 'Real', Real Player' and 'Real One' entries on the Startup menu
    2. If you use Real Player disable the auto-update feature in your Tools- Preferences- Automatic Services- AutoUpdate (In RealPlayer).
    3. Right click on Start> Explore> Programs> Common> Real Update> right click> delete the file "realshed.exe"

    If you get any error message about the program being in use< you can do one of 2 things:
    1. Boot into Safe Mode to do the above
    or
    2. Open the Task Manager> Processes tab> highlight> End Task on any RP processes.
  13. wiggles123

    wiggles123 Newcomer, in training Topic Starter

    Hi Bobbye,
    I actually removed the RealPlayer progrma since I do not use it often, so I hope that solves that issue of it starting up on its own.

    Here is the ComboFix log and HijackThis log as requested.

    ComboFix 11-09-10.03 - Vic 10/09/2011 15:30:07.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.656 [GMT -4:00]
    Running from: c:\documents and settings\Vic\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Vic\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Vic\Application Data\IObit
    c:\documents and settings\Vic\Application Data\IObit\Advanced SystemCare V4\AutoSweep.ini
    c:\documents and settings\Vic\Application Data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-08-24(23-42-21).reg
    c:\documents and settings\Vic\Application Data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-09-03(13-34-06).reg
    c:\documents and settings\Vic\Application Data\IObit\Advanced SystemCare V4\Ignore.ini
    c:\documents and settings\Vic\Application Data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-08-24(23-42-21).txt
    c:\documents and settings\Vic\Application Data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-09-03(13-34-06).txt
    c:\documents and settings\Vic\Application Data\IObit\Advanced SystemCare V4\Main.ini
    c:\documents and settings\Vic\Application Data\IObit\Advanced SystemCare V4\PMonitor\Config.ini
    c:\documents and settings\Vic\Application Data\IObit\Uninstall Unwanted Apps.lnk
    c:\program files\bae\BAE.dll
    c:\program files\IObit
    c:\program files\IObit\Advanced SystemCare 4\checkinfo.txt
    c:\program files\IObit\Advanced SystemCare 4\DiskScan.log
    c:\program files\IObit\Advanced SystemCare 4\LatestNews\imagenews.png
    c:\program files\IObit\Advanced SystemCare 4\LatestNews\LatestNews.ini
    c:\program files\IObit\Advanced SystemCare 4\License.dat
    c:\program files\IObit\Advanced SystemCare 4\Update\Update.Ini
    c:\program files\yahoo!\search protection\SearchProtection.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-10 to 2011-09-10 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-05 21:45 . 2011-09-05 21:45 -------- d-----w- c:\program files\ESET
    2011-09-05 02:24 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-09-05 02:24 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-09-05 02:24 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-09-05 02:24 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-09-05 02:24 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-09-05 02:24 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-09-05 02:24 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-09-05 02:24 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-09-05 02:22 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
    2011-09-05 02:22 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
    2011-09-05 02:21 . 2011-09-05 02:21 -------- d-----w- c:\program files\AVAST Software
    2011-09-05 02:21 . 2011-09-05 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
    2011-09-04 07:14 . 2011-09-04 07:14 -------- d-----w- c:\documents and settings\Vic\Application Data\Malwarebytes
    2011-09-04 07:13 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-09-04 07:13 . 2011-09-04 07:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-09-04 07:13 . 2011-09-04 07:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-04 07:13 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-03 17:51 . 2011-08-30 19:41 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
    2011-09-03 17:51 . 2011-08-30 19:41 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
    2011-09-03 10:17 . 2011-09-03 10:17 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
    2011-08-25 04:58 . 2011-08-25 04:58 -------- d-----w- c:\documents and settings\Vic\Application Data\vlc
    2011-08-25 04:56 . 2011-08-25 04:56 -------- d-----w- c:\program files\VideoLAN
    2011-08-25 02:45 . 2011-08-25 02:45 -------- d-----w- c:\windows\system32\winrm
    2011-08-25 02:45 . 2011-08-25 02:45 -------- d-----w- c:\windows\system32\GroupPolicy
    2011-08-25 02:45 . 2011-08-25 02:46 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
    2011-08-15 16:51 . 2011-08-15 16:51 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEPPEX2
    2011-08-15 16:51 . 2011-08-15 16:51 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonEPP
    2011-08-15 16:50 . 2011-08-15 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Canon IJ Network Tool
    2011-08-15 16:49 . 2010-09-13 18:42 114688 ----a-w- c:\windows\system32\CNC410I.dll
    2011-08-15 16:49 . 2010-09-13 18:44 106496 ----a-w- c:\windows\system32\CNC410U.dll
    2011-08-15 16:49 . 2010-09-13 18:42 1347584 ----a-w- c:\windows\system32\CNC410C.dll
    2011-08-15 16:49 . 2010-09-06 21:03 315392 ----a-w- c:\windows\system32\CNC410L.dll
    2011-08-15 16:49 . 2011-08-15 16:49 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJFAX
    2011-08-15 16:38 . 2011-08-15 16:38 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
    2011-08-15 16:38 . 2011-08-15 16:38 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
    2011-08-15 16:38 . 2010-09-07 01:58 180224 ----a-w- c:\windows\system32\CNMIUAL.DLL
    2011-08-15 16:37 . 2011-08-15 16:37 -------- d--h--w- c:\program files\CanonBJ
    2011-08-15 16:22 . 2011-08-15 16:22 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJSolutionMenuEX
    2011-08-15 15:05 . 2008-08-25 22:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
    2011-08-15 15:01 . 2011-08-15 16:44 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJWSpt
    2011-08-15 14:56 . 2010-10-21 09:00 257024 ----a-w- c:\windows\system32\CNCALAL.DLL
    2011-08-15 14:56 . 2010-09-20 09:00 74752 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAL.DLL
    2011-08-15 14:56 . 2010-09-20 09:00 28672 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAL.DLL
    2011-08-15 14:56 . 2010-09-20 09:00 303104 ----a-w- c:\windows\system32\CNMLMAL.DLL
    2011-08-15 14:55 . 2011-08-15 14:55 -------- d-----w- c:\windows\system32\STRING
    2011-08-15 14:55 . 2010-09-08 07:26 34816 ----a-w- c:\windows\system32\CNMNPUI.DLL
    2011-08-15 14:55 . 2010-09-08 07:26 342016 ----a-w- c:\windows\system32\CNMNPPM.DLL
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-04 13:33 . 2011-04-06 23:47 89680 ----a-w- c:\documents and settings\Vic\MSSSerif120.fon
    2011-09-03 10:17 . 2004-08-10 18:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-08-11 16:06 . 2011-06-08 23:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-19 09:05 . 2010-07-27 18:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-07-19 06:40 . 2008-05-25 06:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-07-15 13:29 . 2006-10-30 19:40 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-08 14:02 . 2004-08-10 18:51 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2011-06-24 14:10 . 2004-08-10 19:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2011-06-23 18:36 . 2004-08-10 18:51 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-06-23 18:36 . 2004-08-10 18:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-06-23 18:36 . 2004-08-10 18:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-06-23 12:05 . 2004-08-10 18:51 385024 ----a-w- c:\windows\system32\html.iec
    2011-06-20 17:44 . 2004-08-10 18:51 293376 ----a-w- c:\windows\system32\winsrv.dll
    2008-08-16 21:42 . 2008-08-16 21:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
    2008-08-16 21:42 . 2008-08-16 21:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    2008-08-16 21:42 . 2008-08-16 21:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2008-08-16 21:42 . 2008-08-16 21:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
    2008-08-16 21:43 . 2008-08-16 21:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2008-08-16 21:42 . 2008-08-16 21:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2008-08-16 21:42 . 2008-08-16 21:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2008-05-21 12:41 . 2008-05-21 12:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
    2008-05-21 12:41 . 2008-05-21 12:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
    2008-05-21 12:41 . 2008-05-21 12:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
    2008-06-05 17:58 . 2008-06-05 17:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2008-08-16 21:42 . 2008-08-16 21:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    2011-09-08 19:23 . 2011-09-03 17:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-09-05_02.59.40 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-09-10 19:44 . 2011-09-10 19:44 16384 c:\windows\temp\Perflib_Perfdata_784.dat
    + 2011-09-10 19:44 . 2011-09-10 19:44 16384 c:\windows\temp\Perflib_Perfdata_708.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2010-07-25 17:08 2569616 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
    2010-09-14 22:09 1213848 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
    2006-08-04 00:51 1032192 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    2006-04-06 14:51 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    2005-10-15 02:46 77824 ----a-w- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    2005-10-15 02:50 114688 ----a-w- c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    2005-10-15 02:49 94208 ----a-w- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScannerSelectorEX]
    2010-09-09 18:38 452016 ----a-w- c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
    2003-09-10 08:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
    2010-11-19 18:38 193880 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyGarminAgent]
    2010-03-16 13:36 337256 ----a-w- c:\program files\Garmin\MyGarminAgent\myGarminAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2006-09-01 20:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2011-06-09 17:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2006-03-09 00:48 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2011-05-22 14:00 273544 ----a-w- c:\program files\Real\realplayer\Update\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2008-01-15 22:54 37376 ----a-w- c:\program files\Winamp\winampa.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [04/09/2011 10:24 PM 442200]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [04/09/2011 10:24 PM 320856]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/09/2011 10:24 PM 20568]
    S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [05/12/2010 7:10 PM 18560]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [10/08/2004 2:51 PM 14336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1437911744-3663186046-1121994624-1007.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    2011-09-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1437911744-3663186046-1121994624-1007.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://www.yahoo.com/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
    IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
    IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
    TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
    FF - ProfilePath - c:\documents and settings\Vic\Application Data\Mozilla\Firefox\Profiles\mqfp2jaz.default\
    FF - prefs.js: browser.search.selectedEngine - Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d039710&v=7.007.026.001&i=23&tp=ab&iy=b&ychte=ca&lng=en-US&q=
    FF - user.js: yahoo.homepage.dontask - true
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-09-10 15:53
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(2388)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\WLTRYSVC.EXE
    c:\windows\System32\bcmwltry.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\stsystra.exe
    .
    **************************************************************************
    .
    Completion time: 2011-09-10 16:00:29 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-09-10 20:00
    ComboFix2.txt 2011-09-05 03:07
    .
    Pre-Run: 12,615,098,368 bytes free
    Post-Run: 12,605,558,784 bytes free
    .
    - - End Of File - - 8A652F83453FFB9EE65DABA3F0471B21


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 4:16:40 PM, on 11/09/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=4061030
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 7497 bytes
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    The Adobe Reader is way out of date. You have v7< current is v10. Please update: Adobe Reader site . Uninstall any earlier updates as they are vulnerabilities.
    ==========================
    Please reopen HijackThis to 'do system scan only.' Check each of the following, if present:
    Note: Please print the following> You can use it to help find the Startup processes and uncheck using msconfig.

    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe


    Close all Windows except HijackThis and click on "Fix Checked'
    ========================================
    Click on Start> Run> type in services.msc> enter> find each of the following> Double click to open> set Startup Type as given:
    JavaQuickStart (jqs) Set to Disabled> Stop the Service
    Canon Camera Access Library 8 (CCALib8)> set to Manual

    Exit Services
    ==========================================
    Canon puts a large number of processes on the system. None need to start on boot and run in the background: The following are all installed> If any are on the Startup menu they can be unchecked> This will not remove the program- only stop it from starting on boot and running in the background:
    =============================================
    Please use Windows Explorer to delete the program for the iObit Advanced SystemCare.[/b[. Stay away from the iObit sites. They are not good sites and are rated poorly.

    Any processes for the following can be unchecked on the Startup Meun> Most are auto-updates. The only program I allow to auto-update is the AV program.
    =============================================
    Combofix is okay> You can remove all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    -----
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    ------------------------------------------
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin

    Let me know if you have any questions.
  15. wiggles123

    wiggles123 Newcomer, in training Topic Starter

    Hi Bobbye,
    Before I go through all your steps, can you clarify 2 things for me.
    1 - For the second step you want me to rerun the HijackThis scan and then check those listed items to "Fix checked". Do I do that first and then run the msconfig to stop the same listed items in the Startup process?
    2 - For the following step in your process you said "Any processes for the following can be unchecked on the Startup Meun> Most are auto-updates. The only program I allow to auto-update is the AV program." I did not see any thing listed so I am not sure exactly which ones I should uncheck.
    Thanks!
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Any processes for the following can be unchecked on the Startup Meun>
    1. Run HijackThis with the above checked> don't reboot or they will restart if still on startup.
    2. Then take those entries off of Startup.

    Sorry- that wasn't clear I meant the processes 'above' instead of 'below.' My bad.
  17. wiggles123

    wiggles123 Newcomer, in training Topic Starter

    Hi Bobbye,
    I went through all the steps you outlined. I didn't find all the entries you listed below when I reran HijackThis and also in Startup I did not find many of them. I uninstalled everything that you had me download and run over the past week and manually deleted any remaining items not removed in that process. I finally created the new restore point at the end.
    I would like to know what your recommendations are for the security and scanning programs I should have installed to prevent future problems (i.e. should I download Malwarebytes again or some other programs and run that periodically) and the routine steps I should take on a regular basis to make sure everything is clean. I know you mentioned in an earlier post that the iObit programs are no good and not to use any registry cleaner. I had those installed based on what I read from CNET and it's editors picks for maintaining a "clean" system that would run more efficiently.
    Any last advice on this would be greatly appreciated.
    Thank you once again for helping me with cleaning my laptop with your step by step instructions :D
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    I'm so sorry- I got behind and can't seem to catch up! Here are my security recommendations:

    Tips for added security and safer browsing: (Links are in Bold Blue)
    1. Browser Security
      [o] Safe Settings (Please ignore the suggestion to use the Registry Editor in this section "Creating a Custom Security Zone")
      [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
      [o] Replace the Host Files
      [o] Google Toolbar Pop Up Blocker
      [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
    2. Have layered Security:
      [o]Antivirus :(only one):Both of the following programs are free and known to be good:
      [o]Avira-AntiVir-Personal-Free-Antivirus
      [o]Avast-Free Antivirus
      [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
      [o]Comodo
      [o]Zone Alarm
    3. Antimalware: I recommend all of the following:
      [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
      [o]Spybot Search & Destroy
    4. Updates: Stay current:
      [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
      [o]Adobe Reader Install current, uninstall old.
      [o]Java Updates Install current, uninstall old.
    5. Tracking Cookies
      Reset Cookie:
      [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
      [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
      I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
      AdBlock Plus
      Easy List
      [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
    6. Do regular Maintenance
      Clean the temporary internet files often:
      [o] Temporary File Cleaner
      [o] ATF Cleaner by Atribune
    7. Restore Points:
      [o]See System Restore Guide
    8. Safe Email Handling
      [o] Don't open email from anyone you don't know.
      [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
      [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
    Please let me know if you find any bad link.

    Let me know if you have any more questions.
     
  19. wiggles123

    wiggles123 Newcomer, in training Topic Starter

    Hi Bobbye,
    Thank you so much for all your help and the security recommendations.
    I've installed your recommended programs. But I was wondering since I use Firefox as my main browser, should I install the add-on program called "NoScripts" to Firefox?
    Also under your first section "Browser Security", are all those suggestions only related to using Internet Explorer? I read the info in your link for replacing the Host File - does this only apply to using IE or can I also do this with Firefox?
    And the link for the "Temporary File Cleaner" appears to be broken.
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    You're very welcome.
    I also have Firefox as my default browser. Some of the information is more specific to IE- the first 2 under Browser Security are for IE, but most others can also be applied to Firefox. No Scripts is up to you. I don't have it, but I see other that do.

    Thank you for the TFC information> this should work: http://oldtimer.geekstogo.com/TFC.exe

    The only difference in the links is that old one has 'tfc' and this one has 'TFC'
    -------------------------------
    If you put the Site Advisor WOT on the system, do a search for Iobit. Click on the small circle next to the color code and it will tell you where they fail in the ratings. I do a lot of searching and have to be very careful of the sites I go to. I am constantly amazed at the number of sites with the red or amber rating.
  21. wiggles123

    wiggles123 Newcomer, in training Topic Starter

    The WOT add on looks helpful so i'm going to use that and I'm going to look into the Host file replacement. Seems a little technical to me when reading the link you sent, but I'll work my way through it and try it.
    Thanks once again Bobbye and to the TechSpot team!
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    You're welcome.

    [​IMG]Peace
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.