Jump to content

Bad Image Error Message


mgrainger
 Share

Recommended Posts

Hello,

 

I have recently (yesterday) begun receiving "bad image" messages for all executable files on my computer when rebooting and when opening any program. This was following the removal of a Google redirect virus using a free AVG anti-virus software download, as my Norton Anti-Virus did not detect said infection. I am using Windows XP and have run hijack this (see logs below).

 

The message that I receive each time reads "The application or DLL c:\windows\system32\kirojeke.dll is not a valid Windows image. Please check this against your installation diskette." I went to this specific file and attempted to delete it (per the instructions from another forum) but I have a feeling I didn't do it properly since I am still receiving this message. In any event, I know that I still have an infection and would like to resolve this problem. Any help that can be provided will be very, very much appreciated.

 

Thanks in advance!

 

Molly

 

HijackThis Log:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:17:32 PM, on 8/2/2011

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program Files\AVG\AVG10\avgchsvx.exe

C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe

C:\Program Files\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE

C:\Program Files\Common Files\AOL\1159731885\ee\AOLSoftware.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe

C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\NetWaiting\netWaiting.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Logitech\Vid\Vid.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Documents and Settings\Molly G\Application Data\Dropbox\bin\Dropbox.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O1 - Hosts: 82.98.231.89 url.adtrgt.com

O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL

O2 - BHO: (no name) - {74FA5D99-38CD-4E3E-B765-54FAD4BDA166} - C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\bdw.dll (file missing)

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers\YontooIEClient.dll

O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [EPSON Stylus C88 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE" /P23 "EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88"

O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1159731885\ee\AOLSoftware.exe"

O4 - HKLM\..\Run: [iPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"

O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [f8d82f74] rundll32.exe "C:\WINDOWS\system32\hovadojo.dll",b

O4 - HKLM\..\Run: [CPMfbeb1ce8] Rundll32.exe "c:\windows\system32\kirojeke.dll",a

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [backupNowEZtray] "C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe" -k

O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide

O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe

O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid\Vid.exe" -bootmode

O4 - HKCU\..\Run: [Logitech Vid HD] "C:\Program Files\Logitech\Vid\vid.exe" -bootmode

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Molly G\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Molly G\Application Data\Dropbox\bin\Dropbox.exe

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O4 - Startup: Seagate Product Registration.lnk = ?

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O4 - Global Startup: Kaspersky Security Scan.lnk = ?

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} (Cisco SSL VPN Relay Loader) - https://extranet.cchmc.org/+CSCOL+/csvrloader32.cab

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL c:\windows\system32\kirojeke.dll

O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: Windows Management Instrumentation Server (MSInstrumentService) - Unknown owner - C:\WINDOWS\system32\wbem\wmiservice.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe

O23 - Service: NTI BackupNowEZSvr - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe

O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

 

 

 

 

 

attach log:

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-23.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 5/24/2006 6:34:58 PM

System Uptime: 8/2/2011 6:51:41 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 0FF049

Processor: Genuine Intel® CPU T2400 @ 1.83GHz | Microprocessor | 1828/133mhz

Processor: Genuine Intel® CPU T2400 @ 1.83GHz | Microprocessor | 1828/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 89 GiB total, 0.856 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1265: 6/3/2011 10:04:10 PM - System Checkpoint

RP1266: 6/5/2011 2:23:05 PM - System Checkpoint

RP1267: 6/7/2011 5:20:26 PM - System Checkpoint

RP1268: 6/8/2011 10:58:00 PM - System Checkpoint

RP1269: 6/12/2011 5:58:43 PM - System Checkpoint

RP1270: 6/13/2011 7:29:11 PM - System Checkpoint

RP1271: 6/14/2011 7:47:59 PM - System Checkpoint

RP1272: 6/24/2011 2:02:40 AM - System Checkpoint

RP1273: 6/26/2011 7:03:51 PM - System Checkpoint

RP1274: 6/27/2011 8:29:05 PM - System Checkpoint

RP1275: 6/28/2011 9:34:57 PM - System Checkpoint

RP1276: 6/30/2011 12:48:27 AM - System Checkpoint

RP1277: 7/1/2011 1:34:56 AM - System Checkpoint

RP1278: 7/1/2011 11:39:25 AM - Removed Google Talk Plugin

RP1279: 7/2/2011 1:34:56 PM - System Checkpoint

RP1280: 7/3/2011 3:34:57 PM - System Checkpoint

RP1281: 7/4/2011 3:35:37 PM - System Checkpoint

RP1282: 7/6/2011 7:59:53 PM - System Checkpoint

RP1283: 7/10/2011 8:05:38 PM - System Checkpoint

RP1284: 7/13/2011 6:05:58 PM - System Checkpoint

RP1285: 7/13/2011 8:51:42 PM - Removed WinZip 15.0

RP1286: 7/13/2011 9:30:14 PM - Installed WinZip 15.0

RP1287: 7/19/2011 7:45:56 PM - System Checkpoint

RP1288: 7/21/2011 4:59:05 PM - System Checkpoint

RP1289: 7/24/2011 12:47:07 PM - System Checkpoint

RP1290: 7/25/2011 6:14:02 PM - System Checkpoint

RP1291: 7/28/2011 7:34:10 PM - System Checkpoint

RP1292: 7/29/2011 8:59:10 PM - System Checkpoint

RP1293: 7/30/2011 11:00:20 PM - System Checkpoint

RP1294: 7/31/2011 6:33:07 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

RP1295: 7/31/2011 6:33:38 PM - Installed AVG 2011

RP1296: 7/31/2011 6:36:02 PM - Installed AVG 2011

RP1297: 8/2/2011 7:14:01 PM - Installed HiJackThis

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Reader 9.3

AIM 6

AOL Connectivity Services

AOL Uninstaller (Choose which Products to Remove)

Apple Mobile Device Support

Ask Toolbar

AVG 2011

BUM

Business Complete Care Services Agreement

CameraHelperMsi

CardRd81

CCScore

Compatibility Pack for the 2007 Office system

Conexant HDA D110 MDC V.92 Modem

CR2

Dell System Restore

Dell Wireless WLAN Card

DellSupport

Digital Content Portal

DivX Content Uploader

DivX Setup

Dropbox

EPSON Printer Software

EPSON Scan

EPSON Stylus CX8400 Series Scanner Driver Update

erLT

ESSBrwr

ESSCDBK

ESScore

ESSCT

ESSEMAIL

ESSgui

ESShelp

ESSini

ESSPCD

ESSPDock

ESSSONIC

ESSTOOLS

ESSTUTOR

essvatgt

essvcpt

ESSvpaht

ESSvpot

Google Chrome

Google Desktop

Google Talk Plugin

Google Update Helper

High Definition Audio Driver Package - KB835221

HiJackThis

HLPIndex

HLPPDOCK

HLPSFO

Hotfix for Windows XP (KB896256)

Hotfix for Windows XP (KB906569)

Hotfix for Windows XP (KB908673)

Hotfix for Windows XP (KB926239)

IBM SPSS Statistics 19

Intel® Graphics Media Accelerator Driver

iTunes

Java 2 Runtime Environment, SE v1.4.2_03

Java Auto Updater

Java 6 Update 18

Kaspersky Security Scan

KODAK EASYSHARE Gallery Easy Upload, v2.1

Kodak EasyShare software

KSU

Last.fm 1.5.4.24567

LimeWire 5.5.10

Logitech Vid

Logitech Webcam Software

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS VideoEffects

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

MCU

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB886903)

Microsoft .NET Framework 2.0

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office Professional Edition 2003

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Modem Helper

Mozilla Firefox (3.6.18)

MSXML 6.0 Parser (KB933579)

NetWaiting

NetZeroInstallers

Norton AntiVirus

Norton Security Scan

Notifier

NTI Backup Now EZ

OfotoXMI

OTtBP

OTtBPSDK

QuickSet

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899588)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB911280)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB925486)

SFR

SHASTA

SKIN0001

SKINXSDK

Skype Toolbars

Skype™ 5.0

SoulSeek 157 NS 12d

SuperLab Pro for Windows

Synaptics Pointing Device Driver

Update for Windows XP (KB894391)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB908531)

Update for Windows XP (KB910437)

Update for Windows XP (KB912945)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB932823-v3)

VC80CRTRedist - 8.0.50727.4053

VPRINTOL

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player 11

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB885855

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB889673

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB892627

Windows XP Hotfix - KB893056

WinZip 15.0

WIRELESS

Yontoo Layers 1.10.01

.

==== Event Viewer Messages From Past Week ========

.

8/2/2011 6:12:02 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).

8/2/2011 6:06:48 PM, error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

8/1/2011 6:17:20 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NTI BackupNowEZSvr service to connect.

8/1/2011 6:17:20 PM, error: Service Control Manager [7000] - The NTI BackupNowEZSvr service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/1/2011 10:52:03 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Installer service to connect.

8/1/2011 10:52:03 PM, error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/31/2011 6:30:10 PM, error: Dhcp [1002] - The IP address lease 10.0.0.131 for the Network Card with network address 0016CE6B81BA has been denied by the DHCP server 192.168.5.1 (The DHCP Server sent a DHCPNACK message).

7/31/2011 6:09:10 PM, error: Service Control Manager [7034] - The ManageEngine ServiceDesk Plus service terminated unexpectedly. It has done this 1 time(s).

7/31/2011 5:16:53 PM, error: Service Control Manager [7034] - The NTI BackupNowEZSvr service terminated unexpectedly. It has done this 1 time(s).

7/28/2011 6:30:27 PM, error: Service Control Manager [7034] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s).

7/28/2011 6:01:12 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. .

7/28/2011 6:01:12 PM, error: SideBySide [59] - Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll. Reference error message: The operation completed successfully. .

7/28/2011 6:01:12 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.

7/27/2011 7:39:22 PM, error: Dhcp [1002] - The IP address lease 192.168.2.4 for the Network Card with network address 0016CE6B81BA has been denied by the DHCP server 192.168.5.1 (The DHCP Server sent a DHCPNACK message).

7/27/2011 6:32:34 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.

7/27/2011 6:31:48 PM, error: System Error [1003] - Error code 00000024, parameter1 001902fe, parameter2 f79d8948, parameter3 f79d8644, parameter4 f7326018.

7/27/2011 6:27:53 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Management Instrumentation Server service to connect.

.

==== End Of File ===========================

 

 

dds log:

 

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18

Run by Molly G at 19:22:57 on 2011-08-02

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.144 [GMT -4:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program Files\AVG\AVG10\avgchsvx.exe

C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe

C:\Program Files\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE

C:\Program Files\Common Files\AOL\1159731885\ee\AOLSoftware.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe

C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\NetWaiting\netWaiting.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Logitech\Vid\Vid.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Documents and Settings\Molly G\Application Data\Dropbox\bin\Dropbox.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

mURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.8.0.41\IPSBHO.DLL

BHO: {74fa5d99-38cd-4e3e-b765-54fad4bda166} - c:\windows\microsoft.net\framework\v1.0.3705\bdw.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers\YontooIEClient.dll

TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll

uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe

uRun: [Aim6]

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Logitech Vid] "c:\program files\logitech\vid\Vid.exe" -bootmode

uRun: [Logitech Vid HD] "c:\program files\logitech\vid\vid.exe" -bootmode

uRun: [Google Update] "c:\documents and settings\molly g\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [synTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [iSUSPM Startup] "c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe" -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [EPSON Stylus C88 Series] "c:\windows\system32\spool\drivers\w32x86\3\E_FATIABA.EXE" /P23 "EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88"

mRun: [HostManager] "c:\program files\common files\aol\1159731885\ee\AOLSoftware.exe"

mRun: [iPHSend] "c:\program files\common files\aol\iphsend\IPHSend.exe"

mRun: [MSKDetectorExe] "c:\program files\mcafee\spamkiller\MSKDetct.exe" /uninstall

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [f8d82f74] rundll32.exe "c:\windows\system32\hovadojo.dll",b

mRun: [CPMfbeb1ce8] Rundll32.exe "c:\windows\system32\kirojeke.dll",a

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [backupNowEZtray] "c:\program files\newtech infosystems\backup now ez\BackupNowEZtray.exe" -k

mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start

mRun: [<NO NAME>]

mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

StartupFolder: c:\docume~1\mollyg~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\molly g\application data\dropbox\bin\Dropbox.exe

StartupFolder: c:\docume~1\mollyg~1\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe

StartupFolder: c:\docume~1\mollyg~1\startm~1\programs\startup\SEAGAT~1.LNK -

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kasper~1.lnk - c:\program files\kaspersky security scan\KSS.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://extranet.cchmc.org/+CSCOL+/csvrloader32.cab

DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62

TCP: Interfaces\{F3DBA94E-DB99-49CD-9AF7-BB68F652D122} : DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll c:\windows\system32\kirojeke.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - No File

STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4}: STS

Hosts: 82.98.231.89 url.adtrgt.com

Hosts: 82.98.231.89 googleads2.gdoubleclick.net

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\molly g\application data\mozilla\firefox\profiles\wfi6x042.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://online.wsj.com/home-page

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e35dab6&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll

FF - component: c:\documents and settings\molly g\application data\mozilla\firefox\profiles\wfi6x042.default\extensions\toolbar@ask.com\chrome\content\AudioService.dll

FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll

FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\molly g\application data\mozilla\firefox\profiles\wfi6x042.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll

FF - plugin: c:\documents and settings\molly g\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\molly g\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\molly g\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com

FF - Ext: LimeWire Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com

FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com

FF - Ext: XUL Cache: {801944e1-9c7e-4a1f-afbf-0984401d3b8b} - %profile%\extensions\{801944e1-9c7e-4a1f-afbf-0984401d3b8b}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa

FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1008000.029\SymEFA.sys [2010-2-2 310320]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1008000.029\BHDrvx86.sys [2010-2-2 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1008000.029\cchpx86.sys [2010-2-2 482432]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20110801.030\IDSXpx86.sys [2011-8-2 355256]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\engine\16.8.0.41\ccSvcHst.exe [2010-2-2 117640]

R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-30 105592]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20110802.003\NAVENG.SYS [2011-8-2 86008]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20110802.003\NAVEX15.SYS [2011-8-2 1542392]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-18 135664]

S2 MSInstrumentService;Windows Management Instrumentation Server;c:\windows\system32\wbem\wmiservice.exe [2006-11-5 214016]

S2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\newtech infosystems\backup now ez\BackupNowEZSvr.exe [2009-9-19 45312]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-5-28 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-18 135664]

S3 wmamp3DriverV32;wmamp3DriverV32;c:\windows\system32\drivers\wmamp3DriverV32.sys [2011-1-5 23608]

S4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriver.sys --> c:\windows\system32\drivers\AVGIDSDriver.Sys [?]

S4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilter.sys --> c:\windows\system32\drivers\AVGIDSFilter.Sys [?]

S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshim.sys --> c:\windows\system32\drivers\AVGIDSShim.Sys [?]

S4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys --> c:\windows\system32\drivers\avgrkx86.sys [?]

.

=============== Created Last 30 ================

.

2011-08-02 23:14:15 388096 ----a-r- c:\documents and settings\molly g\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-08-02 23:14:11 -------- d-----w- c:\program files\Trend Micro

2011-08-01 22:14:25 20 ----a-w- c:\windows\system32\KIROJEKE.DLL

2011-08-01 00:48:15 -------- d--h--w- C:\$AVG

2011-07-31 22:53:09 -------- d-----w- c:\documents and settings\molly g\application data\AVG10

2011-07-31 22:44:40 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

2011-07-31 22:36:48 -------- d-----w- c:\windows\system32\drivers\AVG

2011-07-31 22:36:48 -------- d-----w- c:\documents and settings\all users\application data\AVG10

2011-07-31 22:33:45 -------- d-----w- c:\program files\AVG

2011-07-31 22:13:22 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-07-31 22:08:58 -------- d-----w- c:\documents and settings\all users\application data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}

2011-07-29 03:11:50 -------- d-----w- C:\ManageEngine

2011-07-29 02:29:43 -------- d-----w- c:\documents and settings\molly g\local settings\application data\PackageAware

2011-07-23 18:31:27 0 ---ha-w- c:\documents and settings\molly g\xclaocbgex.tmp

2011-07-14 01:31:30 -------- d-----w- c:\documents and settings\molly g\local settings\application data\WinZip

2011-07-14 01:28:46 -------- d-----w- c:\program files\Yontoo Layers

2011-07-14 01:28:45 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer

.

==================== Find3M ====================

.

2006-11-01 04:06:14 100366 --sha-w- c:\windows\runbatch.com

2003-09-29 20:25:24 18432 --sha-w- c:\windows\system32\wbem\raddrv.dll

.

============= FINISH: 19:24:23.89 ===============

Link to comment
Share on other sites

Hello mgrainger and :wp:

 

My name is JonTom

 

  • Malware Logs can sometimes take a lot of time to research and interpret.

  • Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.

  • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.

  • Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.

  • PLEASE NOTE: If you do not reply after 5 days your thread will be closed.

Thank you for the DDS logs.

 

I notice that this machine has not yet been updated to XP SP3. Is there any particular reason why you have not yet upgraded?

 

Before we begin I would like to see the results of an anti rootkit scan:

 

  • Please scan your system with GMER

     

     

    Posted Image

    Download GMER Rootkit Scanner from here or here.

    • Extract the contents of the zipped file to desktop.
    • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent.
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

  • Save it where you can easily find it, such as your desktop, and post it in your reply.

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries

 

Please post the GMER log in your next reply. If you encounter any problems with the scan come back and let me know.

 

Link to comment
Share on other sites

Hi JonTom,

 

Thank you for your help. Below are the results from the rootkit scan. Please let me know what the next step will be.

 

Thanks again,

Molly

 

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2011-08-06 12:40:38

Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK1032GSX rev.AS022D

Running: gmer.exe; Driver: C:\DOCUME~1\MOLLYG~1\LOCALS~1\Temp\fxtdypod.sys

 

 

---- System - GMER 1.0.15 ----

 

SSDT 861C4050 ZwAlertResumeThread

SSDT 867F8050 ZwAlertThread

SSDT 860AE310 ZwAllocateVirtualMemory

SSDT 861C2050 ZwAssignProcessToJobObject

SSDT 86908920 ZwConnectPort

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xAA2B5130]

SSDT 860B4438 ZwCreateMutant

SSDT 860AAD98 ZwCreateSymbolicLinkObject

SSDT 8610D9B8 ZwCreateThread

SSDT 8681D050 ZwDebugActiveProcess

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xAA2B53B0]

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAA2B5910]

SSDT 860AE3E8 ZwDuplicateObject

SSDT 86832008 ZwFreeVirtualMemory

SSDT 867F7050 ZwImpersonateAnonymousToken

SSDT 8681E050 ZwImpersonateThread

SSDT 86DE1968 ZwLoadDriver

SSDT 86832080 ZwMapViewOfSection

SSDT 867F6050 ZwOpenEvent

SSDT 86800930 ZwOpenProcess

SSDT 861C6070 ZwOpenProcessToken

SSDT 867F4050 ZwOpenSection

SSDT 868008A0 ZwOpenThread

SSDT 860B4C90 ZwProtectVirtualMemory

SSDT 8683F688 ZwResumeThread

SSDT 8683D890 ZwSetContextThread

SSDT 860F8398 ZwSetInformationProcess

SSDT 861C3050 ZwSetSystemInformation

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAA2B5B60]

SSDT 867F5050 ZwSuspendProcess

SSDT 8681F050 ZwSuspendThread

SSDT 86802070 ZwTerminateProcess

SSDT 868392F0 ZwTerminateThread

SSDT 86801890 ZwUnmapViewOfSection

SSDT 8682A118 ZwWriteVirtualMemory

 

---- Kernel code sections - GMER 1.0.15 ----

Link to comment
Share on other sites

Hello mgrainger

 

Thank you for the logs.

 

  • Security Programs

     

     

    • I can see from your log that you have a number of real-time security programs running, namely AVG 2011 and Norton AntiVirus.
    • Whilst both of these programs provide good security, they may clash with each other which can leave your system vulnerable to infection.
    • You are advised to remove one of these programs.
    • Please make sure that you only have ONE Firewall and ONE real-time Antivirus running on your system.

  • P2P Programs:

     

     

    • P2P programs are a major source of Malware infections.
    • From your log I see you have LimeWire 5.5.10. We do not pass judgment on file-sharing, however we must inform you that engaging in this activity and having this kind of software installed on your system will always make you more susceptible to Malware infections.
    • The use of P2P programs may be contributing to your current situation, and you would certainly be doing yourself a favour by removing them.
    • If you wish to keep the program(s), please do not use them until your computer is cleaned.

    • Information regarding the risk of using these programs can be found from here and here.

    • It is strongly recommend that you uninstall any P2P programs you have on your system.

    • To do this, Click on "Start" then on "Control Panel" and then on "Add or remove programs".
    • A list of currently installed programs will be displayed.
    • Find the "LimeWire 5.5.10" program, click on it once and then click on the "Remove" button.
    • If you are prompted to re-boot your computer to complete the uninstall please do so.

       

       

      PLEASE NOTE:

    • Even if you are using a P2P program that is deemed safe, it is only the program that is safe. Any files that you receive using a "safe" P2P program may be infected with Malware. The malware writers use P2P file-sharing as a major conduit to spread infected files.

  • Please un-install the following

     

     

    • Click on "Start" then on "Control Panel" and then on "Add or remove programs".
    • Click on "remove a program". A list of currently installed programs will be displayed.
    • Find the "ask toolbar" program, click on it once and then click on the "uninstall" button.
    • If you are prompted to re-boot your computer to complete the uninstall please do so.
    • Repeat for "Java 2 Runtime Environment, SE v1.4.2_03"

  • Combofix

     

     

    • Download ComboFix from one of the following locations:

       

      Link 1

      Link 2

    • VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

    • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here .
    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Posted Image

     

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image

     

    • Click on Yes, to continue scanning for malware.
    • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
    • Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    • Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
    • Should there be issues with internet afterward:

       

      In IE: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings -> uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

       

      In Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.

    Please post the ComboFix log in your next reply.

Link to comment
Share on other sites

Hi JonTom,

 

I have taken your advice and removed the Limeware software and the Java update software. However, I was unable to find the "ask toolbar" program under the add/remove programs function of the control panel. I would appreciated it if you could suggest another method for removal. Also, I ran the Combofix scan, the log for which I have included below. Thanks again, and let me know if I need to take any other additional steps.

 

Molly

 

ComboFix 11-08-06.02 - Molly G 08/06/2011 20:53:01.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.127 [GMT -4:00]

Running from: c:\documents and settings\Molly G\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\wbem\raddrv.dll

.

---- Previous Run -------

.

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico

c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\per6qyu9.default\extensions\{801944e1-9c7e-4a1f-afbf-0984401d3b8b}\chrome.manifest

c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\per6qyu9.default\extensions\{801944e1-9c7e-4a1f-afbf-0984401d3b8b}\chrome\xulcache.jar

c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\per6qyu9.default\extensions\{801944e1-9c7e-4a1f-afbf-0984401d3b8b}\defaults\preferences\xulcache.js

c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\per6qyu9.default\extensions\{801944e1-9c7e-4a1f-afbf-0984401d3b8b}\install.rdf

c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\78xopkw6.default\extensions\{801944e1-9c7e-4a1f-afbf-0984401d3b8b}\chrome.manifest

c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\78xopkw6.default\extensions\{801944e1-9c7e-4a1f-afbf-0984401d3b8b}\chrome\xulcache.jar

c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\78xopkw6.default\extensions\{801944e1-9c7e-4a1f-afbf-0984401d3b8b}\defaults\preferences\xulcache.js

c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\78xopkw6.default\extensions\{801944e1-9c7e-4a1f-afbf-0984401d3b8b}\install.rdf

c:\documents and settings\Molly G\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp

c:\documents and settings\Molly G\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3).ddp

c:\documents and settings\Molly G\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(4).ddp

c:\documents and settings\Molly G\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp

c:\documents and settings\Molly G\Application Data\Mozilla\Firefox\Profiles\wfi6x042.default\extensions\{801944e1-9c7e-4a1f-afbf-0984401d3b8b}\chrome.manifest

c:\documents and settings\Molly G\Application Data\Mozilla\Firefox\Profiles\wfi6x042.default\extensions\{801944e1-9c7e-4a1f-afbf-0984401d3b8b}\chrome\xulcache.jar

c:\documents and settings\Molly G\Application Data\Mozilla\Firefox\Profiles\wfi6x042.default\extensions\{801944e1-9c7e-4a1f-afbf-0984401d3b8b}\defaults\preferences\xulcache.js

c:\documents and settings\Molly G\Application Data\Mozilla\Firefox\Profiles\wfi6x042.default\extensions\{801944e1-9c7e-4a1f-afbf-0984401d3b8b}\install.rdf

c:\documents and settings\Molly G\My Documents\~WRL0882.tmp

c:\documents and settings\Molly G\My Documents\~WRL0950.tmp

c:\documents and settings\Molly G\My Documents\~WRL1529.tmp

c:\documents and settings\Molly G\My Documents\~WRL2983.tmp

c:\documents and settings\Molly G\xclaocbgex.tmp

C:\install.exe

c:\windows\runbatch.com

c:\windows\system32\KIROJEKE.DLL

.

.

((((((((((((((((((((((((( Files Created from 2011-07-07 to 2011-08-07 )))))))))))))))))))))))))))))))

.

.

2011-08-07 01:04 . 2011-08-07 01:04 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2011-08-07 00:14 . 2009-08-06 23:24 21728 ----a-w- c:\windows\system32\wucltui.dll.mui

2011-08-07 00:14 . 2009-08-06 23:24 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2011-08-07 00:14 . 2009-08-06 23:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui

2011-08-07 00:14 . 2009-08-06 23:24 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui

2011-08-07 00:13 . 2011-08-07 00:31 -------- d-----w- c:\windows\LastGood

2011-08-05 03:23 . 2011-08-05 03:24 -------- d-----w- c:\documents and settings\Molly G\Local Settings\Application Data\CutePDF Writer

2011-08-05 02:42 . 2011-08-06 22:29 -------- d-----w- c:\program files\Acro Software

2011-08-02 23:14 . 2011-08-02 23:14 388096 ----a-r- c:\documents and settings\Molly G\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-08-02 23:14 . 2011-08-02 23:14 -------- d-----w- c:\program files\Trend Micro

2011-08-01 00:48 . 2011-08-01 00:48 -------- d-----w- C:\$AVG

2011-07-31 22:53 . 2011-07-31 22:53 -------- d-----w- c:\documents and settings\Molly G\Application Data\AVG10

2011-07-31 22:44 . 2011-07-31 22:44 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2011-07-31 22:36 . 2011-08-06 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10

2011-07-31 22:36 . 2011-08-06 13:31 -------- d-----w- c:\windows\system32\drivers\AVG

2011-07-31 22:33 . 2011-07-31 22:33 -------- d-----w- c:\program files\AVG

2011-07-31 22:13 . 2011-08-07 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-07-31 22:08 . 2011-07-31 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}

2011-07-29 03:11 . 2011-07-29 03:11 -------- d-----w- C:\ManageEngine

2011-07-29 02:29 . 2011-07-29 02:29 -------- d-----w- c:\documents and settings\Molly G\Local Settings\Application Data\PackageAware

2011-07-14 01:31 . 2011-07-14 01:31 -------- d-----w- c:\documents and settings\Molly G\Local Settings\Application Data\WinZip

2011-07-14 01:28 . 2011-07-14 01:28 -------- d-----w- c:\program files\Yontoo Layers

.

.

Link to comment
Share on other sites

Hello mgrainger

 

It looks as though the ComboFix log was cut off when you tried to post it.

 

Please post the entire log in your next reply. If you need to make more than one post to fit all of the information in go right ahead :)

Link to comment
Share on other sites

Here is the complete file. Sorry for the confusion.

 

ComboFix 11-08-06.02 - Molly G 08/06/2011 20:53:01.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.127 [GMT -4:00]

Running from: c:\documents and settings\Molly G\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\wbem\raddrv.dll

.

---- Previous Run -------

.

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico

c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\per6qyu9.default\extensions\{801944e1-9c7e-4a1f-afbf-0984401d3b8b}\chrome.manifest

c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\per6qyu9.default\extensions\{801944e1-9c7e-4a1f-afbf-0984401d3b8b}\chrome\xulcache.jar

c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\per6qyu9.default\extensions\{801944e1-9c7e-4a1f-afbf-0984401d3b8b}\defaults\preferences\xulcache.js

c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\per6qyu9.default\extensions\{801944e1-9c7e-4a1f-afbf-0984401d3b8b}\install.rdf

c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\78xopkw6.default\extensions\{801944e1-9c7e-4a1f-afbf-0984401d3b8b}\chrome.manifest

c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\78xopkw6.default\extensions\{801944e1-9c7e-4a1f-afbf-0984401d3b8b}\chrome\xulcache.jar

c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\78xopkw6.default\extensions\{801944e1-9c7e-4a1f-afbf-0984401d3b8b}\defaults\preferences\xulcache.js

c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\78xopkw6.default\extensions\{801944e1-9c7e-4a1f-afbf-0984401d3b8b}\install.rdf

c:\documents and settings\Molly G\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp

c:\documents and settings\Molly G\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3).ddp

c:\documents and settings\Molly G\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(4).ddp

c:\documents and settings\Molly G\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp

c:\documents and settings\Molly G\Application Data\Mozilla\Firefox\Profiles\wfi6x042.default\extensions\{801944e1-9c7e-4a1f-afbf-0984401d3b8b}\chrome.manifest

c:\documents and settings\Molly G\Application Data\Mozilla\Firefox\Profiles\wfi6x042.default\extensions\{801944e1-9c7e-4a1f-afbf-0984401d3b8b}\chrome\xulcache.jar

c:\documents and settings\Molly G\Application Data\Mozilla\Firefox\Profiles\wfi6x042.default\extensions\{801944e1-9c7e-4a1f-afbf-0984401d3b8b}\defaults\preferences\xulcache.js

c:\documents and settings\Molly G\Application Data\Mozilla\Firefox\Profiles\wfi6x042.default\extensions\{801944e1-9c7e-4a1f-afbf-0984401d3b8b}\install.rdf

c:\documents and settings\Molly G\My Documents\~WRL0882.tmp

c:\documents and settings\Molly G\My Documents\~WRL0950.tmp

c:\documents and settings\Molly G\My Documents\~WRL1529.tmp

c:\documents and settings\Molly G\My Documents\~WRL2983.tmp

c:\documents and settings\Molly G\xclaocbgex.tmp

C:\install.exe

c:\windows\runbatch.com

c:\windows\system32\KIROJEKE.DLL

.

.

((((((((((((((((((((((((( Files Created from 2011-07-07 to 2011-08-07 )))))))))))))))))))))))))))))))

.

.

2011-08-07 01:04 . 2011-08-07 01:04 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2011-08-07 00:14 . 2009-08-06 23:24 21728 ----a-w- c:\windows\system32\wucltui.dll.mui

2011-08-07 00:14 . 2009-08-06 23:24 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2011-08-07 00:14 . 2009-08-06 23:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui

2011-08-07 00:14 . 2009-08-06 23:24 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui

2011-08-07 00:13 . 2011-08-07 00:31 -------- d-----w- c:\windows\LastGood

2011-08-05 03:23 . 2011-08-05 03:24 -------- d-----w- c:\documents and settings\Molly G\Local Settings\Application Data\CutePDF Writer

2011-08-05 02:42 . 2011-08-06 22:29 -------- d-----w- c:\program files\Acro Software

2011-08-02 23:14 . 2011-08-02 23:14 388096 ----a-r- c:\documents and settings\Molly G\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-08-02 23:14 . 2011-08-02 23:14 -------- d-----w- c:\program files\Trend Micro

2011-08-01 00:48 . 2011-08-01 00:48 -------- d-----w- C:\$AVG

2011-07-31 22:53 . 2011-07-31 22:53 -------- d-----w- c:\documents and settings\Molly G\Application Data\AVG10

2011-07-31 22:44 . 2011-07-31 22:44 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2011-07-31 22:36 . 2011-08-06 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10

2011-07-31 22:36 . 2011-08-06 13:31 -------- d-----w- c:\windows\system32\drivers\AVG

2011-07-31 22:33 . 2011-07-31 22:33 -------- d-----w- c:\program files\AVG

2011-07-31 22:13 . 2011-08-07 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-07-31 22:08 . 2011-07-31 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}

2011-07-29 03:11 . 2011-07-29 03:11 -------- d-----w- C:\ManageEngine

2011-07-29 02:29 . 2011-07-29 02:29 -------- d-----w- c:\documents and settings\Molly G\Local Settings\Application Data\PackageAware

2011-07-14 01:31 . 2011-07-14 01:31 -------- d-----w- c:\documents and settings\Molly G\Local Settings\Application Data\WinZip

2011-07-14 01:28 . 2011-07-14 01:28 -------- d-----w- c:\program files\Yontoo Layers

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-03 18:59 . 2007-08-14 02:21 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-08-07_00.09.02 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-08-07 00:14 . 2009-08-06 23:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll

+ 2011-08-07 00:14 . 2009-08-06 23:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll

+ 2011-08-07 00:14 . 2005-05-26 08:16 18200 c:\windows\LastGood\system32\wups2.dll

+ 2011-08-07 00:14 . 2005-05-26 08:16 41240 c:\windows\LastGood\system32\wups.dll

+ 2011-08-07 00:14 . 2005-05-26 08:16 75544 c:\windows\LastGood\system32\cdm.dll

+ 2004-08-10 18:02 . 2009-08-06 23:24 209632 c:\windows\system32\dllcache\wuweb.dll

+ 2011-08-07 00:14 . 2005-05-26 08:16 173536 c:\windows\LastGood\system32\wuweb.dll

+ 2011-08-07 00:14 . 2005-05-26 08:16 127256 c:\windows\LastGood\system32\wucltui.dll

+ 2011-08-07 00:14 . 2005-05-26 08:16 124184 c:\windows\LastGood\system32\wuauclt.exe

+ 2011-08-07 00:14 . 2005-05-26 08:16 465176 c:\windows\LastGood\system32\wuapi.dll

+ 2011-08-07 00:14 . 2005-05-26 08:16 1343768 c:\windows\LastGood\system32\wuaueng.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2011-05-30 15:33 2495816 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

2011-02-28 22:11 191488 ------w- c:\program files\Yontoo Layers\YontooIEClient.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-05-30 2495816]

.

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Molly G\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Molly G\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Molly G\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Molly G\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]

"Aim6"="" [bU]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 68856]

"Logitech Vid"="c:\program files\Logitech\Vid\Vid.exe" [2010-05-11 6061400]

"Logitech Vid HD"="c:\program files\Logitech\Vid\vid.exe" [2010-05-11 6061400]

"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]

"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 397312]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-03 30192]

"EPSON Stylus C88 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE" [2005-01-27 98304]

"HostManager"="c:\program files\Common Files\AOL\1159731885\ee\AOLSoftware.exe" [2006-05-10 50760]

"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]

"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

"f8d82f74"="c:\windows\system32\hovadojo.dll" [bU]

"CPMfbeb1ce8"="c:\windows\system32\kirojeke.dll" [bU]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-07 274608]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]

"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]

"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [bU]

.

c:\documents and settings\Molly G\Start Menu\Programs\Startup\

Dropbox.lnk - c:\documents and settings\Molly G\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

Seagate Product Registration.lnk - [N/A]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [N/A]

Kaspersky Security Scan.lnk - c:\program files\Kaspersky Security Scan\KSS.exe [2010-11-29 2402696]

Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-4 176128]

KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-2-9 610120]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Logitech\\Vid\\Vid.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 8:13 AM 22992]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1008000.029\SymEFA.sys [2/2/2010 9:21 AM 310320]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 248656]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4/5/2011 12:59 AM 297168]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1008000.029\BHDrvx86.sys [2/2/2010 9:21 AM 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1008000.029\cchpx86.sys [2/2/2010 9:20 AM 482432]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110805.030\IDSXpx86.sys [8/5/2011 10:02 PM 355256]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]

R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe [2/2/2010 9:21 AM 117640]

R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [4/1/2011 1:11 AM 428640]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/30/2011 11:27 AM 105592]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys --> c:\windows\system32\DRIVERS\avgrkx86.sys [?]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [4/18/2011 5:39 PM 7398752]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/18/2010 12:01 AM 135664]

S2 MSInstrumentService;Windows Management Instrumentation Server;c:\windows\system32\wbem\wmiservice.exe [11/5/2006 3:07 AM 214016]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [7/31/2011 6:43 PM 1025352]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/28/2006 10:16 AM 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/18/2010 12:01 AM 135664]

S3 wmamp3DriverV32;wmamp3DriverV32;c:\windows\system32\drivers\wmamp3DriverV32.sys [1/5/2011 11:18 PM 23608]

S4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

S4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - AVGIDSAGENT

*NewlyCreated* - AVGWD

*NewlyCreated* - WUAUSERV

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-18 04:00]

.

2011-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-18 04:00]

.

2011-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4055575137-4197788403-1815742158-1006Core.job

- c:\documents and settings\Molly G\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-01 18:28]

.

2011-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4055575137-4197788403-1815742158-1006UA.job

- c:\documents and settings\Molly G\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-01 18:28]

.

2006-05-24 c:\windows\Tasks\ISP signup reminder 1.job

- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 10:00]

.

2011-08-06 c:\windows\Tasks\Norton Security Scan for Molly G.job

- c:\progra~1\NORTON~3\Engine\301~1.8\Nss.exe [2011-01-20 08:19]

.

2011-08-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-4055575137-4197788403-1815742158-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

.

2011-08-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4055575137-4197788403-1815742158-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://extranet.cchmc.org/+CSCOL+/csvrloader32.cab

FF - ProfilePath - c:\documents and settings\Molly G\Application Data\Mozilla\Firefox\Profiles\wfi6x042.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage - hxxp://online.wsj.com/home-page

FF - prefs.js: keyword.URL -

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com

FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa

FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe

AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-08-06 21:22

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"

.

Completion time: 2011-08-06 21:30:03

ComboFix-quarantined-files.txt 2011-08-07 01:29

.

Pre-Run: 10,339,135,488 bytes free

Post-Run: 10,251,481,088 bytes free

.

- - End Of File - - 71A4AA6EAD1435F0B8E53BD309F6FCE2

Link to comment
Share on other sites

Hello mgrainger

 

Sorry for the confusion

No problem :)

 

ComboFix is still detecting the presence of two antivirus programs. Did you uninstall one? Whilst it may seem that more antivirus programs equals more protection, the opposite is actually true. Please make sure that you uninstall either AVG or Norton and let me know when you have done so.

 

I notice that this machine has not yet been updated to XP SP3. Is there any particular reason why you have not yet upgraded?

Please do let me know.

 

Before we continue I would like to review the log produced from the following tool:

 

  • MGADiag

     

     

  • Please download MGADiag by clicking here and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Push Posted Image
  • Push Posted Image
  • Go to Start -> Run and type in "Notepad"
  • Go to Edit -> Paste in notepad.
  • "x" out all of the numbers and letters in the line beginning with "Windows Product Key:"
  • Copy and paste that log here.
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...