Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

...Bad Image...perfc000.dat is not a valid windows image...

Started by dsusbilla , Aug 02 2007 07:25 PM

  • Please log in to reply

#1
dsusbilla
Posted 02 August 2007 - 07:25 PM

dsusbilla

    New Member

  • Member
  • Pip
  • 1 posts
I really need help!. I have a really annoying error message "Bad image... The application of DDL...perfc000.dat is not a valid windows image. Please check this against your installation disk." This pops up numerous times as I start the computer or open up programs. It first started when McAfee quarantined perfc000.dat about 20 times in about half an hour. I restarted the computer and that's when this error message started. I ran to programs suggested in the "before you post on Hijack this forum"; the ATF cleaner, system restore, AVG in safe mode, Super Anti Spyware, Online Panda Active Scan (which I included below), Windows update, reboot test and finally Hijack this (the log is also below). I restared the computer and the problem is still there. Also, my desktop background mysteriously turned blue. Please advise, I really don't know what to do now. Thanks in advance for your assistance.

Diane :whistling:








Incident Status Location

Adware:adware/comet Not disinfected Windows Registry
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Owner\Desktop\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Spyware:Cookie/Com.com Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat[Documents and Settings/Owner/Cookies/[email protected][1].txt]
Spyware:Cookie/Belnk Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat[Documents and Settings/Owner/Cookies/[email protected][1].txt]
Spyware:Cookie/Belnk Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.dat[Documents and Settings/Owner/Cookies/[email protected][2].txt]
Spyware:Cookie/Azjmp Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\owner@azjmp[1].txt.dat[Documents and Settings/Owner/Cookies/owner@azjmp[1].txt]
Spyware:Cookie/Belnk Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\owner@belnk[1].txt.dat[Documents and Settings/Owner/Cookies/owner@belnk[1].txt]
Spyware:Cookie/Belnk Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\owner@belnk[2].txt.dat[Documents and Settings/Owner/Cookies/owner@belnk[2].txt]
Spyware:Cookie/bravenetA Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\owner@bravenet[1].txt.dat[Documents and Settings/Owner/Cookies/owner@bravenet[1].txt]
Spyware:Cookie/Belnk Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat[Documents and Settings/Owner/Cookies/[email protected][1].txt]
Spyware:Cookie/Belnk Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.dat[Documents and Settings/Owner/Cookies/[email protected][2].txt]
Spyware:Cookie/Xiti Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\owner@xiti[1].txt.dat[Documents and Settings/Owner/Cookies/owner@xiti[1].txt]
Spyware:Cookie/Xiti Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\owner@xiti[2].txt.dat[Documents and Settings/Owner/Cookies/owner@xiti[2].txt]
Spyware:Cookie/Yadro Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\owner@yadro[1].txt.dat[Documents and Settings/Owner/Cookies/owner@yadro[1].txt]




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:34:38 PM, on 8/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\ATI Technologies\ATI Control

Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter

Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page

= http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search

Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page

= http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet

Explorer\Search,CustomizeSearch =

http://www.security2...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class -

{227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program

files\mcafee.com\mps\mcbrhlpr.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}

- c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Adorons Easy Security -

{F2570A0D-001D-477D-93D1-D05EF5EB95CD} - C:\Program

Files\Adorons\Adorons Easy Security\ETB.dll
O3 - Toolbar: McAfee VirusScan -

{BA52B914-B692-46c4-B683-905236F6F655} -

c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital

Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program

Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common

Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI

Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card

Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder]

"C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software

Group\SpyHunter\SpyHunter.exe -scan
O4 - HKLM\..\Run: [mmtask] C:\Program

Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [VSOCheckTask]

"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program

Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program

Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe]

c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe]

C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe]

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe]

c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart

11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program

Files\Adobe\Photoshop Album Starter

Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSP Notifier] C:\Program

Files\Fisher-Price\FP3 Player\sspnotifier.exe
O4 - HKLM\..\Run: [Install.exe] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program

Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital

Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [H/PC Connection Agent]

"C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program

Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program

Files\palmOne\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk =

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program

Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program

Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &ieSpell Options -

res://C:\Documents and Settings\Owner\My

Documents\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling -

res://C:\Documents and Settings\Owner\My

Documents\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster -

file://C:\Documents and Settings\Owner\My

Documents\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia -

file://C:\Documents and Settings\Owner\My

Documents\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: ieSpell -

{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Documents and

Settings\Owner\My Documents\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell -

{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Documents and

Settings\Owner\My Documents\ieSpell\iespell.dll
O9 - Extra button: (no name) -

{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Documents and

Settings\Owner\My Documents\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options -

{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Documents and

Settings\Owner\My Documents\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite -

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -

C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) -

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -

C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... -

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -

C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) -

{F2570A0D-001D-477D-93D1-D05EF5EB95CD} - (no file)
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.adorons.com
O15 - Trusted Zone: *.altavista.com
O15 - Trusted Zone: *.comcast.net
O15 - Trusted Zone: *.mcafee.com
O15 - Trusted Zone: *.msn.com
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B}

(TTestGenXInstallObject) -

http://asp.mathxl.co...lers/TestGenXIn

stall.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com

Operating System Class) -

http://download.mcaf...tl/4,0,0,99/mci

nsctl.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D}

(HpProductDetection Class) -

http://h20270.www2.h...PProductDetecti

on.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson

Installation Assistant 2) -

http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan

Installer Class) -

http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}

(DwnldGroupMgr Class) -

http://download.mcaf...r/1,0,0,26/mcgd

mgr.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson

MathXL Player) -

http://asp.mathxl.co.../MathPlayer.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat
O20 - Winlogon Notify: !SASWinLogon - C:\Program

Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: instcat - 8@€ (file missing)
O20 - Winlogon Notify: 8@€ - 8@€ (file missing)
O20 - Winlogon Notify: ˜@H€ - ˜@H€ (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner -

C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. -

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -

Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee,

Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. -

c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee,

Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager

(mcupdmgr.exe) - McAfee, Inc -

C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) -

McAfee Corporation -

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP -

C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: StarWind iSCSI Service (StarWindService) -

Rocket Division Software - C:\Program Files\Alcohol

Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner

- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (file missing)

--
End of file - 13348 bytes
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP