Jump to content

Welcome to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message and all ads will be removed once you have signed in.
Create an Account Login to Account

"rundll32.exe - Bad image" keeps popping up [Solved]


  • This topic is locked This topic is locked

#1
computer1210

computer1210

    Member

  • Member
  • PipPip
  • 24 posts
Each time I turn on my computer, the following 2 boxes now keep popping up. I've also noticed that my computer is now running slower. What do these error messages mean and how can I fix them?


Box 1 says:
"rundll32.exe - Bad image. The application or DLL C:\WINDOWS\system32\notepad.dll is not a valid Windows image. Please check this against your installation diskette"


Box 2 says:
"Error loading C:\WINDOWS\system32\notepad.dll %1 is not a valid Win32 application."


I've searched the Internet and can not find a simple explanation since I don't know much about computers. I have the following programs on computer and they have all performed an up to date scan and says everything is fine - Norton 360, Spybot S&D, and Wise Disk Cleaner 4.

Any help would be much appreciated. I can't afford for my computer to go down, since I need it every day for school.

Thank you.
  • 0

Advertisement


#2
CatByte

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,590 posts
  • MVP
Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.pif to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT


Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and post it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

  • 0

#3
computer1210

computer1210

    Member

  • Member
  • PipPip
  • 24 posts
Thanks for your reply and assistance, however, I've had some troubles following through with your instructions.

These are the reports from running the DDS thing.



DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/13/2006 1:40:32 PM
System Uptime: 12/30/2009 10:15:43 AM (0 hours ago)

Motherboard: Dell Inc. | | 0RT486
Processor: Intel® Core™2 CPU T5600 @ 1.83GHz | Microprocessor | 1828/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 105 GiB total, 10.737 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 12/19/2009 7:07:51 AM - System Checkpoint
RP2: 12/19/2009 7:42:45 AM - Installed Windows Defender
RP3: 12/19/2009 7:47:26 AM - Software Distribution Service 3.0
RP4: 12/19/2009 9:12:12 AM - Software Distribution Service 3.0
RP5: 12/19/2009 10:52:53 AM - Windows Defender Checkpoint
RP6: 12/19/2009 2:01:50 PM - Windows Defender Checkpoint
RP7: 12/19/2009 10:34:54 PM - Installed AVG 9.0
RP8: 12/21/2009 11:04:13 AM - Removed AVG 9.0
RP9: 12/21/2009 11:08:18 AM - Installed AVG 9.0
RP10: 12/21/2009 11:36:31 PM - Software Distribution Service 3.0
RP11: 12/22/2009 1:19:20 AM - Norton 360 Registry Clean
RP12: 12/24/2009 10:39:38 AM - Software Distribution Service 3.0
RP13: 12/27/2009 9:44:59 PM - System Checkpoint
RP14: 12/28/2009 2:29:15 PM - Software Distribution Service 3.0
RP15: 12/29/2009 9:15:12 AM - Start screen rundll32.exe errors

==== Installed Programs ======================

ACDSee 5.0 Standard
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 7.0
Adobe Photoshop.com Inspiration Browser
Adobe Reader 7.0.9
AiO_Scan_CDA
Andrea VoiceCenter
AppCore
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AviSynth 2.5
Backup
Bonjour
Broadcom Management Programs
Canon MF3200 Series
ccCommon
Conexant HDA D110 MDC V.92 Modem
ConsumerUpdate
Creative Audio Pack
Creative MediaSource 5
Data Lifeguard Diagnostic for Windows
Dell Support 3.2.1
Dell Support Center (Support Software)
Dell System Restore
Digital Line Detect
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EuroTalk Talk Now Plus!
GearDrvs
GemMaster Mystic
Google Toolbar for Internet Explorer
GoToAssist 8.0.0.480
High Definition Audio Driver Package - KB835221
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Photo and Imaging 2.0 - Photosmart Printer Series
HP Photosmart, Officejet and Deskjet 7.0.A
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software
iPhone Configuration Utility
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 2
LiveUpdate (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Logitech QuickCam Software
Logitech® Camera Driver
McAfee SiteAdvisor
mCore
mDriver
mDrWiFi
MediaDirect
Merriam-Webster 3.0
mHlpDell
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Office Small Business Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mIWA
mLogView
mMHouse
Modem Helper
mPfMgr
mPfWiz
mProSafe
MSN
mSSO
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWlsSafe
mWMI
mXML
mZConfig
Nero OEM
NetWaiting
Norton 360
Norton 360 HTMLHelp
Norton 360 Premier Edition (Symantec Corporation)
Norton Confidential Core
Otto
OutlookAddinSetup
Palm
PhotoshopdotcomInspirationBrowser
Photosmart 130,230,7150,7345,7350,7550 (Remove only)
Picasa 3
QFolder
QuickSet
QuickTime
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Safari
Scan
SearchAssist
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Skype Setup
Skype™ 4.1
Sonic Activation Module
Sonic Advanced Decoder
Sonic Encoders
Sonic Update Manager
Sound Blaster ADVANCED MB Drivers
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
SPBBC 32bit
Spybot - Search & Destroy
Symantec Real Time Storage Protection Component
Symantec Technical Support Controls
SymNet
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
WD Diagnostics
WD Drive Manager (x86)
WebFldrs XP
Webshots Desktop
Windows Defender
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Wise Disk Cleaner 4.84
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

12/27/2009 8:58:01 PM, error: Dhcp [1002] - The IP address lease 192.168.2.16 for the Network Card with network address 0018DEB30F10 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
12/27/2009 6:39:56 PM, error: Dhcp [1002] - The IP address lease 192.168.1.116 for the Network Card with network address 0018DEB30F10 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
12/26/2009 7:07:57 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
12/26/2009 6:52:06 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0018DEB30F10. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
12/26/2009 6:42:09 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
12/26/2009 11:16:42 AM, error: Dhcp [1002] - The IP address lease 192.168.1.116 for the Network Card with network address 0018DEB30F10 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
12/26/2009 10:34:16 AM, error: Dhcp [1002] - The IP address lease 192.168.1.159 for the Network Card with network address 0018DEB30F10 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
12/26/2009 10:10:33 AM, error: Dhcp [1002] - The IP address lease 192.168.1.136 for the Network Card with network address 0018DEB30F10 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================





DDS (Ver_09-12-01.01) - NTFSx86
Run by Greg at 10:26:04.70 on Wed 12/30/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.189 [GMT -5:00]

AV: Norton 360 Premier Edition *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 Premier Edition *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe Photoshop\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AGI\common\win32\PythonService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\DOCUME~1\Greg\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hphmon04.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\stacsv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Greg\Desktop\DDS Computer Program.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://ca.yahoo.com/?fr=fp-yie8
uSearch Page = hxxp://www.google.ca/hws/sb/dell-row-rel/en/side.html?channel=ca
uWindow Title = Windows Internet Explorer provided by Yahoo!
mSearchAssistant = hxxp://www.google.ca/hws/sb/dell-row-rel/en/side.html?channel=ca
uURLSearchHooks: AGSearchHook Class: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - c:\program files\agi\common\agcutils.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AGSearchHook Class: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - c:\program files\agi\common\agcutils.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [xsebbrdr] c:\documents and settings\greg\local settings\application data\rikvss\fxqdsysguard.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [HPHmon04] c:\windows\system32\hphmon04.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360 premier edition\osCheck.exe"
mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [LogitechVideo[inspector]] c:\program files\logitech\video\InstallHelper.exe /inspect
mRun: [LogitechCameraAssistant] c:\program files\logitech\video\CameraAssistant.exe
mRun: [HPHUPD04] "c:\program files\hp photosmart 11\hphinstall\unipatch\hphupd04.exe"
mRun: [notepad] rundll32.exe c:\windows\system32\notepad.dll,_IWMPEvents@0
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\greg\startm~1\programs\startup\scandisk.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-system: <NO NAME> =
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://costco.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\480\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli LTIT50.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

============= SERVICES / DRIVERS ===============

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe photoshop\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 AGWinService;AG Windows Service;c:\program files\agi\common\win32\pythonservice.exe [2008-11-14 10240]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-11-22 93320]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-12-6 1245064]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-7-24 102400]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-27 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20091229.052\NAVENG.SYS [2009-12-30 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20091229.052\NAVEX15.SYS [2009-12-30 1323568]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]

=============== Created Last 30 ================

2009-12-29 19:59:29 13312 ----a-w- c:\windows\system32\dllcache\htrn_jis.dll
2009-12-29 19:45:55 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-12-29 19:44:59 19551 ----a-w- c:\windows\system32\dllcache\watv02nt.sys
2009-12-29 19:43:56 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2009-12-29 19:42:57 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2009-12-29 19:41:58 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys
2009-12-29 19:40:59 16896 ----a-w- c:\windows\system32\dllcache\stcusb.sys
2009-12-29 19:39:58 24576 ----a-w- c:\windows\system32\dllcache\smc8000n.sys
2009-12-29 19:38:53 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2009-12-29 19:37:58 245632 ----a-w- c:\windows\system32\dllcache\s3savmx.dll
2009-12-29 19:36:56 37563 ----a-w- c:\windows\system32\dllcache\rlnet5.sys
2009-12-29 19:35:56 7168 ----a-w- c:\windows\system32\dllcache\pnrmc.sys
2009-12-29 19:34:59 41984 ----a-w- c:\windows\system32\dllcache\ovui2rc.dll
2009-12-29 19:33:54 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2009-12-29 19:32:59 128000 ----a-w- c:\windows\system32\dllcache\n100325.sys
2009-12-29 19:31:55 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
2009-12-29 19:30:59 727786 ----a-w- c:\windows\system32\dllcache\ltck000c.sys
2009-12-29 19:29:59 26624 ----a-w- c:\windows\system32\dllcache\irstusb.sys
2009-12-29 19:28:58 141056 ----a-w- c:\windows\system32\dllcache\icam3.sys
2009-12-29 19:27:58 57409 ----a-w- c:\windows\system32\dllcache\hrtz.dll
2009-12-29 19:26:59 1733120 ----a-w- c:\windows\system32\dllcache\g400d.dll
2009-12-29 19:25:59 34816 ----a-w- c:\windows\system32\dllcache\esuimg.dll
2009-12-29 19:24:59 50719 ----a-w- c:\windows\system32\dllcache\e1000nt5.sys
2009-12-29 19:23:59 86016 ----a-w- c:\windows\system32\dllcache\dc240usd.dll
2009-12-29 19:22:59 46108 ----a-w- c:\windows\system32\dllcache\cben5.sys
2009-12-29 19:21:59 9216 ----a-w- c:\windows\system32\dllcache\authfilt.dll
2009-12-29 19:20:51 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-12-29 19:20:39 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
2009-12-29 19:20:39 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
2009-12-29 19:20:38 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
2009-12-29 19:20:38 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
2009-12-29 19:20:36 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
2009-12-29 19:20:35 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2009-12-29 19:20:31 94720 ----a-w- c:\windows\system32\dllcache\certmap.ocx
2009-12-22 14:36:24 0 d-----w- c:\program files\Wise Disk Cleaner_Registry Cleaner
2009-12-20 03:46:39 0 dc-h--w- C:\$AVG
2009-12-20 03:35:53 0 d-----w- c:\program files\AVG
2009-12-20 03:34:57 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-12-20 03:31:29 0 d-----w- c:\docume~1\greg\applic~1\Uniblue
2009-12-20 02:34:35 0 d-----w- c:\windows\system32\Registry Patrol
2009-12-19 22:06:59 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-19 22:06:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-12-19 12:47:57 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-19 05:58:02 0 ----a-w- c:\windows\system32\29358.exe
2009-12-19 05:38:01 0 ----a-w- c:\windows\system32\11478.exe
2009-12-19 05:18:01 0 ----a-w- c:\windows\system32\15724.exe
2009-12-19 04:58:00 0 ----a-w- c:\windows\system32\19169.exe
2009-12-19 04:37:59 0 ----a-w- c:\windows\system32\26500.exe
2009-12-19 04:17:59 0 ----a-w- c:\windows\system32\6334.exe
2009-12-19 03:57:58 0 ----a-w- c:\windows\system32\18467.exe
2009-12-19 03:16:30 2951 ----a-w- c:\windows\agitokesikomeje.dll
2009-12-19 03:13:58 0 ----a-w- c:\windows\system32\41.exe
2009-12-19 03:13:29 2854 ----a-w- c:\windows\system32\critical_warning.html
2009-12-19 02:51:40 2951 ----a-w- c:\windows\iropelep.dll
2009-12-19 02:47:53 1 -c--a-w- C:\s
2009-12-17 20:00:35 0 d-----w- c:\program files\iPod
2009-12-17 20:00:01 0 d-----w- c:\program files\iTunes

==================== Find3M ====================

2009-12-30 15:16:05 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-10-28 14:40:47 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\dllcache\raschap.dll
2009-10-10 17:47:12 578 ----a-w- c:\docume~1\greg\applic~1\wklnhst.dat
2009-04-18 14:45:06 251 ----a-w- c:\program files\wt3d.ini
2003-09-16 06:19:48 99544 ----a-w- c:\windows\inf\virprn.exe
2003-09-16 06:19:48 18950 ----a-w- c:\windows\inf\virpntd.dll
2003-09-16 06:19:48 10240 ----a-w- c:\windows\inf\virport.dll
2003-09-16 06:19:46 90624 ----a-w- c:\windows\inf\prtproc.dll
2009-03-21 14:06:58 0 --sha-w- c:\windows\system32\notepad.dll
2008-11-20 18:48:49 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008112020081121\index.dat

============= FINISH: 10:27:12.50 ===============



I've been experiencing lots of problems running the GMER scan. Each time I run it, my computer reacts extremely slow and keeps freezing my computer so that no buttons respond. I need to do a hard boot each time. I've closed all other running programs, but I my computer still freezes each time I try to run the scan.

Any other ideas to help? Thank you.
  • 0

#4
CatByte

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,590 posts
  • MVP
Hi,

Leave the GMER scan for now, please do the following:


Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

  • 0

#5
computer1210

computer1210

    Member

  • Member
  • PipPip
  • 24 posts
Ok, so I was able to run ComboFix.

Here is the log it produced. What next?


ComboFix 09-12-30.01 - Greg 12/30/2009 23:51:04.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.244 [GMT -5:00]
Running from: c:\documents and settings\Greg\Desktop\ComboFix.exe
AV: Norton 360 Premier Edition *On-access scanning disabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 Premier Edition *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
.
The following files were disabled during the run:
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Greg\LOCALS~1\Temp\clclean.0001.dir.0008\~df394b.tmp
c:\documents and settings\Greg\Local Settings\Temp\clclean.0001.dir.0008\~df394b.tmp
c:\documents and settings\Greg\Start Menu\Programs\Startup\scandisk.lnk
C:\s
c:\windows\agitokesikomeje.dll
c:\windows\iropelep.dll
c:\windows\kb913800.exe
c:\windows\system32\11478.exe
c:\windows\system32\15724.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\26500.exe
c:\windows\system32\29358.exe
c:\windows\system32\41.exe
c:\windows\system32\6334.exe
c:\windows\system32\critical_warning.html
c:\windows\system32\Data
c:\windows\system32\ndisapi.dll
c:\windows\system32\notepad.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NDISRD
-------\Service_NDISRD


((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-31 )))))))))))))))))))))))))))))))
.

2009-12-20 03:34 . 2009-12-21 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-20 03:31 . 2009-12-20 03:31 -------- d-----w- c:\documents and settings\Greg\Application Data\Uniblue
2009-12-19 22:06 . 2009-12-19 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-02 13:44 . 2009-12-02 13:44 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-31 05:11 . 2006-12-06 15:10 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-31 05:04 . 2006-12-06 15:04 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-12-29 22:06 . 2009-12-22 14:36 -------- d-----w- c:\program files\Wise Disk Cleaner_Registry Cleaner
2009-12-29 03:18 . 2009-01-16 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-12-26 23:22 . 2008-01-16 07:00 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-25 17:19 . 2006-12-15 00:30 -------- d-----w- c:\documents and settings\Greg\Application Data\Skype
2009-12-25 15:21 . 2009-08-21 19:51 -------- d-----w- c:\documents and settings\Greg\Application Data\skypePM
2009-12-24 21:29 . 2006-12-06 15:14 -------- d-----w- c:\program files\Google
2009-12-20 03:35 . 2009-12-20 03:35 -------- d-----w- c:\program files\AVG
2009-12-19 22:12 . 2009-12-19 22:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-19 12:43 . 2009-12-19 12:42 -------- d-----w- c:\program files\Windows Defender
2009-12-18 12:40 . 2008-11-22 05:31 -------- d-----w- c:\program files\McAfee
2009-12-17 20:01 . 2009-12-17 20:00 -------- d-----w- c:\program files\iTunes
2009-12-17 20:00 . 2009-12-17 20:00 -------- d-----w- c:\program files\iPod
2009-12-17 20:00 . 2008-01-13 17:34 -------- d-----w- c:\program files\Common Files\Apple
2009-12-17 19:52 . 2009-12-17 19:51 -------- d-----w- c:\program files\QuickTime
2009-12-17 19:43 . 2009-12-17 19:43 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-17 19:41 . 2008-04-10 02:59 -------- d-----w- c:\program files\Safari
2009-12-17 19:35 . 2009-12-17 19:35 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-12-02 07:17 . 2006-12-18 04:40 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-29 13:41 . 2006-12-14 04:11 -------- d-----w- c:\documents and settings\Greg\Application Data\U3
2009-11-19 19:26 . 2009-11-19 19:26 -------- d-----w- c:\program files\Microsoft
2009-11-03 01:42 . 2009-12-19 12:47 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:45 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2005-08-16 10:18 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2005-08-16 10:18 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 05:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2005-08-16 10:18 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2005-08-16 10:18 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2005-08-16 10:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-10 17:47 . 2006-12-17 04:31 578 ----a-w- c:\documents and settings\Greg\Application Data\wklnhst.dat
2009-04-18 14:45 . 2009-04-18 14:45 251 ----a-w- c:\program files\wt3d.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "c:\program files\AGI\common\agcutils.dll" [2009-12-31 43520]

[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{647B16D8-AD7B-4983-82D7-82A270FC9E6D}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}]
2009-12-31 01:51 43520 ----a-w- c:\program files\AGI\common\agcutils.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-09 761947]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MBMon"="CTMBHA.DLL" [2006-06-29 1355042]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-05-04 237568]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-14 98304]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-14 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-14 77824]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-11-22 348160]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360 Premier Edition\osCheck.exe" [2008-02-26 988512]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-02-16 1118208]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-07-24 450560]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 221184]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2006-05-04 14:32 73728]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2006-05-04 489472]
"HPHUPD04"="c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-11-22 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-6 24576]
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2007-10-17 19:04 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Post-it® Software Notes Lite.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Post-it® Software Notes Lite.lnk
backup=c:\windows\pss\Post-it® Software Notes Lite.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-05-02 22:16 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Adobe Photoshop\\Photoshop Elements 7.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe Photoshop\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 11:03 AM 169312]
R2 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [11/14/2008 10:50 AM 10240]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 2:37 PM 149352]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/22/2008 12:32 AM 93320]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [7/24/2008 2:22 PM 102400]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/27/2009 11:37 AM 102448]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 9:32 PM 23888]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2009-12-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-12-31 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2009-12-31 c:\windows\Tasks\User_Feed_Synchronization-{36753655-55D3-4820-82AD-60FE89D26704}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

2009-12-23 c:\windows\Tasks\Wise Disk Cleaner 4.job
- c:\program files\Wise Disk Cleaner_Registry Cleaner\WiseDiskCleaner.exe [2009-12-22 19:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ca.yahoo.com/?fr=fp-yie8
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKCU-Run-xsebbrdr - c:\documents and settings\Greg\Local Settings\Application Data\rikvss\fxqdsysguard.exe
Notify-WgaLogon - (no file)
MSConfigStartUp-notepad - c:\windows\system32\notepad.dll
MSConfigStartUp-Virtual PDF Printer - c:\program files\Virtual PDF Printer\VirtualPDFPrinter.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-31 00:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1332)
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(8936)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\stacsv.exe
c:\windows\system32\wdfmgr.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rundll32.exe
c:\windows\stsystra.exe
c:\windows\system32\Rundll32.exe
c:\docume~1\Greg\LOCALS~1\Temp\clclean.0001
c:\windows\system32\igfxsrvc.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2009-12-31 00:30:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-31 05:30

Pre-Run: 13,403,639,808 bytes free
Post-Run: 13,431,427,072 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 7AF528B8D479F3C78CD60DF20022F586
  • 0

#6
CatByte

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,590 posts
  • MVP
Hi,

please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.geekstogo.com/forum/rundll32-exe-Bad-image-keeps-popping-up-t263233.html&view=findpost&p=1722327#entry1722327

Collect::
c:\windows\system32\drivers\lvuvc.hs

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.


NEXT


Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.

    Posted Image
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply


In your next reply please include
  • ComboFix Log
  • MBAM Log
  • Kaspersky report

Edited by CatByte, 31 December 2009 - 12:10 AM.

  • 0

#7
computer1210

computer1210

    Member

  • Member
  • PipPip
  • 24 posts
Here is the result for the CFScript log.

ComboFix 09-12-30.04 - Greg 12/31/2009 10:22:59.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.410 [GMT -5:00]
Running from: c:\documents and settings\Greg\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Greg\Desktop\CFScript.txt
AV: Norton 360 Premier Edition *On-access scanning disabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 Premier Edition *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

file zipped: c:\windows\system32\drivers\lvuvc.hs
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Greg\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\documents and settings\Greg\Local Settings\temp\clclean.0001.dir.0000\~df394b.tmp
c:\windows\system32\drivers\lvuvc.hs

.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-31 )))))))))))))))))))))))))))))))
.

2009-12-30 04:11 . 2009-12-30 04:14 -------- d-----w- c:\documents and settings\Greg\Local Settings\Application Data\Deployment
2009-12-29 19:59 . 2004-08-10 11:00 13312 ----a-w- c:\windows\system32\dllcache\htrn_jis.dll
2009-12-29 19:45 . 2004-08-04 03:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-12-29 19:44 . 2004-08-04 03:29 19551 ----a-w- c:\windows\system32\dllcache\watv02nt.sys
2009-12-29 19:43 . 2001-08-17 18:28 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2009-12-29 19:42 . 2001-08-17 17:51 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2009-12-29 19:41 . 2001-08-17 17:13 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys
2009-12-29 19:40 . 2004-08-10 11:00 16896 ----a-w- c:\windows\system32\dllcache\status.dll
2009-12-29 19:39 . 2001-08-17 17:12 24576 ----a-w- c:\windows\system32\dllcache\smc8000n.sys
2009-12-29 19:38 . 2001-07-21 19:29 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2009-12-29 19:37 . 2001-08-17 19:56 245632 ----a-w- c:\windows\system32\dllcache\s3savmx.dll
2009-12-29 19:36 . 2001-08-17 17:12 37563 ----a-w- c:\windows\system32\dllcache\rlnet5.sys
2009-12-29 19:35 . 2004-08-10 11:00 131584 ----a-w- c:\windows\system32\dllcache\pmxviceo.dll
2009-12-29 19:34 . 2001-08-18 03:36 41984 ----a-w- c:\windows\system32\dllcache\ovui2rc.dll
2009-12-29 19:33 . 2001-08-17 18:47 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2009-12-29 19:32 . 2001-08-17 17:11 128000 ----a-w- c:\windows\system32\dllcache\n100325.sys
2009-12-29 19:31 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
2009-12-29 19:30 . 2001-08-17 18:28 727786 ----a-w- c:\windows\system32\dllcache\ltck000c.sys
2009-12-29 19:29 . 2001-08-17 18:49 26624 ----a-w- c:\windows\system32\dllcache\irstusb.sys
2009-12-29 19:28 . 2001-08-17 19:05 141056 ----a-w- c:\windows\system32\dllcache\icam3.sys
2009-12-29 19:27 . 2004-08-10 11:00 57409 ----a-w- c:\windows\system32\dllcache\hrtz.dll
2009-12-29 19:26 . 2001-08-17 19:56 1733120 ----a-w- c:\windows\system32\dllcache\g400d.dll
2009-12-29 19:25 . 2004-08-10 11:00 31744 ----a-w- c:\windows\system32\dllcache\esucmd.dll
2009-12-29 19:24 . 2001-08-17 17:12 50719 ----a-w- c:\windows\system32\dllcache\e1000nt5.sys
2009-12-29 19:23 . 2001-08-18 03:36 86016 ----a-w- c:\windows\system32\dllcache\dc240usd.dll
2009-12-29 19:22 . 2001-08-17 17:13 46108 ----a-w- c:\windows\system32\dllcache\cben5.sys
2009-12-29 19:21 . 2004-08-10 11:00 9216 ----a-w- c:\windows\system32\dllcache\authfilt.dll
2009-12-29 19:20 . 2001-08-17 19:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-12-29 19:20 . 2004-08-10 11:00 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
2009-12-29 19:20 . 2004-08-10 11:00 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
2009-12-29 19:20 . 2004-08-10 11:00 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
2009-12-29 19:20 . 2004-08-10 11:00 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
2009-12-29 19:20 . 2004-08-10 11:00 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
2009-12-29 19:20 . 2004-08-10 11:00 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2009-12-24 20:00 . 2009-12-24 20:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2009-12-22 14:36 . 2009-12-29 22:06 -------- d-----w- c:\program files\Wise Disk Cleaner_Registry Cleaner
2009-12-20 03:46 . 2009-12-20 04:51 -------- dc----w- C:\$AVG
2009-12-20 03:35 . 2009-12-20 03:35 -------- d-----w- c:\program files\AVG
2009-12-20 03:34 . 2009-12-21 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-20 03:31 . 2009-12-20 03:31 -------- d-----w- c:\documents and settings\Greg\Application Data\Uniblue
2009-12-20 02:34 . 2009-12-20 02:34 -------- d-----w- c:\windows\system32\Registry Patrol
2009-12-19 22:06 . 2009-12-19 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-19 22:06 . 2009-12-19 22:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-19 12:47 . 2009-11-03 01:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-19 12:42 . 2009-12-19 12:43 -------- d-----w- c:\program files\Windows Defender
2009-12-19 02:47 . 2009-12-19 03:27 -------- d-----w- c:\documents and settings\Greg\Local Settings\Application Data\rikvss
2009-12-19 02:36 . 2009-12-19 02:43 -------- d-----w- c:\documents and settings\Greg\Local Settings\Application Data\WMTools Downloaded Files
2009-12-17 20:00 . 2009-12-17 20:00 -------- d-----w- c:\program files\iPod
2009-12-17 20:00 . 2009-12-17 20:01 -------- d-----w- c:\program files\iTunes
2009-12-17 19:51 . 2009-12-17 19:52 -------- d-----w- c:\program files\QuickTime
2009-12-17 19:43 . 2009-12-17 19:43 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-17 19:35 . 2009-12-17 19:35 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-12-02 13:44 . 2009-12-02 13:44 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-31 15:15 . 2006-12-06 15:10 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-29 03:18 . 2009-01-16 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-12-26 23:22 . 2008-01-16 07:00 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-25 17:19 . 2006-12-15 00:30 -------- d-----w- c:\documents and settings\Greg\Application Data\Skype
2009-12-25 15:21 . 2009-08-21 19:51 -------- d-----w- c:\documents and settings\Greg\Application Data\skypePM
2009-12-24 21:29 . 2006-12-06 15:14 -------- d-----w- c:\program files\Google
2009-12-18 12:40 . 2008-11-22 05:31 -------- d-----w- c:\program files\McAfee
2009-12-17 20:00 . 2008-01-13 17:34 -------- d-----w- c:\program files\Common Files\Apple
2009-12-17 19:41 . 2008-04-10 02:59 -------- d-----w- c:\program files\Safari
2009-12-02 07:17 . 2006-12-18 04:40 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-29 13:41 . 2006-12-14 04:11 -------- d-----w- c:\documents and settings\Greg\Application Data\U3
2009-11-19 19:26 . 2009-11-19 19:26 -------- d-----w- c:\program files\Microsoft
2009-10-29 07:45 . 2005-08-16 10:18 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2005-08-16 10:18 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2005-08-16 10:18 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 05:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2005-08-16 10:18 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2005-08-16 10:18 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2005-08-16 10:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-10 17:47 . 2006-12-17 04:31 578 ----a-w- c:\documents and settings\Greg\Application Data\wklnhst.dat
2009-04-18 14:45 . 2009-04-18 14:45 251 ----a-w- c:\program files\wt3d.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "c:\program files\AGI\common\agcutils.dll" [2009-12-31 43520]

[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{647B16D8-AD7B-4983-82D7-82A270FC9E6D}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}]
2009-12-31 15:08 43520 ----a-w- c:\program files\AGI\common\agcutils.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-09 761947]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MBMon"="CTMBHA.DLL" [2006-06-29 1355042]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-05-04 237568]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-14 98304]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-14 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-14 77824]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-11-22 348160]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360 Premier Edition\osCheck.exe" [2008-02-26 988512]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-02-16 1118208]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-07-24 450560]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 221184]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2006-05-04 14:32 73728]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2006-05-04 489472]
"HPHUPD04"="c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-11-22 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-6 24576]
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2007-10-17 19:04 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Post-it® Software Notes Lite.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Post-it® Software Notes Lite.lnk
backup=c:\windows\pss\Post-it® Software Notes Lite.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-05-02 22:16 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Adobe Photoshop\\Photoshop Elements 7.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe Photoshop\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 11:03 AM 169312]
R2 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [11/14/2008 10:50 AM 10240]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 2:37 PM 149352]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/22/2008 12:32 AM 93320]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [7/24/2008 2:22 PM 102400]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/27/2009 11:37 AM 102448]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 9:32 PM 23888]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2009-12-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-12-31 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2009-12-31 c:\windows\Tasks\User_Feed_Synchronization-{36753655-55D3-4820-82AD-60FE89D26704}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

2009-12-23 c:\windows\Tasks\Wise Disk Cleaner 4.job
- c:\program files\Wise Disk Cleaner_Registry Cleaner\WiseDiskCleaner.exe [2009-12-22 19:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ca.yahoo.com/?fr=fp-yie8
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-31 10:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1328)
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll
.
Completion time: 2009-12-31 10:40:41
ComboFix-quarantined-files.txt 2009-12-31 15:40
ComboFix2.txt 2009-12-31 05:30

Pre-Run: 13,427,585,024 bytes free
Post-Run: 13,405,560,832 bytes free

- - End Of File - - 1424E179B56A360340744380A5BCF50B
Upload was successful




This is the result of the Malwarebytes log. It said nothing was detected.

Malwarebytes' Anti-Malware 1.43
Database version: 3462
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/31/2009 10:56:59 AM
mbam-log-2009-12-31 (10-56-59).txt

Scan type: Quick Scan
Objects scanned: 131607
Time elapsed: 7 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



And now trying to run the Online Kaspersky scanner, it will not go any further than the Update page, saying that
"Launch of the Java application is interrupted! Please establish an uninterrupted Internet connection for work with this program."

I've restarted my computer and closed all other running programs. Plus I have stopped my installed Anti-virus program from running at the moment. I don't have any problems with my internet connection since I am still able to search other web pages and this message keeps re-occuring.
  • 0

#8
CatByte

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,590 posts
  • MVP
Hi,

Try this:

The Java Addon in IE or FF may be disabled.

In IE:
  • Go to Tools > Internet Options > Advanced tab.
  • Click Reset then OK and exit IE.
  • Re-open IE and ensure the Java add-ons are enabled.
Posted Image


In FireFox:
  • Open Firefox.
  • At the top of the Firefox window on the menu bar, click on the Tools menu, and select Options > Preferences
  • Select the Content panel.
  • Make sure that Enable Java is selected.

Posted Image


If it still will not run, try the following scan instead:

Go here to run an online scanner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.

  • 0

#9
computer1210

computer1210

    Member

  • Member
  • PipPip
  • 24 posts
So the Kaspersky scan worked this time. Here is the report.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, December 31, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, December 31, 2009 17:51:16
Records in database: 3419843
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 128109
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 05:05:39


File name / Threat / Threats count
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP7\A0000293.exe Infected: Trojan-Spy.Win32.Vbot.c 1

Selected area has been scanned.
  • 0

#10
CatByte

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,590 posts
  • MVP
Hi,

The item found is in a restore point, which we will be cleaning up now,

please do the following:

Visit ADOBEand download the latest version of Acrobat Reader (version 9.2)
Having the latest updates ensures there are no security vulnerabilities in your system.


NEXT


Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 17. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the "Download" button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: " I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Now go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH CheckedApplications and AppletsTrace and Log Files
  • Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


NEXT



Follow these steps to uninstall Combofix

  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image




NEXT

Now to remove the rest of the tools that we have used in fixing your machine:
  • Make sure you have an Internet Connection.
  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them

    Then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.


    WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox, IE and chrome.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.
  • 0

#11
computer1210

computer1210

    Member

  • Member
  • PipPip
  • 24 posts
THANK YOU VERY MUCH FOR YOUR SUPPORT!

My reported computer error seems to be fixed. I had searched on the internet for such a long time to find solutions without any progress, and I'm glad I came upon this site because it actually helps and it's easy to use.

Now my computer just takes a longer time than normal to turn on to the start home display screen. I need to find a solution for that.

Thank you! Problem resolved.
  • 0

#12
CatByte

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,590 posts
  • MVP
Hi,

Take a look at what programs are in your startup folder. You may have programs starting unneccessarily:

(Start > All programs > Start Up)

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve performance.
  • 0

#13
computer1210

computer1210

    Member

  • Member
  • PipPip
  • 24 posts
Thanks again. I'll give it a try.
  • 0

#14
CatByte

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,590 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisement




Similar Topics: "rundll32.exe - Bad image" keeps popping up [Solved]     x


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

featured