Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

.exe - Bad Image problem.

This is a discussion on .exe - Bad Image problem. within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi, I seem to be having a problem with .exe - Bad Image errors and am hoping you guys can


 
 
Thread Tools Search this Thread
Old 06-11-2011, 07:41 PM   #1
Registered Member
 
Join Date: Jun 2011
Posts: 14
OS: windows vista



Hi, I seem to be having a problem with .exe - Bad Image errors and am hoping you guys can help me out. I'm not very computer savvy and this is my first time on a forum for problems like this, so please bear with me. The problem is thus: Every time I turn on my computer, I'm bombarded by bad image errors for just about everything. They typically look like this: "Logon UI.exe - Bad Image: c:/progra~1/Google/GOOGLE~2/GOEC62~1.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support." If I click "okay" or x out of the message, it's typically replaced by one more, then everything functions as normal until I try to do something else, and then I get another bad image message. It's not preventing me from using anything, but it's very, very annoying. I have tried running virus scans several times and they've come up with nothing, although my Malware Anti-Malware is unable to update itself for some reason. I get an error every time I try to update it. I also have AVG on my computer and Microsoft Security Essentials, as well as the Firefox no scripting thing. The only sites I visit online are email accounts, facebook, and Deviant Art, so I'm unsure how a virus, if it is one, got onto my computer in the first place. Um, that's all I can think of at the moment. I really hope you guys can help me. Please let me know if you need more information and what I can do to get my computer running normally again. Thanks! Akagitsune

__________________
akagitsune is offline  
Old 06-13-2011, 11:01 AM   #2
Security Team
Analyst
 
Join Date: Apr 2007
Location: Montreal, QC. Canada
Posts: 2,654
OS: Windows 2000 Pro. - Vista SP 2, W7



Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===



Print out these instructions as we may need to close every window that is open later in the fix.

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

Using the infected computer or the method above download these files.

RKill Download Link

FixNCR.reg

===

This infection changes settings on your computer so that when you launch an executable, a file ending with .exe, it will instead launch the infection rather than the desired program. To fix this we must first download a Registry file that will fix these changes.

Once that file is downloaded and saved on a removable devices, insert the removable device into the infected computer and open the folder the drive letter associated with it. You should now see the FixNCR.reg file that you had downloaded onto it. Double-click on the FixNCR.reg file to fix the Registry on your infected computer. You should now be able to run your normal executable programs and can proceed to the next step.

If you do not have any removable media or another clean computer that you can download the FixNCR.reg file onto, you can try and download it to your infected computer using another method. On the infected computer, right click on the Internet Explorer's icon, or any other browser's icon, and select Run As or Run as Administrator. If you are using Windows XP, you will be prompted to select a user and enter its password. It is suggested that you attempt to login as the Administrator user. For Windows 7 or Windows Vista, you will be prompted to enter your Administrator account password.

Once you enter the password, your browser will start and you can download the above FixNCR.reg file. When saving it, make sure you save it to a folder that can be accessed by your normal account. Remember, that you will be launching the browser as another user, so if you save it to a My Documents folder, it will not be your normal My Documents folder that it is downloaded into. Instead it will be the My Documents folder that belongs to the user you ran the browser as. Once the download has finished, close your browser and find the FixNCR.reg file that you downloaded. Now double-click on it and allow the data to be merged. You should now be able to run your normal executable programs and can proceed to the next step.
===

Before we can do anything we must first end the processes that belong to Win 7 Internet Security 2011 so that it does not interfere with the cleaning procedure.

Double-click on the RKill.exe icon in order to automatically attempt to stop any processes associated with Win 7 Internet Security 2011 and other Rogue programs.
===

Do not restart the computer.

You should now be able to download Malwarebytes Anti-Malware and save it to your desktop.[list]
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post back with the Malwarebytes Anti-Malware log once it's complete.
==

Please let me know what issues persists.

__________________
nasdaq is offline  
Old 06-14-2011, 09:29 AM   #3
Registered Member
 
Join Date: Jun 2011
Posts: 14
OS: windows vista



Hi, Nasdaq, thanks for helping me! Unfortunately, I've run into a snag here...I was able to download the FixNCR.reg file to my computer, but when I double clicked on it and attempted to let it fix the registry, I got an error from the Registry Editor saying it couldn't import because "not all data was successfully written to the registry. Some keys are open by the system or other processes." I'm not sure what that means. All my other windows were closed at the time, so did I do something wrong or is this the infection doing its infection thing?? The file was saved to my downloads folder. Should it have been saved elsewhere? Please let me know what to do. Thanks!!
__________________
akagitsune is offline  
Old 06-14-2011, 11:02 AM   #4
Security Team
Analyst
 
Join Date: Apr 2007
Location: Montreal, QC. Canada
Posts: 2,654
OS: Windows 2000 Pro. - Vista SP 2, W7



Can you continue Download MalwareBytes and run it post the log if you can.
__________________
nasdaq is offline  
Old 06-15-2011, 08:52 AM   #5
Registered Member
 
Join Date: Jun 2011
Posts: 14
OS: windows vista



Hi, I was able to download MalwareBytes and it successfully updated itself. I ran a quick scan, but it didn't find anything malicious on my computer and during the process, the "bad image" error popped up several times. Here's the log from the scan: Malwarebytes' Anti-Malware 1.51.0.1200 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Database version: 6862 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 6/15/2011 11:43:52 AM mbam-log-2011-06-15 (11-43-52).txt Scan type: Quick scan Objects scanned: 178063 Time elapsed: 5 minute(s), 26 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Thanks again, and please let me know what to do next.
__________________
akagitsune is offline  
Old 06-15-2011, 11:36 AM   #6
Security Team
Analyst
 
Join Date: Apr 2007
Location: Montreal, QC. Canada
Posts: 2,654
OS: Windows 2000 Pro. - Vista SP 2, W7



Before I can suggest any other tool please let me know what operating system is installed on the computer.
__________________
nasdaq is offline  
Old 06-15-2011, 08:14 PM   #7
Registered Member
 
Join Date: Jun 2011
Posts: 14
OS: windows vista



I have Windows Vista Home Premium on my computer.
__________________
akagitsune is offline  
Old 06-16-2011, 05:45 AM   #8
Security Team
Analyst
 
Join Date: Apr 2007
Location: Montreal, QC. Canada
Posts: 2,654
OS: Windows 2000 Pro. - Vista SP 2, W7



Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: A guide and tutorial on using ComboFix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs


For AVG antivirus and anti-spyware security software users only.
Quote:
Due to recent changes in AVG and how it interacts with CF, AVG must be uninstalled to run ComboFix. You will get a message from CF stating such.

If AVG will not uninstall, it is first recommended to uninstall it with this AppRemover by Opswat. The AVG uninstaller can be downloaded from here > AppRemover.exe Go to their homepage and you will see they have support for removal of other AV's as well AVG appremover tool.
__________________
nasdaq is offline  
Old 06-16-2011, 09:22 AM   #9
Registered Member
 
Join Date: Jun 2011
Posts: 14
OS: windows vista



Okay, I'm having a problem. I was able to download combofix to my desktop and disable my anti-virus software. However, when I double clicked on Combofix, I got the message saying I needed to uninstall AVG. I couldn't figure out how to do this manually, since it wasn't listed in my programs. I downloaded the appremover and uninstalled avg...it said it was successfully uninstalled, but the avg icons are still present on my computer and when I click on them, they still open....so is it uninstalled or not?! I'm afraid to click on the message from Combofix, since I'm unsure as to whether AVG is truly unilstalled or not. What do I do? (And also, how will I get AVG back once it's uninstalled??) Please help! Thanks!!
__________________
akagitsune is offline  
Old 06-16-2011, 11:05 AM   #10
Security Team
Analyst
 
Join Date: Apr 2007
Location: Montreal, QC. Canada
Posts: 2,654
OS: Windows 2000 Pro. - Vista SP 2, W7



Try this uninstall tool.

|MG| Revo Uninstaller 1.92 Download

Revo Uninstaller helps you to remove any unwanted application installed on your computer.

===

You should reinstall AVG as soon as possible. However if I have to run ComboFix to remove some unwanted entries you will have to uninstall it again.
__________________
nasdaq is offline  
Old 06-16-2011, 08:34 PM   #11
Registered Member
 
Join Date: Jun 2011
Posts: 14
OS: windows vista



Okay, I'm really frustrated now. I downloaded this new uninstall tool and it completely removed AVG from my system. All icons, etc. are GONE. I restarted my computer at its request. However, when I double clicked on ComboFix to get it going after the restart, it is still somehow detecting AVG. It gave me an error stating AVG 2011 was still active on my computer. How in the world does that happen and what do I do now??
__________________
akagitsune is offline  
Old 06-17-2011, 05:14 AM   #12
Security Team
Analyst
 
Join Date: Apr 2007
Location: Montreal, QC. Canada
Posts: 2,654
OS: Windows 2000 Pro. - Vista SP 2, W7



Run ComboFix and ignore the message about AVG.

If not possible. Run ComboFix in Safe Mode.
__________________
nasdaq is offline  
Old 06-17-2011, 09:29 AM   #13
Registered Member
 
Join Date: Jun 2011
Posts: 14
OS: windows vista



Strangely enough, when I went to run ComboFix this morning, it didn't give me any errors like yesterday. Weird. But anyway, here's the log from ComboFix:

ComboFix 11-06-16.02 - Admin 06/17/2011 12:10:32.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1900 [GMT -4:00]
Running from: c:\users\Oj-monster\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\PlaySushi\PSTExt.dll
L:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-05-17 to 2011-06-17 )))))))))))))))))))))))))))))))
.
.
2011-06-17 16:04 . 2011-06-17 16:04 -------- d-----w- c:\users\Oj-monster\AppData\Local\{867DA470-DB29-404C-B6D0-E00B1A1A66CA}
2011-06-17 16:02 . 2011-06-17 16:02 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{36477A7F-696D-492C-AC91-8D623440B4B9}\MpKslc6bbb56c.sys
2011-06-17 03:28 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{36477A7F-696D-492C-AC91-8D623440B4B9}\mpengine.dll
2011-06-17 03:15 . 2011-06-17 03:15 -------- d-----w- c:\program files\VS Revo Group
2011-06-16 16:02 . 2011-06-17 16:06 -------- d-----w- C:\32788R22FWJFW
2011-06-16 14:32 . 2011-06-16 14:32 -------- d-----w- c:\users\Oj-monster\AppData\Local\{881F0A39-A2F0-49AD-8132-BB0882FE744A}
2011-06-15 15:31 . 2011-06-15 15:32 -------- d-----w- c:\users\Oj-monster\AppData\Local\{D79BE468-6527-435D-8D81-F909FCD60E9F}
2011-06-14 15:53 . 2011-06-14 15:53 -------- d-----w- c:\users\Oj-monster\AppData\Local\{16754663-5401-44E4-8F46-09E79B0C2634}
2011-06-13 14:56 . 2011-06-14 02:56 -------- d-----w- c:\users\Oj-monster\AppData\Local\{21E08D56-C2A3-454C-A525-907ADD315CA9}
2011-06-12 14:23 . 2011-06-13 02:24 -------- d-----w- c:\users\Oj-monster\AppData\Local\{7817DC7C-4A11-4CB3-9296-A31F93D0C803}
2011-06-11 21:34 . 2011-06-11 21:34 -------- d-----w- c:\users\Oj-monster\AppData\Local\{C02FB18F-69A7-4E8E-89D8-07696D72A360}
2011-06-11 03:07 . 2011-06-11 03:07 -------- d-----w- c:\users\Oj-monster\AppData\Local\{FD863C87-9C82-4C83-9AA1-86C710082461}
2011-06-09 15:48 . 2011-06-10 03:49 -------- d-----w- c:\users\Oj-monster\AppData\Local\{35787299-FAAB-42A6-A301-1E0ACC863376}
2011-06-08 15:47 . 2011-06-09 03:48 -------- d-----w- c:\users\Oj-monster\AppData\Local\{434BA5CF-A622-41C6-9030-B76329496396}
2011-06-07 15:38 . 2011-06-08 03:38 -------- d-----w- c:\users\Oj-monster\AppData\Local\{53346548-72C1-4E8F-886C-10798A60BB30}
2011-06-06 16:36 . 2011-06-06 16:36 -------- d-----w- c:\users\Oj-monster\AppData\Local\{4DE753DC-A08F-4969-9479-8A63D2D79AB1}
2011-06-04 16:38 . 2011-06-06 01:15 -------- d-----w- c:\users\Oj-monster\AppData\Local\{091E7D93-6369-4B46-8903-4A81ED4DBA69}
2011-06-03 15:09 . 2011-06-04 03:10 -------- d-----w- c:\users\Oj-monster\AppData\Local\{B6BA457D-FB69-4781-9957-4E6BD0D7353A}
2011-06-02 17:51 . 2011-06-02 17:51 -------- d-----w- c:\users\Oj-monster\AppData\Local\{C80E6047-6186-4502-87D3-2775317659C8}
2011-06-01 15:52 . 2011-06-02 03:53 -------- d-----w- c:\users\Oj-monster\AppData\Local\{EDDBF764-FF89-4F15-914A-C397280A8421}
2011-05-31 14:57 . 2011-06-01 02:58 -------- d-----w- c:\users\Oj-monster\AppData\Local\{F2C8EDEF-81FA-4BA2-9C47-17770B8F4C86}
2011-05-30 20:46 . 2011-05-30 20:46 -------- d-----w- c:\users\Oj-monster\AppData\Local\{A1622461-0B89-493D-9150-2A93A21A24CA}
2011-05-30 03:13 . 2011-05-30 03:13 -------- d-----w- c:\users\Oj-monster\AppData\Local\{2D9E57FD-516A-4AB7-83B5-E6A3EC29131E}
2011-05-29 17:46 . 2011-06-13 14:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-29 15:12 . 2011-05-29 15:12 -------- d-----w- c:\users\Oj-monster\AppData\Local\{32BBA897-B9F2-4489-BBD6-68773A79B5D0}
2011-05-28 23:14 . 2011-06-17 16:04 -------- d-----w- c:\users\Oj-monster\AppData\Roaming\go
2011-05-28 23:14 . 2011-06-17 16:14 -------- d-----w- c:\programdata\Easybits GO
2011-05-28 22:17 . 2011-05-28 22:17 -------- d-----w- c:\users\Oj-monster\AppData\Local\{51F8F27F-2238-4BDA-A9A6-CA72E58AC3D3}
2011-05-27 15:40 . 2011-05-28 03:41 -------- d-----w- c:\users\Oj-monster\AppData\Local\{1A215789-C062-4A39-8494-542C2074FFB7}
2011-05-26 03:09 . 2011-05-26 03:09 -------- d-----w- c:\users\Oj-monster\AppData\Local\{20570D4A-649E-4CF1-A56D-0AD9B3389035}
2011-05-24 14:03 . 2011-04-30 21:32 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-05-24 14:03 . 2011-04-30 21:32 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FA010DC2-16E6-4571-A357-6D8CFF8BEEBD}\gapaengine.dll
2011-05-24 13:54 . 2011-05-25 01:55 -------- d-----w- c:\users\Oj-monster\AppData\Local\{D6516F3F-0387-41BD-8E92-4820FAF5045D}
2011-05-23 15:30 . 2011-05-23 15:31 -------- d-----w- c:\users\Oj-monster\AppData\Local\{0D1FA2EA-F48A-4481-8755-87B00979B183}
2011-05-23 00:47 . 2011-05-23 00:47 -------- d-----w- c:\users\Oj-monster\AppData\Local\{E625D59D-4483-40EC-8522-4552A30AEF5E}
2011-05-22 23:54 . 2011-05-22 23:54 -------- d-----w- c:\programdata\WindowsSearch
2011-05-20 03:12 . 2011-05-20 03:13 -------- d-----w- c:\users\Oj-monster\AppData\Local\{B92FB7A9-083E-438D-94D0-5864C0B4A2EE}
2011-05-18 17:46 . 2011-05-18 17:46 -------- d-----w- c:\users\Oj-monster\AppData\Local\{62CC9D18-0577-4D74-83F0-87EC2B50BA5F}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 13:11 . 2009-08-30 18:18 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2009-08-30 18:18 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-09 20:46 . 2011-05-01 23:30 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-23 23:37 . 2011-04-23 23:37 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-23 23:37 . 2011-04-23 23:37 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-23 23:37 . 2011-04-23 23:37 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-23 23:37 . 2011-04-23 23:37 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-23 23:37 . 2011-04-23 23:37 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-23 23:37 . 2011-04-23 23:37 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-23 23:37 . 2011-04-23 23:37 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-23 23:37 . 2011-04-23 23:37 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-23 23:37 . 2011-04-23 23:37 367104 ----a-w- c:\windows\system32\html.iec
2011-04-23 23:37 . 2011-04-23 23:37 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-23 23:37 . 2011-04-23 23:37 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-23 23:37 . 2011-04-23 23:37 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-23 23:37 . 2011-04-23 23:37 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-23 23:37 . 2011-04-23 23:37 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-23 23:37 . 2011-04-23 23:37 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-23 23:37 . 2011-04-23 23:37 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-23 23:37 . 2011-04-23 23:37 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-23 23:37 . 2011-04-23 23:37 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-23 23:37 . 2011-04-23 23:37 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-23 23:37 . 2011-04-23 23:37 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-23 23:37 . 2011-04-23 23:37 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-09 03:46 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-14 16:26 . 2011-04-09 21:58 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{399C60D2-38B1-4E25-B9E7-6498C1BC2DCD}]
2009-05-26 15:41 1297920 ----a-w- c:\program files\Dogpile Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-06-16 22:22 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712]
"{C53FE659-316A-4F56-A194-A5BE491BE866}"= "c:\program files\Dogpile Toolbar\Toolbar.dll" [2009-05-26 1297920]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{c53fe659-316a-4f56-a194-a5be491be866}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{587A2AD9-5F47-4029-8123-77327768C9F3}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712]
"{C53FE659-316A-4F56-A194-A5BE491BE866}"= "c:\program files\Dogpile Toolbar\Toolbar.dll" [2009-05-26 1297920]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{c53fe659-316a-4f56-a194-a5be491be866}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{587A2AD9-5F47-4029-8123-77327768C9F3}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-04-01 15145352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NoIE4StubProcessing"="c:\windows\system32\reg.exe DELETE HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" [X]
"AvgUninstallURL"="start http:" [X]
"*Restore"="c:\windows\System32\rstrui.exe" [2008-01-19 318464]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-09-16 05:37 57344 ----a-w- c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 05:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-05-14 00:58 177472 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 15:13 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-02-13 23:21 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-01-18 11:40 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-12-03 14:12 976320 ----a-w- c:\program files\Epson Software\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-09-25 11:10 154136 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-09-25 11:10 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2009-05-26 19:16 1468296 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-06-05 17:39 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
2009-05-21 18:25 1501064 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Linksys Wireless Manager]
2009-05-11 23:46 1348144 ----a-r- c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2003-06-18 16:00 200704 ----a-w- c:\program files\Microsoft Money\System\mnyexpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 16:50 155648 ----a-w- c:\windows\System32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2008-12-12 22:06 642856 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-09-17 13:07 8497696 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-09-17 13:07 81920 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-09-17 13:07 86016 ----a-w- c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-09-25 11:10 129560 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-17 12:22 4907008 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition]
2008-01-19 07:33 49664 ----a-w- c:\windows\Speech\Common\sapisvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 18:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tbhSystray]
2011-06-17 16:02 492840 ----a-w- c:\program files\tbh\base\bin\tbhSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
2006-11-27 13:14 180224 ------w- c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
R1 MpKsl65327fc8;MpKsl65327fc8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB502DB2-D06A-4FA6-A82D-57067D223190}\MpKsl65327fc8.sys [x]
R1 MpKsl76219160;MpKsl76219160;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CC0EA49C-8733-4C3E-AD75-3AAD77F92D2C}\MpKsl76219160.sys [x]
R1 MpKsla5a3d002;MpKsla5a3d002;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9C5BA671-EE5D-4745-BE96-553DC38A6FFF}\MpKsla5a3d002.sys [x]
R1 MpKsleaa35a38;MpKsleaa35a38;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2BF8D51-2B33-4F73-A023-39C15AA402BE}\MpKsleaa35a38.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-05-11 724992]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 MpKslc6bbb56c;MpKslc6bbb56c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{36477A7F-696D-492C-AC91-8D623440B4B9}\MpKslc6bbb56c.sys [2011-06-17 28752]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2007-09-07 1373480]
S2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2009-10-22 70952]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLC6BBB56C
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 01:14]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 01:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080401
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hywftjp7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{19A0F032-27D7-4227-BBB5-51AA9E5904F5} - c:\program files\Dogpile Toolbar\Helper.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-NWEReboot - (no file)
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
AddRemove-PaintToolSAI - c:\users\Oj-monster\Downloads\PaintToolSAI\uninst.exe
AddRemove-{AB480DA0-7EE9-465D-9C12-4CDE65BF18FB} - c:\program files\Pando Networks\Pando\PandoUninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-06-17 12:18
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-06-17 12:20:13
ComboFix-quarantined-files.txt 2011-06-17 16:20
.
Pre-Run: 354,622,259,200 bytes free
Post-Run: 354,854,576,128 bytes free
.
- - End Of File - - 2E7F39DD98F18C8796224229ABD20D36

I hope that's helpful. Please let me know what to do next, and thank you for your patience and continued help.
__________________
akagitsune is offline  
Old 06-17-2011, 11:03 AM   #14
Security Team
Analyst
 
Join Date: Apr 2007
Location: Montreal, QC. Canada
Posts: 2,654
OS: Windows 2000 Pro. - Vista SP 2, W7



Quote:
Strangely enough, when I went to run ComboFix this morning, it didn't give me any errors like yesterday. Weird. But anyway,
May be a restart of the computer was necessary.


You have Ask Toolbar installed.

I strongly recommend you remove it from your computer via the Add/Remove Programs list, because:
  • It promotes its toolbars on sites targeted at kids.
  • It promotes its toolbars through ads that appear to be part of other companies' sites.
  • It promotes its toolbars through other companies' spyware.
  • It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
  • It Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  • It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.
  • Or you can download and run this uninstaller.
    ASK Toolbar Remover - AutoClean

If you uninstalled the Ask Toolbar as recommended, using Windows Explorer delete the following folders if found:
C:\Program Files\AskBarDis
C:\Program Files\AskSearch
C:\Program Files\AskSBar
C:\Program Files\AskTBar
C:\Program Files\Ask.com
===

Open notepad and copy/paste the text in the quote box below into it:

Code:
Driver::
MpKsl65327fc8
MpKsl76219160
MpKsla5a3d002
MpKsleaa35a38
tbhMonitor.exe
Save this as CFScript on your desktop.



Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

===

Please run this security check for my review.

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please let me know what problem persists.
__________________
nasdaq is offline  
Old 06-17-2011, 08:53 PM   #15
Registered Member
 
Join Date: Jun 2011
Posts: 14
OS: windows vista



Okay, here's the log for ComboFix: ComboFix 11-06-17.04 - Admin 06/17/2011 23:41:13.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.2183 [GMT -4:00] Running from: c:\users\Oj-monster\Desktop\ComboFix.exe Command switches used :: c:\users\Oj-monster\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_MPKSL65327FC8 -------\Legacy_MPKSL76219160 -------\Legacy_MPKSLEAA35A38 -------\Service_MpKsl65327fc8 -------\Service_MpKsl76219160 -------\Service_MpKsla5a3d002 -------\Service_MpKsleaa35a38 -------\Service_tbhMonitor.exe . . ((((((((((((((((((((((((( Files Created from 2011-05-18 to 2011-06-18 ))))))))))))))))))))))))))))))) . . 2011-06-18 03:48 . 2011-06-18 03:48 -------- d-----w- c:\users\Admin\AppData\Local\temp 2011-06-18 03:48 . 2011-06-18 03:48 -------- d-----w- c:\users\Oj-monster\AppData\Local\temp 2011-06-18 03:48 . 2011-06-18 03:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-18 03:37 . 2011-06-18 03:37 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7D5FF445-DCFF-45A5-9783-0CAB4142E83F}\MpKsl37b3d9a7.sys 2011-06-18 03:37 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7D5FF445-DCFF-45A5-9783-0CAB4142E83F}\mpengine.dll 2011-06-18 03:11 . 2011-06-18 03:11 -------- d-----w- c:\users\Oj-monster\AppData\Local\{CDE2273A-1F79-4C31-A4DF-3010AD6E539F} 2011-06-17 17:40 . 2007-09-25 11:10 172032 ----a-w- c:\windows\system32\igfxres.dll 2011-06-17 16:04 . 2011-06-17 16:04 -------- d-----w- c:\users\Oj-monster\AppData\Local\{867DA470-DB29-404C-B6D0-E00B1A1A66CA} 2011-06-17 03:15 . 2011-06-17 03:15 -------- d-----w- c:\program files\VS Revo Group 2011-06-16 16:02 . 2011-06-18 03:39 -------- d-----w- C:\32788R22FWJFW 2011-06-16 14:32 . 2011-06-16 14:32 -------- d-----w- c:\users\Oj-monster\AppData\Local\{881F0A39-A2F0-49AD-8132-BB0882FE744A} 2011-06-15 15:31 . 2011-06-15 15:32 -------- d-----w- c:\users\Oj-monster\AppData\Local\{D79BE468-6527-435D-8D81-F909FCD60E9F} 2011-06-14 15:53 . 2011-06-14 15:53 -------- d-----w- c:\users\Oj-monster\AppData\Local\{16754663-5401-44E4-8F46-09E79B0C2634} 2011-06-13 14:56 . 2011-06-14 02:56 -------- d-----w- c:\users\Oj-monster\AppData\Local\{21E08D56-C2A3-454C-A525-907ADD315CA9} 2011-06-12 14:23 . 2011-06-13 02:24 -------- d-----w- c:\users\Oj-monster\AppData\Local\{7817DC7C-4A11-4CB3-9296-A31F93D0C803} 2011-06-11 21:34 . 2011-06-11 21:34 -------- d-----w- c:\users\Oj-monster\AppData\Local\{C02FB18F-69A7-4E8E-89D8-07696D72A360} 2011-06-11 03:07 . 2011-06-11 03:07 -------- d-----w- c:\users\Oj-monster\AppData\Local\{FD863C87-9C82-4C83-9AA1-86C710082461} 2011-06-09 15:48 . 2011-06-10 03:49 -------- d-----w- c:\users\Oj-monster\AppData\Local\{35787299-FAAB-42A6-A301-1E0ACC863376} 2011-06-08 15:47 . 2011-06-09 03:48 -------- d-----w- c:\users\Oj-monster\AppData\Local\{434BA5CF-A622-41C6-9030-B76329496396} 2011-06-07 15:38 . 2011-06-08 03:38 -------- d-----w- c:\users\Oj-monster\AppData\Local\{53346548-72C1-4E8F-886C-10798A60BB30} 2011-06-06 16:36 . 2011-06-06 16:36 -------- d-----w- c:\users\Oj-monster\AppData\Local\{4DE753DC-A08F-4969-9479-8A63D2D79AB1} 2011-06-04 16:38 . 2011-06-06 01:15 -------- d-----w- c:\users\Oj-monster\AppData\Local\{091E7D93-6369-4B46-8903-4A81ED4DBA69} 2011-06-03 15:09 . 2011-06-04 03:10 -------- d-----w- c:\users\Oj-monster\AppData\Local\{B6BA457D-FB69-4781-9957-4E6BD0D7353A} 2011-06-02 17:51 . 2011-06-02 17:51 -------- d-----w- c:\users\Oj-monster\AppData\Local\{C80E6047-6186-4502-87D3-2775317659C8} 2011-06-01 15:52 . 2011-06-02 03:53 -------- d-----w- c:\users\Oj-monster\AppData\Local\{EDDBF764-FF89-4F15-914A-C397280A8421} 2011-05-31 14:57 . 2011-06-01 02:58 -------- d-----w- c:\users\Oj-monster\AppData\Local\{F2C8EDEF-81FA-4BA2-9C47-17770B8F4C86} 2011-05-30 20:46 . 2011-05-30 20:46 -------- d-----w- c:\users\Oj-monster\AppData\Local\{A1622461-0B89-493D-9150-2A93A21A24CA} 2011-05-30 03:13 . 2011-05-30 03:13 -------- d-----w- c:\users\Oj-monster\AppData\Local\{2D9E57FD-516A-4AB7-83B5-E6A3EC29131E} 2011-05-29 17:46 . 2011-06-13 14:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-29 15:12 . 2011-05-29 15:12 -------- d-----w- c:\users\Oj-monster\AppData\Local\{32BBA897-B9F2-4489-BBD6-68773A79B5D0} 2011-05-28 23:14 . 2011-06-18 03:11 -------- d-----w- c:\users\Oj-monster\AppData\Roaming\go 2011-05-28 23:14 . 2011-06-18 03:45 -------- d-----w- c:\programdata\Easybits GO 2011-05-28 22:17 . 2011-05-28 22:17 -------- d-----w- c:\users\Oj-monster\AppData\Local\{51F8F27F-2238-4BDA-A9A6-CA72E58AC3D3} 2011-05-27 15:40 . 2011-05-28 03:41 -------- d-----w- c:\users\Oj-monster\AppData\Local\{1A215789-C062-4A39-8494-542C2074FFB7} 2011-05-26 03:09 . 2011-05-26 03:09 -------- d-----w- c:\users\Oj-monster\AppData\Local\{20570D4A-649E-4CF1-A56D-0AD9B3389035} 2011-05-24 14:03 . 2011-04-30 21:32 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2011-05-24 14:03 . 2011-04-30 21:32 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FA010DC2-16E6-4571-A357-6D8CFF8BEEBD}\gapaengine.dll 2011-05-24 13:54 . 2011-05-25 01:55 -------- d-----w- c:\users\Oj-monster\AppData\Local\{D6516F3F-0387-41BD-8E92-4820FAF5045D} 2011-05-23 15:30 . 2011-05-23 15:31 -------- d-----w- c:\users\Oj-monster\AppData\Local\{0D1FA2EA-F48A-4481-8755-87B00979B183} 2011-05-23 00:47 . 2011-05-23 00:47 -------- d-----w- c:\users\Oj-monster\AppData\Local\{E625D59D-4483-40EC-8522-4552A30AEF5E} 2011-05-22 23:54 . 2011-05-22 23:54 -------- d-----w- c:\programdata\WindowsSearch 2011-05-20 03:12 . 2011-05-20 03:13 -------- d-----w- c:\users\Oj-monster\AppData\Local\{B92FB7A9-083E-438D-94D0-5864C0B4A2EE} . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 13:11 . 2009-08-30 18:18 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11 . 2009-08-30 18:18 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-09 20:46 . 2011-05-01 23:30 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-04-23 23:37 . 2011-04-23 23:37 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-04-23 23:37 . 2011-04-23 23:37 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-04-23 23:37 . 2011-04-23 23:37 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-04-23 23:37 . 2011-04-23 23:37 161792 ----a-w- c:\windows\system32\msls31.dll 2011-04-23 23:37 . 2011-04-23 23:37 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-04-23 23:37 . 2011-04-23 23:37 86528 ----a-w- c:\windows\system32\iesysprep.dll 2011-04-23 23:37 . 2011-04-23 23:37 74752 ----a-w- c:\windows\system32\iesetup.dll 2011-04-23 23:37 . 2011-04-23 23:37 63488 ----a-w- c:\windows\system32\tdc.ocx 2011-04-23 23:37 . 2011-04-23 23:37 367104 ----a-w- c:\windows\system32\html.iec 2011-04-23 23:37 . 2011-04-23 23:37 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-04-23 23:37 . 2011-04-23 23:37 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-04-23 23:37 . 2011-04-23 23:37 23552 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-23 23:37 . 2011-04-23 23:37 152064 ----a-w- c:\windows\system32\wextract.exe 2011-04-23 23:37 . 2011-04-23 23:37 150528 ----a-w- c:\windows\system32\iexpress.exe 2011-04-23 23:37 . 2011-04-23 23:37 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2011-04-23 23:37 . 2011-04-23 23:37 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2011-04-23 23:37 . 2011-04-23 23:37 11776 ----a-w- c:\windows\system32\mshta.exe 2011-04-23 23:37 . 2011-04-23 23:37 35840 ----a-w- c:\windows\system32\imgutil.dll 2011-04-23 23:37 . 2011-04-23 23:37 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-04-23 23:37 . 2011-04-23 23:37 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-04-23 23:37 . 2011-04-23 23:37 101888 ----a-w- c:\windows\system32\admparse.dll 2011-04-09 03:46 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-04-14 16:26 . 2011-04-09 21:58 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{399C60D2-38B1-4E25-B9E7-6498C1BC2DCD}] 2009-05-26 15:41 1297920 ----a-w- c:\program files\Dogpile Toolbar\Toolbar.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2009-06-16 22:22 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712] "{C53FE659-316A-4F56-A194-A5BE491BE866}"= "c:\program files\Dogpile Toolbar\Toolbar.dll" [2009-05-26 1297920] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CLASSES_ROOT\clsid\{c53fe659-316a-4f56-a194-a5be491be866}] [HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.3] [HKEY_CLASSES_ROOT\TypeLib\{587A2AD9-5F47-4029-8123-77327768C9F3}] [HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712] "{C53FE659-316A-4F56-A194-A5BE491BE866}"= "c:\program files\Dogpile Toolbar\Toolbar.dll" [2009-05-26 1297920] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CLASSES_ROOT\clsid\{c53fe659-316a-4f56-a194-a5be491be866}] [HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.3] [HKEY_CLASSES_ROOT\TypeLib\{587A2AD9-5F47-4029-8123-77327768C9F3}] [HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-04-01 15145352] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NoIE4StubProcessing"="c:\windows\system32\reg.exe DELETE HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" [X] "AvgUninstallURL"="start http:" [X] "*Restore"="c:\windows\System32\rstrui.exe" [2008-01-19 318464] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2005-09-16 05:37 57344 ----a-w- c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-15 05:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2009-05-14 00:58 177472 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] 2009-05-21 15:13 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] 2008-02-13 23:21 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter] 2008-01-18 11:40 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager] 2009-12-03 14:12 976320 ----a-w- c:\program files\Epson Software\Event Manager\EEventManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2007-09-25 11:10 154136 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2007-09-25 11:10 141848 ----a-w- c:\windows\System32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] 2009-05-26 19:16 1468296 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-06-05 17:39 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype] 2009-05-21 18:25 1501064 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Linksys Wireless Manager] 2009-05-11 23:46 1348144 ----a-r- c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] 2003-06-18 16:00 200704 ----a-w- c:\program files\Microsoft Money\System\mnyexpr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 16:50 155648 ----a-w- c:\windows\System32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth] 2008-12-12 22:06 642856 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2007-09-17 13:07 8497696 ----a-w- c:\windows\System32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2007-09-17 13:07 81920 ----a-w- c:\windows\System32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc] 2007-09-17 13:07 86016 ----a-w- c:\windows\System32\nvsvc.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2007-09-25 11:10 129560 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2008-01-17 12:22 4907008 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition] 2008-01-19 07:33 49664 ----a-w- c:\windows\Speech\Common\sapisvr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-10-29 18:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tbhSystray] 2011-06-18 03:10 492840 ----a-w- c:\program files\tbh\base\bin\tbhSystray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] 2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel] 2006-11-27 13:14 180224 ------w- c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . R1 MpKslcfd0d0b0;MpKslcfd0d0b0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{16918C3A-B583-4BBC-8965-79BAC4AA8590}\MpKslcfd0d0b0.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 136176] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 136176] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-05-11 724992] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S1 MpKsl37b3d9a7;MpKsl37b3d9a7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7D5FF445-DCFF-45A5-9783-0CAB4142E83F}\MpKsl37b3d9a7.sys [2011-06-18 28752] S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824] S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2007-09-07 1373480] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSL37B3D9A7 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2011-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 01:14] . 2011-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 01:14] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080401 uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hywftjp7.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - user.js: yahoo.homepage.dontask - true . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-06-17 23:48 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2011-06-17 23:49:35 ComboFix-quarantined-files.txt 2011-06-18 03:49 ComboFix2.txt 2011-06-17 16:20 . Pre-Run: 351,236,644,864 bytes free Post-Run: 351,207,141,376 bytes free . - - End Of File - - E7F22C9B354307B7AD777365414569ED I'll download the Security Check next and post the results in another window.
__________________
akagitsune is offline  
Old 06-17-2011, 08:58 PM   #16
Registered Member
 
Join Date: Jun 2011
Posts: 14
OS: windows vista



Here is the Security Check log: Results of screen317's Security Check version 0.99.13 Windows Vista Service Pack 2 (UAC is enabled) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! McAfee Security Scan Plus Microsoft Security Essentials WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner (remove only) Java(TM) 6 Update 24 Java(TM) SE Runtime Environment 6 Java(TM) 6 Update 4 Java(TM) 6 Update 5 Out of date Java installed! Adobe Flash Player 10.3.181.22 Adobe Reader 8.1.3 Out of date Adobe Reader installed! ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Microsoft Security Essentials msseces.exe ``````````End of Log```````````` Am I safe to reinstall AVG now? Is there anything else to do or am I all set? I'm not getting anymore bad image errors now, since running ComboFix. Please let me know. Thanks!
__________________
akagitsune is offline  
Old 06-18-2011, 06:09 AM   #17
Security Team
Analyst
 
Join Date: Apr 2007
Location: Montreal, QC. Canada
Posts: 2,654
OS: Windows 2000 Pro. - Vista SP 2, W7



I cannot read your logs.

Can you open the ComboFix and Security logs with NotePad and make sure that you have the Word wrap set. You will find this option in the Format menu of Notepad.

Post the logs.
__________________
nasdaq is offline  
Old 06-18-2011, 11:55 AM   #18
Registered Member
 
Join Date: Jun 2011
Posts: 14
OS: windows vista



Oops, sorry about that. Here's the log again for ComboFix. I'll post the Security Check again after this. ComboFix 11-06-17.04 - Admin 06/18/2011 14:41:53.5.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1984 [GMT -4:00] Running from: c:\users\Oj-monster\Desktop\ComboFix.exe Command switches used :: c:\users\Oj-monster\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2011-05-18 to 2011-06-18 ))))))))))))))))))))))))))))))) . . 2011-06-18 18:49 . 2011-06-18 18:49 -------- d-----w- c:\users\Admin\AppData\Local\temp 2011-06-18 18:49 . 2011-06-18 18:49 -------- d-----w- c:\users\Oj-monster\AppData\Local\temp 2011-06-18 18:49 . 2011-06-18 18:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-18 18:37 . 2011-06-18 18:37 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F686292-DB51-4DFE-8A75-721E7310DDEF}\MpKsl23750cde.sys 2011-06-18 18:37 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F686292-DB51-4DFE-8A75-721E7310DDEF}\mpengine.dll 2011-06-18 16:08 . 2011-06-18 16:08 -------- d-----w- c:\users\Oj-monster\AppData\Local\{DAE446EC-975D-4F13-A961-14EA2E845DA6} 2011-06-18 03:11 . 2011-06-18 03:11 -------- d-----w- c:\users\Oj-monster\AppData\Local\{CDE2273A-1F79-4C31-A4DF-3010AD6E539F} 2011-06-17 17:40 . 2007-09-25 11:10 172032 ----a-w- c:\windows\system32\igfxres.dll 2011-06-17 16:04 . 2011-06-17 16:04 -------- d-----w- c:\users\Oj-monster\AppData\Local\{867DA470-DB29-404C-B6D0-E00B1A1A66CA} 2011-06-17 03:15 . 2011-06-17 03:15 -------- d-----w- c:\program files\VS Revo Group 2011-06-16 16:02 . 2011-06-18 18:39 -------- d-----w- C:\32788R22FWJFW 2011-06-16 14:32 . 2011-06-16 14:32 -------- d-----w- c:\users\Oj-monster\AppData\Local\{881F0A39-A2F0-49AD-8132-BB0882FE744A} 2011-06-15 15:31 . 2011-06-15 15:32 -------- d-----w- c:\users\Oj-monster\AppData\Local\{D79BE468-6527-435D-8D81-F909FCD60E9F} 2011-06-14 15:53 . 2011-06-14 15:53 -------- d-----w- c:\users\Oj-monster\AppData\Local\{16754663-5401-44E4-8F46-09E79B0C2634} 2011-06-13 14:56 . 2011-06-14 02:56 -------- d-----w- c:\users\Oj-monster\AppData\Local\{21E08D56-C2A3-454C-A525-907ADD315CA9} 2011-06-12 14:23 . 2011-06-13 02:24 -------- d-----w- c:\users\Oj-monster\AppData\Local\{7817DC7C-4A11-4CB3-9296-A31F93D0C803} 2011-06-11 21:34 . 2011-06-11 21:34 -------- d-----w- c:\users\Oj-monster\AppData\Local\{C02FB18F-69A7-4E8E-89D8-07696D72A360} 2011-06-11 03:07 . 2011-06-11 03:07 -------- d-----w- c:\users\Oj-monster\AppData\Local\{FD863C87-9C82-4C83-9AA1-86C710082461} 2011-06-09 15:48 . 2011-06-10 03:49 -------- d-----w- c:\users\Oj-monster\AppData\Local\{35787299-FAAB-42A6-A301-1E0ACC863376} 2011-06-08 15:47 . 2011-06-09 03:48 -------- d-----w- c:\users\Oj-monster\AppData\Local\{434BA5CF-A622-41C6-9030-B76329496396} 2011-06-07 15:38 . 2011-06-08 03:38 -------- d-----w- c:\users\Oj-monster\AppData\Local\{53346548-72C1-4E8F-886C-10798A60BB30} 2011-06-06 16:36 . 2011-06-06 16:36 -------- d-----w- c:\users\Oj-monster\AppData\Local\{4DE753DC-A08F-4969-9479-8A63D2D79AB1} 2011-06-04 16:38 . 2011-06-06 01:15 -------- d-----w- c:\users\Oj-monster\AppData\Local\{091E7D93-6369-4B46-8903-4A81ED4DBA69} 2011-06-03 15:09 . 2011-06-04 03:10 -------- d-----w- c:\users\Oj-monster\AppData\Local\{B6BA457D-FB69-4781-9957-4E6BD0D7353A} 2011-06-02 17:51 . 2011-06-02 17:51 -------- d-----w- c:\users\Oj-monster\AppData\Local\{C80E6047-6186-4502-87D3-2775317659C8} 2011-06-01 15:52 . 2011-06-02 03:53 -------- d-----w- c:\users\Oj-monster\AppData\Local\{EDDBF764-FF89-4F15-914A-C397280A8421} 2011-05-31 14:57 . 2011-06-01 02:58 -------- d-----w- c:\users\Oj-monster\AppData\Local\{F2C8EDEF-81FA-4BA2-9C47-17770B8F4C86} 2011-05-30 20:46 . 2011-05-30 20:46 -------- d-----w- c:\users\Oj-monster\AppData\Local\{A1622461-0B89-493D-9150-2A93A21A24CA} 2011-05-30 03:13 . 2011-05-30 03:13 -------- d-----w- c:\users\Oj-monster\AppData\Local\{2D9E57FD-516A-4AB7-83B5-E6A3EC29131E} 2011-05-29 17:46 . 2011-06-13 14:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-29 15:12 . 2011-05-29 15:12 -------- d-----w- c:\users\Oj-monster\AppData\Local\{32BBA897-B9F2-4489-BBD6-68773A79B5D0} 2011-05-28 23:14 . 2011-06-18 16:08 -------- d-----w- c:\users\Oj-monster\AppData\Roaming\go 2011-05-28 23:14 . 2011-06-18 18:47 -------- d-----w- c:\programdata\Easybits GO 2011-05-28 22:17 . 2011-05-28 22:17 -------- d-----w- c:\users\Oj-monster\AppData\Local\{51F8F27F-2238-4BDA-A9A6-CA72E58AC3D3} 2011-05-27 15:40 . 2011-05-28 03:41 -------- d-----w- c:\users\Oj-monster\AppData\Local\{1A215789-C062-4A39-8494-542C2074FFB7} 2011-05-26 03:09 . 2011-05-26 03:09 -------- d-----w- c:\users\Oj-monster\AppData\Local\{20570D4A-649E-4CF1-A56D-0AD9B3389035} 2011-05-24 14:03 . 2011-04-30 21:32 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2011-05-24 14:03 . 2011-04-30 21:32 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FA010DC2-16E6-4571-A357-6D8CFF8BEEBD}\gapaengine.dll 2011-05-24 13:54 . 2011-05-25 01:55 -------- d-----w- c:\users\Oj-monster\AppData\Local\{D6516F3F-0387-41BD-8E92-4820FAF5045D} 2011-05-23 15:30 . 2011-05-23 15:31 -------- d-----w- c:\users\Oj-monster\AppData\Local\{0D1FA2EA-F48A-4481-8755-87B00979B183} 2011-05-23 00:47 . 2011-05-23 00:47 -------- d-----w- c:\users\Oj-monster\AppData\Local\{E625D59D-4483-40EC-8522-4552A30AEF5E} 2011-05-22 23:54 . 2011-05-22 23:54 -------- d-----w- c:\programdata\WindowsSearch 2011-05-20 03:12 . 2011-05-20 03:13 -------- d-----w- c:\users\Oj-monster\AppData\Local\{B92FB7A9-083E-438D-94D0-5864C0B4A2EE} . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 13:11 . 2009-08-30 18:18 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11 . 2009-08-30 18:18 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-09 20:46 . 2011-05-01 23:30 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-04-23 23:37 . 2011-04-23 23:37 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-04-23 23:37 . 2011-04-23 23:37 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-04-23 23:37 . 2011-04-23 23:37 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-04-23 23:37 . 2011-04-23 23:37 161792 ----a-w- c:\windows\system32\msls31.dll 2011-04-23 23:37 . 2011-04-23 23:37 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-04-23 23:37 . 2011-04-23 23:37 86528 ----a-w- c:\windows\system32\iesysprep.dll 2011-04-23 23:37 . 2011-04-23 23:37 74752 ----a-w- c:\windows\system32\iesetup.dll 2011-04-23 23:37 . 2011-04-23 23:37 63488 ----a-w- c:\windows\system32\tdc.ocx 2011-04-23 23:37 . 2011-04-23 23:37 367104 ----a-w- c:\windows\system32\html.iec 2011-04-23 23:37 . 2011-04-23 23:37 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-04-23 23:37 . 2011-04-23 23:37 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-04-23 23:37 . 2011-04-23 23:37 23552 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-23 23:37 . 2011-04-23 23:37 152064 ----a-w- c:\windows\system32\wextract.exe 2011-04-23 23:37 . 2011-04-23 23:37 150528 ----a-w- c:\windows\system32\iexpress.exe 2011-04-23 23:37 . 2011-04-23 23:37 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2011-04-23 23:37 . 2011-04-23 23:37 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2011-04-23 23:37 . 2011-04-23 23:37 11776 ----a-w- c:\windows\system32\mshta.exe 2011-04-23 23:37 . 2011-04-23 23:37 35840 ----a-w- c:\windows\system32\imgutil.dll 2011-04-23 23:37 . 2011-04-23 23:37 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-04-23 23:37 . 2011-04-23 23:37 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-04-23 23:37 . 2011-04-23 23:37 101888 ----a-w- c:\windows\system32\admparse.dll 2011-04-09 03:46 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-04-14 16:26 . 2011-04-09 21:58 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{399C60D2-38B1-4E25-B9E7-6498C1BC2DCD}] 2009-05-26 15:41 1297920 ----a-w- c:\program files\Dogpile Toolbar\Toolbar.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2009-06-16 22:22 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712] "{C53FE659-316A-4F56-A194-A5BE491BE866}"= "c:\program files\Dogpile Toolbar\Toolbar.dll" [2009-05-26 1297920] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CLASSES_ROOT\clsid\{c53fe659-316a-4f56-a194-a5be491be866}] [HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.3] [HKEY_CLASSES_ROOT\TypeLib\{587A2AD9-5F47-4029-8123-77327768C9F3}] [HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712] "{C53FE659-316A-4F56-A194-A5BE491BE866}"= "c:\program files\Dogpile Toolbar\Toolbar.dll" [2009-05-26 1297920] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CLASSES_ROOT\clsid\{c53fe659-316a-4f56-a194-a5be491be866}] [HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.3] [HKEY_CLASSES_ROOT\TypeLib\{587A2AD9-5F47-4029-8123-77327768C9F3}] [HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-04-01 15145352] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NoIE4StubProcessing"="c:\windows\system32\reg.exe DELETE HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" [X] "AvgUninstallURL"="start http:" [X] "*Restore"="c:\windows\System32\rstrui.exe" [2008-01-19 318464] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2005-09-16 05:37 57344 ----a-w- c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-15 05:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2009-05-14 00:58 177472 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] 2009-05-21 15:13 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] 2008-02-13 23:21 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter] 2008-01-18 11:40 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager] 2009-12-03 14:12 976320 ----a-w- c:\program files\Epson Software\Event Manager\EEventManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2007-09-25 11:10 154136 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2007-09-25 11:10 141848 ----a-w- c:\windows\System32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] 2009-05-26 19:16 1468296 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-06-05 17:39 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype] 2009-05-21 18:25 1501064 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Linksys Wireless Manager] 2009-05-11 23:46 1348144 ----a-r- c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] 2003-06-18 16:00 200704 ----a-w- c:\program files\Microsoft Money\System\mnyexpr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 16:50 155648 ----a-w- c:\windows\System32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth] 2008-12-12 22:06 642856 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2007-09-17 13:07 8497696 ----a-w- c:\windows\System32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2007-09-17 13:07 81920 ----a-w- c:\windows\System32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc] 2007-09-17 13:07 86016 ----a-w- c:\windows\System32\nvsvc.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2007-09-25 11:10 129560 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2008-01-17 12:22 4907008 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition] 2008-01-19 07:33 49664 ----a-w- c:\windows\Speech\Common\sapisvr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-10-29 18:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tbhSystray] 2011-06-18 03:10 492840 ----a-w- c:\program files\tbh\base\bin\tbhSystray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] 2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel] 2006-11-27 13:14 180224 ------w- c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . R1 MpKslcfd0d0b0;MpKslcfd0d0b0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{16918C3A-B583-4BBC-8965-79BAC4AA8590}\MpKslcfd0d0b0.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 136176] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 136176] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-05-11 724992] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S1 MpKsl23750cde;MpKsl23750cde;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F686292-DB51-4DFE-8A75-721E7310DDEF}\MpKsl23750cde.sys [2011-06-18 28752] S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824] S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2007-09-07 1373480] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSL23750CDE . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2011-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 01:14] . 2011-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 01:14] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080401 uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hywftjp7.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - user.js: yahoo.homepage.dontask - true . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-06-18 14:49 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2011-06-18 14:50:51 ComboFix-quarantined-files.txt 2011-06-18 18:50 ComboFix2.txt 2011-06-18 18:33 ComboFix3.txt 2011-06-18 03:49 ComboFix4.txt 2011-06-17 16:20 . Pre-Run: 352,133,451,776 bytes free Post-Run: 352,102,744,064 bytes free . - - End Of File - - 5B81D251E65C12E2EA3B85609D295057
__________________
akagitsune is offline  
Old 06-18-2011, 12:09 PM   #19
Registered Member
 
Join Date: Jun 2011
Posts: 14
OS: windows vista



Hmm, that above post looks similar to the one you said you can't read, despite my turning on word wrapping. I really hope it you can read that one. Here's the log for the Security Check again. I hope it's readable this time, too. Results of screen317's Security Check version 0.99.13 Windows Vista Service Pack 2 (UAC is enabled) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! McAfee Security Scan Plus Microsoft Security Essentials WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner (remove only) Java(TM) 6 Update 24 Java(TM) SE Runtime Environment 6 Java(TM) 6 Update 4 Java(TM) 6 Update 5 Out of date Java installed! Adobe Flash Player 10.3.181.22 Adobe Reader 8.1.3 Out of date Adobe Reader installed! ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Microsoft Security Essentials msseces.exe ``````````End of Log````````````
__________________
akagitsune is offline  
Old 06-18-2011, 12:10 PM   #20
Registered Member
 
Join Date: Jun 2011
Posts: 14
OS: windows vista



I turned on word wrapping for notepad, but the above two posts still look about the same. Please let me know if you could read them and if not, what I can do to make them readable. Thanks!

__________________
akagitsune is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Posting logs as requested for slow PC
I'm starting a new top with my logs as requested. Below is the DDS text and attached is a zip file with Attach and ARK texts. I do have access to the Windows install disc for this machine if needed, would just have to dig it up. FYI, I accidently posted this first in the General Computer...
jamie_in_nj Resolved HJT Threads 52 06-12-2011 09:19 AM
[SOLVED] Problem with .exe files following a virus...
So, my computer got infected with a virus last week (XP Home Security 2011, clearly malware and I never downloaded it or did anything it told me to). I followed instructions from other people who had it which involved ending the processes in the task manager. I realised that the virus was...
MadLarkin Windows XP Support 19 06-03-2011 08:27 PM
.exe problem
I have a problem with my Windows XP user account. A virus (I think it was bjc.exe) was downloaded by accident when trying to view a picture of Queen Victoria ! which has since been removed using Malwarebytes Anti-Malware software. However, when I try to load files, I am asked what to associate...
DBrowne Windows XP Support 2 05-03-2011 05:50 AM
exe. 'bad image' error massages
every time i boot up my computer now i get countless error messages reading: ---.exe_'bad image" not valid windows image check installation disk. what caused this and how do i repair my dll files
jack jones Driver Support 1 04-12-2011 06:06 AM
.exe bad image pop up windows
I have run all the necessary adware, spyware and antivirus, just ran hijack this..below are the results..can someone help me from here please. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:14:58 PM, on 1/2/2011 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet...
foxxsee Resolved HJT Threads 1 01-02-2011 10:54 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 10:03 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts