|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Virus/Trojan/Spyware Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
LinkBack | Thread Tools |
11-05-2009, 08:33 AM
|
#1 (permalink) |
|
Registered User
Join Date: May 2008
Posts: 4
OS: win xp service pack 2
|
!! Need help for bad image error !!
Hi, i've been having several problems in my com, which is running on windows xp sp3.
1. Recently, it has been running slower than usual. If i switch my com on and leave it alone for a while, a blue error screen appears which says "A problem has been detected and windows has been shutdown to prevent damage to your computer" 2. I'm unable to start up malwarebytes. Everytime i try to start it up, a bad image msg occurs which says "The application or DLL C:\WINDOWS\system32\MSVBVM.DLL is not a valid Windows image. Please check this against your installation diskette." I have read through other forum threads and have tried methods such as SDfix and ComboFix. Unfortunately, they do not work and the problems persist. I am unable to use system restore, even in safe mode. I have installed HijackThis but when i try to start the program, the same bad image error msg which comes up for malwarebytes appears. I have run antivirus and antispyware checks but nothing turns up. I have access to a boot cd. I am at a loss as to how to solve this problem. Please help. Thanks. DDS (Ver_09-10-26.01) - NTFSx86 Run at 23:23:51.12 on Thu 11/05/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17 ============== Running Processes =============== ============== Pseudo HJT Report =============== uInternet Connection Wizard,ShellNext = hxxp://www.pc-ap.fujitsu.com/ uInternet Settings,ProxyOverride = local uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll mWinlogon: UIHost=c:\windows\system32\logonui.exe BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [TabletWizard] c:\windows\help\SplshWrp.exe mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe" mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [LoadBtnHnd] "c:\program files\fujitsu\btnhnd\BtnHnd.exe" mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [LoadFUJ02E3] "c:\program files\fujitsu\fuj02e3\FUJ02E3.exe" mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe" mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe" mRun: [OSSelectorReinstall] c:\program files\common files\acronis\acronis disk director\oss_reinstall.exe mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog StartupFolder: c:\docume~1\minghu~1\startm~1\programs\startup\be30~1.lnk - c:\program files\tudou\·éėłtudou\TudouVa.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll Trusted Zone: hotmail.com Trusted Zone: live.com Trusted Zone: msn.com Trusted Zone: passport.com DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} - hxxps://intouch.nhg.com.sg/vdesk/cachecleaner.cab#version=6020,2007,1001,2137 DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://intouch.nhg.com.sg/vdesk/terminal/InstallerControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll Notify: TabBtnWL - TabBtnWL.dll Notify: tpgwlnotify - tpgwlnot.dll AppInit_DLLs: c:\windows\system32\acaptuser32.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL LSA: Authentication Packages = msv1_0 relog_ap ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\minghu~1\applic~1\mozilla\firefox\profiles\fkwiun36.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157 FF - prefs.js: keyword.URL - hxxp://sg.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_sg&p= FF - prefs.js: network.proxy.type - 2 FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\program files\mozilla firefox\components\CheckTudouVa.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== =============== Created Last 30 ================ 2009-11-05 11:29:32 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll 2009-11-05 11:27:42 0 d-----w- c:\windows\ERUNT 2009-11-05 11:23:15 0 d-----w- C:\SDFix 2009-11-05 11:15:53 0 d-----w- c:\program files\Trend Micro 2009-11-05 11:03:06 0 d-----w- C:\Malwarebytes' Anti-Malware 2009-11-05 09:33:00 98816 ----a-w- c:\windows\sed.exe 2009-11-05 09:33:00 77312 ----a-w- c:\windows\MBR.exe 2009-11-05 09:33:00 236544 ----a-w- c:\windows\PEV.exe 2009-11-05 09:33:00 161792 ----a-w- c:\windows\SWREG.exe 2009-11-05 09:32:47 0 d-----w- C:\ComboFix 2009-11-04 16:17:01 119808 ----a-w- C:\VundoFix.exe 2009-11-04 16:11:35 166064 ----a-w- C:\FixVundo.exe 2009-11-04 16:11:33 96978 ----a-w- C:\VirtumundoBeGone.exe 2009-11-04 16:10:51 3533737 ----a-r- C:\ComboFix.exe 2009-11-04 14:20:25 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2009-11-04 14:20:10 0 d-----w- c:\program files\SUPERAntiSpyware 2009-11-04 14:20:10 0 d-----w- c:\docume~1\minghu~1\applic~1\SUPERAntiSpyware.com 2009-11-04 14:12:55 0 d-----w- C:\$AVG 2009-11-04 14  32 0 d-----w- c:\docume~1\alluse~1\applic~1\avg92009-11-04 13:53:09 416 ----a-w- c:\windows\is-HUCI1.lst 2009-11-04 13:53:09 10498 ----a-w- c:\windows\is-HUCI1.msg 2009-11-04 13:15:46 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-11-04 13:15:41 44 ----a-w- c:\windows\system32\statistics.dat 2009-11-04 13:15:40 54 ----a-w- c:\windows\system32\rp_stats.dat 2009-11-04 13:15:40 39 ----a-w- c:\windows\system32\rp_rules.dat 2009-11-04 13:15:19 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2009-11-04 13:09:47 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-11-04 13:09:27 0 d-----w- c:\program files\Lavasoft 2009-10-29 12:35:05 0 d-sh--w- c:\documents and settings\ming hui\PrivacIE 2009-10-24 13:46:44 0 d-----w- c:\program files\LimeWire Ultra Accelerator 2009-10-20 15:50:31 0 d-----w- C:\ext hard drive ==================== Find3M ==================== 2009-11-05 11:25:16 8565176 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-11-05 11:25:16 648990752 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-11-04 14:10:11 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-11-04 14:10:11 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-11-04 14:10:01 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2009-11-03 08:33:37 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2009-10-27 13:19:05 4858 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-10-10 20:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-09-12 08:48:30 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys 2009-09-12 08:48:30 441760 ----a-w- c:\windows\system32\drivers\timntr.sys 2009-09-12 08:48:26 132224 ----a-w- c:\windows\system32\drivers\snapman.sys 2009-09-12 08:47:58 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys 2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 06:54:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 06:53:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-06 12:52:07 362240 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 08:08:21 916480 ------w- c:\windows\system32\wininet.dll 2009-08-26 08:00:21 247326 ------w- c:\windows\system32\strmdll.dll 2009-08-17 15:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-05-03 06:14:03 11574784 ----a-w- c:\program files\Vodafone Mobile Connect.msi 2009-05-03 06:13:14 3584 ----a-w- c:\program files\2057.MST 2009-01-03 08:02:35 183 ----a-w- c:\program files\SetupSPU.log 2009-01-03 08:02:27 365 ----a-w- c:\program files\SPU.log 2009-01-03 08:02:13 386 ----a-w- c:\program files\SPS.log 2009-01-03 08:02:08 183 ----a-w- c:\program files\SetupSPS.log 2009-01-03 08:02:01 344 ----a-w- c:\program files\RadioControl.log 2009-01-03 08:02:01 187 ----a-w- c:\program files\SetupRC.log 2009-01-03 08:01:58 179 ----a-w- c:\program files\SetupHK.log 2009-01-03 08:01:57 350 ----a-w- c:\program files\HotkeyUtility.log 2009-01-03 08:01:54 165 ----a-w- c:\program files\SetupFA.log 2009-01-03 08:01:53 323 ----a-w- c:\program files\FlashAid.log 2009-01-03 08:01:03 194 ----a-w- c:\program files\DisplayManager.log 2009-01-03 08:00:39 164 ----a-w- c:\program files\SetupSEU.log 2009-01-03 08:00:38 375 ----a-w- c:\program files\SEU.log 2009-01-03 08:00:30 156 ----a-w- c:\program files\NaviSetup.log 2009-01-03 07:59:15 171 ----a-w- c:\program files\wacom.log 2009-01-03 07:58:55 262 ----a-w- c:\program files\Video.log 2009-01-03 07:58:28 161 ----a-w- c:\program files\Omnipass.log 2009-01-03 07:56:56 191 ----a-w- c:\program files\Mouse.log 2009-01-03 07:56:37 172 ----a-w- c:\program files\Audio.log 2006-01-07 18:09:14 13 ----a-w- c:\program files\IMAGE1.DAT 2009-05-05 08:16:33 8 --sh--r- c:\windows\system32\C2E6D56DF9.sys ============= FINISH: 23:24:42.43 =============== |
|
     
|
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
11-11-2009, 06:56 AM
|
#3 (permalink) |
|
Registered User
Join Date: May 2008
Posts: 4
OS: win xp service pack 2
|
It's been more than 5 days! Need help for bad image error!
Hi, Sorry to be posting again.. But nobody has yet replied to my previous thread when it's been 5 days already.. I'm really getting desperate as my problems are not solves.
I've been having several problems in my com, which is running on windows xp sp3. 1. Recently, it has been running slower than usual. If i switch my com on and leave it alone for a while, a blue error screen appears which says "A problem has been detected and windows has been shutdown to prevent damage to your computer" 2. I'm unable to start up malwarebytes. Everytime i try to start it up, a bad image msg occurs which says "The application or DLL C:\WINDOWS\system32\MSVBVM.DLL is not a valid Windows image. Please check this against your installation diskette." I have read through other forum threads and have tried methods such as SDfix and ComboFix. Unfortunately, they do not work and the problems persist. I am unable to use system restore, even in safe mode. I have installed HijackThis but when i try to start the program, the same bad image error msg which comes up for malwarebytes appears. I have run antivirus and antispyware checks but nothing turns up. I have access to a boot cd. I am at a loss as to how to solve this problem. Please help. Thanks. DDS (Ver_09-10-26.01) - NTFSx86 Run at 23:23:51.12 on Thu 11/05/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17 ============== Running Processes =============== ============== Pseudo HJT Report =============== uInternet Connection Wizard,ShellNext = hxxp://www.pc-ap.fujitsu.com/ uInternet Settings,ProxyOverride = local uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll mWinlogon: UIHost=c:\windows\system32\logonui.exe BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [TabletWizard] c:\windows\help\SplshWrp.exe mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe" mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [LoadBtnHnd] "c:\program files\fujitsu\btnhnd\BtnHnd.exe" mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [LoadFUJ02E3] "c:\program files\fujitsu\fuj02e3\FUJ02E3.exe" mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe" mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe" mRun: [OSSelectorReinstall] c:\program files\common files\acronis\acronis disk director\oss_reinstall.exe mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog StartupFolder: c:\docume~1\minghu~1\startm~1\programs\startup\be30~1.lnk - c:\program files\tudou\·éėłtudou\TudouVa.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll Trusted Zone: hotmail.com Trusted Zone: live.com Trusted Zone: msn.com Trusted Zone: passport.com DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} - hxxps://intouch.nhg.com.sg/vdesk/cachecleaner.cab#version=6020,2007,1001,2137 DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://intouch.nhg.com.sg/vdesk/terminal/InstallerControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll Notify: TabBtnWL - TabBtnWL.dll Notify: tpgwlnotify - tpgwlnot.dll AppInit_DLLs: c:\windows\system32\acaptuser32.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL LSA: Authentication Packages = msv1_0 relog_ap ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\minghu~1\applic~1\mozilla\firefox\profiles\fkwiun36.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157 FF - prefs.js: keyword.URL - hxxp://sg.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_sg&p= FF - prefs.js: network.proxy.type - 2 FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\program files\mozilla firefox\components\CheckTudouVa.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== =============== Created Last 30 ================ 2009-11-05 11:29:32 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll 2009-11-05 11:27:42 0 d-----w- c:\windows\ERUNT 2009-11-05 11:23:15 0 d-----w- C:\SDFix 2009-11-05 11:15:53 0 d-----w- c:\program files\Trend Micro 2009-11-05 11:03:06 0 d-----w- C:\Malwarebytes' Anti-Malware 2009-11-05 09:33:00 98816 ----a-w- c:\windows\sed.exe 2009-11-05 09:33:00 77312 ----a-w- c:\windows\MBR.exe 2009-11-05 09:33:00 236544 ----a-w- c:\windows\PEV.exe 2009-11-05 09:33:00 161792 ----a-w- c:\windows\SWREG.exe 2009-11-05 09:32:47 0 d-----w- C:\ComboFix 2009-11-04 16:17:01 119808 ----a-w- C:\VundoFix.exe 2009-11-04 16:11:35 166064 ----a-w- C:\FixVundo.exe 2009-11-04 16:11:33 96978 ----a-w- C:\VirtumundoBeGone.exe 2009-11-04 16:10:51 3533737 ----a-r- C:\ComboFix.exe 2009-11-04 14:20:25 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2009-11-04 14:20:10 0 d-----w- c:\program files\SUPERAntiSpyware 2009-11-04 14:20:10 0 d-----w- c:\docume~1\minghu~1\applic~1\SUPERAntiSpyware.com 2009-11-04 14:12:55 0 d-----w- C:\$AVG 2009-11-04 1432 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9 2009-11-04 13:53:09 416 ----a-w- c:\windows\is-HUCI1.lst 2009-11-04 13:53:09 10498 ----a-w- c:\windows\is-HUCI1.msg 2009-11-04 13:15:46 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-11-04 13:15:41 44 ----a-w- c:\windows\system32\statistics.dat 2009-11-04 13:15:40 54 ----a-w- c:\windows\system32\rp_stats.dat 2009-11-04 13:15:40 39 ----a-w- c:\windows\system32\rp_rules.dat 2009-11-04 13:15:19 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2009-11-04 13:09:47 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-11-04 13:09:27 0 d-----w- c:\program files\Lavasoft 2009-10-29 12:35:05 0 d-sh--w- c:\documents and settings\ming hui\PrivacIE 2009-10-24 13:46:44 0 d-----w- c:\program files\LimeWire Ultra Accelerator 2009-10-20 15:50:31 0 d-----w- C:\ext hard drive ==================== Find3M ==================== 2009-11-05 11:25:16 8565176 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-11-05 11:25:16 648990752 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-11-04 14:10:11 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-11-04 14:10:11 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-11-04 14:10:01 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2009-11-03 08:33:37 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2009-10-27 13:19:05 4858 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-10-10 20:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-09-12 08:48:30 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys 2009-09-12 08:48:30 441760 ----a-w- c:\windows\system32\drivers\timntr.sys 2009-09-12 08:48:26 132224 ----a-w- c:\windows\system32\drivers\snapman.sys 2009-09-12 08:47:58 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys 2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 06:54:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 06:53:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-06 12:52:07 362240 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 08:08:21 916480 ------w- c:\windows\system32\wininet.dll 2009-08-26 08:00:21 247326 ------w- c:\windows\system32\strmdll.dll 2009-08-17 15:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-05-03 06:14:03 11574784 ----a-w- c:\program files\Vodafone Mobile Connect.msi 2009-05-03 06:13:14 3584 ----a-w- c:\program files\2057.MST 2009-01-03 08:02:35 183 ----a-w- c:\program files\SetupSPU.log 2009-01-03 08:02:27 365 ----a-w- c:\program files\SPU.log 2009-01-03 08:02:13 386 ----a-w- c:\program files\SPS.log 2009-01-03 08:02:08 183 ----a-w- c:\program files\SetupSPS.log 2009-01-03 08:02:01 344 ----a-w- c:\program files\RadioControl.log 2009-01-03 08:02:01 187 ----a-w- c:\program files\SetupRC.log 2009-01-03 08:01:58 179 ----a-w- c:\program files\SetupHK.log 2009-01-03 08:01:57 350 ----a-w- c:\program files\HotkeyUtility.log 2009-01-03 08:01:54 165 ----a-w- c:\program files\SetupFA.log 2009-01-03 08:01:53 323 ----a-w- c:\program files\FlashAid.log 2009-01-03 08:01:03 194 ----a-w- c:\program files\DisplayManager.log 2009-01-03 08:00:39 164 ----a-w- c:\program files\SetupSEU.log 2009-01-03 08:00:38 375 ----a-w- c:\program files\SEU.log 2009-01-03 08:00:30 156 ----a-w- c:\program files\NaviSetup.log 2009-01-03 07:59:15 171 ----a-w- c:\program files\wacom.log 2009-01-03 07:58:55 262 ----a-w- c:\program files\Video.log 2009-01-03 07:58:28 161 ----a-w- c:\program files\Omnipass.log 2009-01-03 07:56:56 191 ----a-w- c:\program files\Mouse.log 2009-01-03 07:56:37 172 ----a-w- c:\program files\Audio.log 2006-01-07 18:09:14 13 ----a-w- c:\program files\IMAGE1.DAT 2009-05-05 08:16:33 8 --sh--r- c:\windows\system32\C2E6D56DF9.sys P.S Attach.zip is in my previous thread (!! Need help for bad image error !!) as i'm unable to upload the same file. |
|
|
|
|
11-11-2009, 09:51 PM
|
#4 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 27,035
OS: WinXP and Vista
|
Re: !! Need help for bad image error !!
Hello brightstarz,
The ComboFix Disclaimer clearly states the tool is only to be run under guidance. Given the nature of today's malware, it would be wise to heed that advice in the future. I'll need to see that report. You'll find it at C:\ComboFix.txt If it did not run, please tell me exactly what happened when you tried to run it. Do not run it again unless directed to. |
|
|
|
|
| Thread Tools | |
|
|
