Jump to content
Sign in to follow this  
Z4CK56

Keep Getting "bad Image" Error

Recommended Posts

I keep getting this bad image error everytime my mcafee trys to run or i am trying to uninstall it. After clicking "ok" in the message box about 50 times everytime the same one of those pops up the program will run/open but it is just a blank screen. The same thing happens when i try to run safari. Im not sure if it has affected any other programs of mine.

I have run an AVG scan and have found no issues and i also ran a CCLean clean along with the CClean reg clean. All of those did not fix the problem.

E398ADA39B044C54808A09B3D49548DB: mcshell.exe - bad image

C:\Windows\SysWOW64\msls31.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support.

 

Computer Specs

MS Windows Vista Home Premium 64-Bit SP2

CPU - Intel Pentium E53000, Wolfdale 65nm Technology

RAM - 6.0GB Dual Channel DDR2

MB - Pegatron Corporation Benicia

Graphics - E307VL, Intel® G33/G31 Express Chipset Family

HD - 625.13GB WDC

Optical Drive - HL-DT-ST DVD RAM GH40L

Audio - Realtek HD Audio

 

Much Appreciated for your help

 

DDS log

DDS (Ver_09-09-29.01) - NTFSx86

Run by admin at 16:10:11.52 on Mon 09/13/2010

Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_20

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt

mLocal Page = c:\windows\syswow64\blank.htm

uInternet Settings,ProxyOverride = local;*.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll

mWinlogon: Userinit=userinit.exe

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files (x86)\mcafee\virusscan\scriptsn.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files (x86)\yahoo!\companion\installs\cpn\YTSingleInstance.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\hp odometer\hpsysdrv.exe

mRun: [HP Health Check Scheduler] c:\program files (x86)\hewlett-packard\hp health check\HPHC_Scheduler.exe

mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe

mRun: [updatePSTShortCut] "c:\program files (x86)\cyberlink\cyberlink dvd suite deluxe\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\cyberlink dvd suite deluxe" updatewithcreateonce "software\cyberlink\PowerStarter"

mRun: [updatePDIRShortCut] "c:\program files (x86)\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"

mRun: [updateP2GoShortCut] "c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"

mRun: [updateLBPShortCut] "c:\program files (x86)\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"

mRun: [TSMAgent] "c:\program files (x86)\hewlett-packard\touchsmart\media\TSMAgent.exe"

mRun: [nmctxth] "c:\program files (x86)\common files\pure networks shared\platform\nmctxth.exe"

mRun: [mcagent_exe] "c:\program files (x86)\mcafee.com\agent\mcagent.exe" /runkey

mRun: [DVDAgent] "c:\program files (x86)\hewlett-packard\media\dvd\DVDAgent.exe"

mRun: [CLMLServer for HP TouchSmart] "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe"

mRun: [AppleSyncNotifier] c:\program files (x86)\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"

mRun: [hpqSRMon]

mRun: [MaxMenuMgr] "c:\program files (x86)\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"

mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime

mRun: [DivXUpdate] "c:\program files (x86)\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"

mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\McIEPlg.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files (x86)\common files\pure networks shared\platform\puresp4.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\McIEPlg.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\0lmqv14k.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - plugin: c:\program files (x86)\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\users\admin\appdata\local\yahoo!\browserplus\2.7.1\plugins\npybrowserplus_2.7.1.dll

FF - plugin: c:\users\admin\appdata\roaming\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

 

============= SERVICES / DRIVERS ===============

 

 

============== File Associations ===============

 

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

 

=============== Created Last 30 ================

 

2010-09-13 16:05 <DIR> --d----- c:\program files (x86)\Trend Micro

2010-09-12 20:08 <DIR> --d----- c:\windows\system32\drivers\avg

2010-09-11 21:23 <DIR> --d----- c:\programdata\AVG Security Toolbar

2010-09-11 21:23 <DIR> --d----- c:\progra~3\AVG Security Toolbar

2010-09-11 21:20 <DIR> --d----- c:\program files (x86)\AVG

2010-09-11 21:20 <DIR> --d----- c:\programdata\avg9

2010-09-11 21:20 <DIR> --d----- c:\progra~3\avg9

2010-09-11 21:05 <DIR> --d----- c:\program files (x86)\Citrix

2010-09-11 21:05 103,784 a------- c:\users\admin\GoToAssistDownloadHelper.exe

2010-08-29 19:51 <DIR> --d----- c:\programdata\Symantec

2010-08-29 19:51 <DIR> --d----- c:\progra~3\Symantec

2010-08-25 19:03 <DIR> --d----- c:\users\admin\appdata\roaming\Canneverbe Limited

2010-08-25 19:03 <DIR> --d----- c:\programdata\Canneverbe Limited

2010-08-25 19:03 <DIR> --d----- c:\progra~3\Canneverbe Limited

2010-08-25 18:46 <DIR> --d----- c:\users\admin\appdata\roaming\InfraRecorder

2010-08-25 18:45 <DIR> --d----- c:\program files (x86)\Free Offers from Freeze.com

2010-08-25 16:07 <DIR> --d----- C:\Temp

2010-08-25 15:46 172,032 a------- c:\windows\system32\scrr1d30.rra

2010-08-25 15:46 89,360 a------- c:\windows\system32\VB5DB.DLL

2010-08-25 15:44 815,104 a------- c:\windows\system32\xvidcore.dll

2010-08-25 15:44 180,224 a------- c:\windows\system32\xvidvfw.dll

2010-08-25 15:44 <DIR> --d----- c:\program files (x86)\Xvid

2010-08-25 15:44 <DIR> --d----- c:\programdata\QueryExplorer

2010-08-25 15:44 <DIR> --d----- c:\program files (x86)\QueryExplorer

2010-08-25 15:44 <DIR> --d----- c:\progra~3\QueryExplorer

2010-08-22 13:35 <DIR> --d----- C:\divx

2010-08-21 13:06 <DIR> --d----- c:\programdata\Logishrd

2010-08-21 13:04 <DIR> --d----- c:\users\admin\appdata\roaming\Logishrd

 

==================== Find3M ====================

 

2010-09-08 21:11 4,910 a------- c:\users\admin\appdata\roaming\wklnhst.dat

2010-09-05 13:48 143,360 a------- c:\windows\inf\infstrng.dat

2010-09-05 13:48 143,360 a------- c:\windows\inf\infstor.dat

2010-09-05 13:48 86,016 a------- c:\windows\inf\infpub.dat

2010-06-30 19:53 77,406 a------- c:\windows\hpqins05.dat

2010-06-30 00:12 13,312 a------- c:\windows\LPRES.DLL

2010-06-26 00:05 916,480 a------- c:\windows\system32\wininet.dll

2010-06-26 00:02 109,056 a------- c:\windows\system32\iesysprep.dll

2010-06-26 00:02 71,680 a------- c:\windows\system32\iesetup.dll

2010-06-25 22:25 133,632 a------- c:\windows\system32\ieUnatt.exe

2010-06-22 21:55 178,391 a------- c:\windows\hpwins20.dat

2010-06-18 11:31 36,864 a------- c:\windows\system32\rtutils.dll

2010-06-15 22:36 411,368 a------- c:\windows\system32\deployJava1.dll

2010-05-27 15:01 87 a------- c:\users\admin\jagex_runescape_preferences2.dat

2010-05-27 15:00 42 a------- c:\users\admin\jagex_runescape_preferences.dat

2010-05-15 21:48 0 a------- c:\users\admin\jagex__preferences3.dat

2010-02-09 22:08 665,600 a------- c:\windows\inf\drvindex.dat

2008-01-20 21:21 174 a--sh--- c:\program files (x86)\desktop.ini

2006-11-02 09:14 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat

2006-11-02 09:14 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat

2006-11-02 09:14 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat

2006-11-02 09:14 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat

2006-11-02 04:52 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 04:52 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 04:52 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 04:52 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

2009-11-28 22:59 245,760 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

 

============= FINISH: 16:10:43.92 ===============

 

Attach Log

==== Installed Programs ======================

 

4660_4680_Help

Acrobat.com

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.3.4

Apple Application Support

Apple Software Update

AVG 9.0

AviSynth 2.5

AVS Update Manager 1.0

AVS Video Editor 4 4.2.1.166

AVS Video Recorder 2.4 (Service Version)

AVS YouTube Uploader version 2.1

AVS4YOU Software Navigator 1.3

BPD_HPSU

bpd_scan

BPDSoftware

BPDSoftware_Ini

BufferChm

CCleaner

Civilization III Complete Edition

Command & Conquer Generals

Command & Conquer Red Alert 2

Command & Conquer Tiberian Sun

Command && Conquer Red Alert 2 - Yuri's Revenge

Command and ConquerTM Generals Zero Hour

Compatibility Pack for the 2007 Office system

CustomerResearchQFolder

CyberLink DVD Suite Deluxe

Defraggler

Destination Component

DeviceDiscovery

DeviceManagementQFolder

DirectX for Managed Code Update (Summer 2004)

DivX Codec

DivX Converter

DivX Setup

DocMgr

DocProc

DocProcQFolder

eReg

eSupportQFolder

Fax

FrostWire 4.18.6

GameSpy Arcade

GPBaseService

GPBaseService2

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hoyle Casino 5

HP Active Support Library

HP Advisor

HP Customer Experience Enhancements

HP MediaSmart Demo

HP MediaSmart DVD

HP MediaSmart Music/Photo/Video

HP Odometer

HP Photosmart Essential 2.5

HP Picasso Media Center Add-In

HP Recovery Manager RSS

HP Support Information

HP Total Care Setup

HP Update

HPAsset component for HP Active Support Library

HPProductAssistant

HPSSupply

iPhone Configuration Utility

J4680

Java Auto Updater

Java 6 Update 20

Java 6 Update 3

Java 6 Update 7

Java SE Runtime Environment 6 Update 1

LabelPrint

LightScribe System Software

Linksys EasyLink Advisor

Logitech Touch Mouse Server 1.0

MarketResearch

McAfee SecurityCenter

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Works

Move Media Player

Mozilla Firefox (3.6.9)

MSVCSetup

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NMSAccessU

Palringo

PartyPoker

PictureMover

Power2Go

PowerDirector

ProductContext

PSSWCORE

Pure Networks Platform

Python 2.6 pywin32-212

Python 2.6.1

QueryExplorer 1.0 build 117

QuickTime

Realtek High Definition Audio Driver

Safari

Scan

Seagate Manager Installer

SimCity™ Societies

SimTheme Park

SmartWebPrinting

SolutionCenter

Speccy

Status

TBS WMP Plug-in

Toolbox

TrayApp

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

VC80CRTRedist - 8.0.50727.4053

Videora iPhone Converter 5.03

VideoToolkit01

Visual C++ 8.0 Runtime Setup Package (x64)

Warcraft III

Warcraft III: All Products

WebEx Support Manager for Internet Explorer

WebReg

Westwood Shared Internet Components

Xvid 1.2.1 final uninstall

Yahoo! BrowserPlus 2.7.1

Yahoo! Toolbar

 

==== End Of File ===========================

Share this post


Link to post
Share on other sites

HJT Logfile

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:28:00 PM, on 9/13/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18943)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe

C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\AVG\AVG9\avgtray.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\PROGRA~2\COMMON~1\McAfee\MSC\McUICnt.exe

C:\Users\admin\Desktop\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

F2 - REG:system.ini: UserInit=userinit.exe

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [updatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

O4 - HKLM\..\Run: [updatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

O4 - HKLM\..\Run: [updateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [updateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"

O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agr64svc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe

O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe

O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccessU.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: QueryExplorer Service - Unknown owner - C:\ProgramData\QueryExplorer\queryexplorer117.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 14731 bytes

 

I appreciate your time and help

Share this post


Link to post
Share on other sites

Hello Z4CK56 and :wp:

 

My name is JonTom

 

  • Malware Logs can sometimes take a lot of time to research and interpret.

  • Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.

  • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.

  • Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.

  • PLEASE NOTE: If you do not reply after 5 days your thread will be closed.

 

Many of the tools we use do not run on 64-bit systems. I am happy to take a look at your machine but there may be limitations on what we can actually fix.

 

 

  • Download and run OTL by Oldtimer

     

     

    • Please download OTL by Oldtimer by clicking here and save the file (called OTL.exe) to your desktop.
    • Close all open windows on your computer then Right click on the OTL.exe icon and select "Run as Administrator" to run the program.
    • Check the boxes beside "LOP Check" and "Purity Check".
    • Under Custom Scan paste this in:

    netsvcs

    %SYSTEMDRIVE%\*.exe

    /md5start

    eventlog.dll

    scecli.dll

    netlogon.dll

    cngaudit.dll

    sceclt.dll

    ntelogon.dll

    logevent.dll

    iaStor.sys

    nvstor.sys

    atapi.sys

    IdeChnDr.sys

    viasraid.sys

    AGP440.sys

    vaxscsi.sys

    nvatabus.sys

    viamraid.sys

    nvata.sys

    nvgts.sys

    iastorv.sys

    ViPrt.sys

    eNetHook.dll

    ahcix86.sys

    KR10N.sys

    nvstor32.sys

    ahcix86s.sys

    nvrd32.sys

    symmpi.sys

    adp3132.sys

    /md5stop

    %systemroot%\*. /mp /s

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\system32\drivers\*.sys /lockedfiles

    %systemroot%\System32\config\*.sav

    %systemroot%\system32\drivers\*.sys /90

    CREATERESTOREPOINT

    • Click the "Run Scan" button. Do not change any settings unless specifically told to do so. The scan will not take long.

    • When the scan completes, it will open two notepad windows: OTL.Txt and Extras.Txt.
    • Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please Copy and Paste the contents of both files in your next reply. You may need two posts to fit them both in.

  • Please scan your system with GMER

     

     

    Posted Image

    Download GMER Rootkit Scanner from here or here.

    • Extract the contents of the zipped file to desktop.
    • Right click GMER.exe and select £Run as Administrator" to run the program. If asked to allow gmer.sys driver to load, please consent.
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

  • Save it where you can easily find it, such as your desktop, and post it in your reply.

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

Please post the OTL logs and the GMER log in your next reply.

 

If you encounter any difficulties with the scans just come back and let me know.

 

 

Share this post


Link to post
Share on other sites

Once the otl scan started creating a restore point the "bad image" error occured: OTL: OTL.exe Bad Image C:\Windows\System32\VBScript.dll, after i clicked ok it continued on with the scan perfectly fine.

Once i opened the gmer scan the only boxes that were checked were services, registry, files, C:\, and ADS. the rest were grayed out. Also after the scan finished it told me that it had found no changes to the registry and after i saved i opened the file and it was blank. so there isnt a log for the gmer scan that i can post.

By the way thank you so much for helping me out. I greatly appreciate it.

 

OTL Scan

OTL logfile created on: 9/15/2010 4:42:56 PM - Run 1

OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\admin\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 63.00% Memory free

12.00 Gb Paging File | 10.00 Gb Available in Paging File | 80.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 582.50 Gb Total Space | 334.04 Gb Free Space | 57.35% Space Free | Partition Type: NTFS

Drive D: | 13.67 Gb Total Space | 2.19 Gb Free Space | 16.00% Space Free | Partition Type: NTFS

Drive E: | 40.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ADMIN-PC

Current User Name: admin

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 

========== Processes (SafeList) ==========

 

PRC - [2010/09/15 16:33:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe

PRC - [2010/09/11 21:22:36 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe

PRC - [2010/09/11 21:22:21 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe

PRC - [2010/09/11 21:22:00 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe

PRC - [2010/09/11 21:22:00 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgam.exe

PRC - [2010/09/11 21:21:58 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

PRC - [2010/09/08 11:09:18 | 000,057,624 | ---- | M] () -- C:\ProgramData\QueryExplorer\queryexplorer117.exe

PRC - [2010/09/08 11:09:18 | 000,057,624 | ---- | M] () -- C:\Program Files (x86)\QueryExplorer\queryexplorer.exe

PRC - [2010/09/01 00:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/06/15 22:36:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWOW64\java.exe

PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe

PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe

PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe

PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe

PRC - [2009/09/25 23:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe

PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe

PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe

PRC - [2009/07/07 17:45:22 | 000,436,752 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Common Files\McAfee\MSC\McUICnt.exe

PRC - [2009/05/07 23:30:22 | 000,192,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSM\McSmtFwk.exe

PRC - [2009/04/10 00:26:02 | 001,328,424 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

PRC - [2009/04/10 00:22:06 | 000,185,640 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

PRC - [2009/03/19 11:54:52 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe

PRC - [2008/12/04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2008/12/04 13:00:20 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

PRC - [2008/11/13 13:43:49 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe

PRC - [2007/02/14 13:52:16 | 000,065,536 | ---- | M] () -- C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccessU.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2010/09/15 16:33:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe

MOD - [2010/09/08 11:09:52 | 000,577,536 | ---- | M] () -- C:\Program Files (x86)\QueryExplorer\queryexplorer.dll

MOD - [2010/04/01 09:57:36 | 000,015,056 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll

MOD - [2009/12/23 05:33:29 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll

MOD - [2008/01/20 20:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx

MOD - [2008/01/20 20:48:37 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll

MOD - [2006/11/02 02:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2010/05/06 03:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV:64bit: - [2009/09/16 11:23:32 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV:64bit: - [2009/09/16 10:15:32 | 000,155,456 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)

SRV:64bit: - [2008/08/26 08:02:20 | 000,016,896 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)

SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2007/02/14 13:52:16 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccessU.exe -- (NMSAccessU)

SRV - [2010/09/11 21:22:00 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)

SRV - [2010/09/11 21:21:58 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2010/09/08 11:09:18 | 000,057,624 | ---- | M] () [Auto | Running] -- C:\ProgramData\QueryExplorer\queryexplorer117.exe -- (QueryExplorer Service)

SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/06/30 14:23:12 | 000,431,432 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)

SRV - [2010/03/26 11:16:04 | 000,110,312 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)

SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)

SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)

SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)

SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)

SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)

SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)

SRV - [2008/12/04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2008/11/13 13:43:49 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)

SRV - [2007/10/14 21:15:16 | 000,963,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1000000.07D\SRTSPX64.SYS -- (SRTSPX)

DRV:64bit: - File not found [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1000000.07D\SRTSP64.SYS -- (SRTSP)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)

DRV:64bit: - [2010/09/11 21:23:24 | 000,056,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys -- (AvgRkx64)

DRV:64bit: - [2010/09/11 21:23:23 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)

DRV:64bit: - [2010/09/11 21:23:18 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)

DRV:64bit: - [2010/09/11 21:23:17 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)

DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2010/03/18 03:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2010/03/18 03:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2010/03/18 02:59:52 | 000,013,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidEqd.Sys -- (LHidEqd)

DRV:64bit: - [2010/03/18 02:59:44 | 000,074,320 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LEqdUsb.Sys -- (LEqdUsb)

DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2009/09/16 10:22:40 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)

DRV:64bit: - [2009/09/16 10:22:40 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)

DRV:64bit: - [2009/09/16 10:22:40 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)

DRV:64bit: - [2009/09/16 10:15:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)

DRV:64bit: - [2009/07/16 12:32:26 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\Mpfp.sys -- (MPFP)

DRV:64bit: - [2009/05/22 10:13:38 | 000,004,608 | ---- | M] (SupportSoft Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssrangdr.sys -- (ssrangdr)

DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/02/26 10:50:34 | 000,380,928 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netr7064.sys -- (rt70x64)

DRV:64bit: - [2009/02/26 05:46:34 | 010,276,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/02/02 12:59:18 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)

DRV:64bit: - [2009/01/20 10:49:30 | 001,254,400 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009/01/20 08:49:48 | 000,195,584 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2009/01/13 17:32:02 | 000,524,800 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr28x.sys -- (netr28x)

DRV:64bit: - [2008/12/12 18:05:18 | 000,033,072 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\purendis.sys -- (purendis)

DRV:64bit: - [2008/12/12 18:05:18 | 000,031,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\pnarp.sys -- (pnarp)

DRV:64bit: - [2008/12/04 06:48:52 | 000,407,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)

DRV:64bit: - [2008/02/22 00:10:36 | 000,196,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\FilmScan.sys -- (OV550I)

DRV:64bit: - [2008/01/20 20:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)

DRV:64bit: - [2008/01/20 20:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2006/09/18 15:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Secure Search"

FF - prefs.js..browser.search.selectedEngine: "Secure Search"

FF - prefs.js..extensions.enabledItems: [email protected]:7

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {27E679CC-6AAB-4B2A-BB87-096FE4178464}:1.0

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/08 15:47:48 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/11 23:11:54 | 000,000,000 | ---D | M]

 

[2010/06/05 20:46:10 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Mozilla\Extensions

[2010/09/15 09:32:42 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lmqv14k.default\extensions

[2010/07/20 17:07:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lmqv14k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/09/08 15:47:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/09/08 15:47:31 | 000,000,000 | ---D | M] (QueryExplorer) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}

[2010/06/15 22:36:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/06/15 22:36:16 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

 

O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)

O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)

O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()

O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [HP Remote Software] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe ()

O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpqSRMon] File not found

O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)

O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)

O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)

O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updateLBPShortCut] c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()

O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.87.85.102 68.87.69.150

O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)

O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/10/19 17:17:11 | 000,000,025 | R--- | M] () - E:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{26025e62-75a0-11de-aa33-00248c9cc39d}\Shell\AutoRun\command - "" = J:\WDSetup.exe -- File not found

O33 - MountPoints2\{9c768287-9e75-11de-82bd-00248c9cc39d}\Shell\AutoRun\command - "" = J:\JDLightning\Windows\JDLightning.exe -- File not found

O33 - MountPoints2\{9f1ddd31-91d7-11de-9f32-00248c9cc39d}\Shell\AutoRun\command - "" = CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\usr.exe

O33 - MountPoints2\{9f1ddd31-91d7-11de-9f32-00248c9cc39d}\Shell\open\command - "" = CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\usr.exe

O33 - MountPoints2\{9f1ddd34-91d7-11de-9f32-00248c9cc39d}\Shell - "" = AutoRun

O33 - MountPoints2\{9f1ddd34-91d7-11de-9f32-00248c9cc39d}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found

O33 - MountPoints2\K\Shell - "" = AutoRun

O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

 

CREATERESTOREPOINT

Error creating restore point.

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/09/15 16:33:18 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe

[2010/09/13 19:29:17 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\HJT

[2010/09/13 16:40:43 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\Log Files

[2010/09/13 16:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2010/09/12 20:35:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari

[2010/09/12 20:08:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\avg

[2010/09/11 22:54:58 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\AVG

[2010/09/11 22:33:18 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\AVG Security Toolbar

[2010/09/11 21:23:24 | 000,013,048 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll

[2010/09/11 21:23:23 | 000,056,008 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys

[2010/09/11 21:23:22 | 000,317,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys

[2010/09/11 21:23:18 | 000,269,904 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys

[2010/09/11 21:23:16 | 000,035,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys

[2010/09/11 21:23:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg

[2010/09/11 21:23:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar

[2010/09/11 21:20:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG

[2010/09/11 21:20:31 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9

[2010/09/11 21:05:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix

[2010/09/11 21:05:05 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Citrix

[2010/09/05 13:50:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/09/05 13:50:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/09/03 20:07:33 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\Archive

[2010/08/29 19:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec

[2010/08/25 19:03:28 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Canneverbe Limited

[2010/08/25 19:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited

[2010/08/25 18:46:08 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\InfraRecorder

[2010/08/25 18:45:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Offers from Freeze.com

[2010/08/25 16:07:19 | 000,000,000 | ---D | C] -- C:\Temp

[2010/08/25 15:46:46 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrr1d30.rra

[2010/08/25 15:46:45 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB5DB.DLL

[2010/08/25 15:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\Cheetah Burner

[2010/08/25 15:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid

[2010/08/25 15:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\QueryExplorer

[2010/08/25 15:44:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QueryExplorer

[2010/08/22 16:45:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2010/08/22 16:44:57 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\Movies

[2010/08/22 13:35:56 | 000,000,000 | ---D | C] -- C:\divx

[2010/08/21 16:11:40 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech

[2010/08/21 15:08:18 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Logishrd

[2010/08/21 13:08:27 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Logitech

[2010/08/21 13:07:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd

[2010/08/21 13:07:25 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys

[2010/08/21 13:06:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd

[2010/08/21 13:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd

[2010/08/21 13:04:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd

[2010/08/21 13:04:39 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Logishrd

 

========== Files - Modified Within 30 Days ==========

 

[2010/09/15 16:45:32 | 002,883,584 | -HS- | M] () -- C:\Users\admin\NTUSER.DAT

[2010/09/15 16:40:50 | 000,284,915 | ---- | M] () -- C:\Users\admin\Desktop\gmer.zip

[2010/09/15 16:33:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe

[2010/09/15 16:28:56 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/09/15 16:28:56 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/09/15 16:28:56 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/09/15 16:25:06 | 064,670,715 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm

[2010/09/15 16:24:37 | 000,038,561 | ---- | M] () -- C:\Windows\SysNative\Config.MPF

[2010/09/15 16:22:19 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/09/15 16:22:19 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/09/15 16:21:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/09/15 16:21:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/09/15 09:46:37 | 000,524,288 | -HS- | M] () -- C:\Users\admin\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms

[2010/09/15 09:46:37 | 000,065,536 | -HS- | M] () -- C:\Users\admin\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf

[2010/09/15 09:46:31 | 004,139,057 | -H-- | M] () -- C:\Users\admin\AppData\Local\IconCache.db

[2010/09/13 19:25:53 | 000,002,525 | ---- | M] () -- C:\Users\admin\Desktop\HiJackThis.lnk

[2010/09/12 20:35:55 | 000,000,584 | ---- | M] () -- C:\Users\admin\Documents\cc_20100912_203552.reg

[2010/09/12 20:35:23 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk

[2010/09/12 20:35:23 | 000,001,866 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2010/09/12 20:33:07 | 000,007,288 | ---- | M] () -- C:\Users\admin\Documents\cc_20100912_203303.reg

[2010/09/12 20:32:44 | 000,080,772 | ---- | M] () -- C:\Users\admin\Documents\cc_20100912_203227.reg

[2010/09/11 21:23:25 | 000,013,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll

[2010/09/11 21:23:25 | 000,001,651 | ---- | M] () -- C:\Users\Public\Desktop\AVG 9.0.lnk

[2010/09/11 21:23:24 | 000,056,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys

[2010/09/11 21:23:23 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys

[2010/09/11 21:23:18 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys

[2010/09/11 21:23:17 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys

[2010/09/11 21:23:16 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm

[2010/09/11 21:05:04 | 000,103,784 | ---- | M] () -- C:\Users\admin\GoToAssistDownloadHelper.exe

[2010/09/08 21:11:31 | 000,004,910 | ---- | M] () -- C:\Users\admin\AppData\Roaming\wklnhst.dat

[2010/09/06 20:58:11 | 000,016,896 | ---- | M] () -- C:\Users\admin\Desktop\TheKWHS.wps

[2010/09/06 20:52:37 | 000,002,469 | ---- | M] () -- C:\Users\admin\Desktop\Microsoft Works Word Processor.lnk

[2010/09/05 18:49:48 | 000,000,545 | ---- | M] () -- C:\Users\admin\Documents\hilo.yab

[2010/09/05 17:19:32 | 000,000,629 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf

[2010/09/05 13:51:07 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/09/05 13:43:33 | 000,001,460 | ---- | M] () -- C:\Users\admin\Desktop\DivX Movies.lnk

[2010/09/01 21:39:26 | 000,016,896 | ---- | M] () -- C:\Users\admin\Documents\2column script.wps

[2010/08/30 21:08:07 | 000,020,480 | ---- | M] () -- C:\Users\admin\Desktop\Confused.wps

[2010/08/29 13:36:28 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk

[2010/08/25 20:24:52 | 000,026,112 | ---- | M] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/08/24 20:37:05 | 000,017,408 | ---- | M] () -- C:\Users\admin\Desktop\advent.wps

[2010/08/24 20:27:32 | 000,019,456 | ---- | M] () -- C:\Users\admin\Desktop\TV.wps

[2010/08/22 16:46:14 | 000,001,718 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2010/08/21 19:56:34 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/08/21 13:07:25 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys

[2010/08/18 20:48:11 | 000,002,551 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\HP MediaSmart.lnk

 

========== Files Created - No Company Name ==========

 

[2010/09/15 16:40:50 | 000,284,915 | ---- | C] () -- C:\Users\admin\Desktop\gmer.zip

[2010/09/13 16:05:14 | 000,002,525 | ---- | C] () -- C:\Users\admin\Desktop\HiJackThis.lnk

[2010/09/12 20:35:54 | 000,000,584 | ---- | C] () -- C:\Users\admin\Documents\cc_20100912_203552.reg

[2010/09/12 20:35:23 | 000,001,866 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk

[2010/09/12 20:35:23 | 000,001,866 | ---- | C] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2010/09/12 20:33:05 | 000,007,288 | ---- | C] () -- C:\Users\admin\Documents\cc_20100912_203303.reg

[2010/09/12 20:32:29 | 000,080,772 | ---- | C] () -- C:\Users\admin\Documents\cc_20100912_203227.reg

[2010/09/11 21:23:25 | 000,001,651 | ---- | C] () -- C:\Users\Public\Desktop\AVG 9.0.lnk

[2010/09/11 21:23:16 | 064,670,715 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm

[2010/09/11 21:23:16 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm

[2010/09/11 21:05:03 | 000,103,784 | ---- | C] () -- C:\Users\admin\GoToAssistDownloadHelper.exe

[2010/09/06 20:58:11 | 000,016,896 | ---- | C] () -- C:\Users\admin\Desktop\TheKWHS.wps

[2010/09/05 18:49:48 | 000,000,545 | ---- | C] () -- C:\Users\admin\Documents\hilo.yab

[2010/09/05 13:51:06 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/09/01 21:39:25 | 000,016,896 | ---- | C] () -- C:\Users\admin\Documents\2column script.wps

[2010/08/30 20:55:17 | 000,020,480 | ---- | C] () -- C:\Users\admin\Desktop\Confused.wps

[2010/08/25 15:44:20 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2010/08/25 15:44:20 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2010/08/24 20:37:04 | 000,017,408 | ---- | C] () -- C:\Users\admin\Desktop\advent.wps

[2010/08/24 20:27:32 | 000,019,456 | ---- | C] () -- C:\Users\admin\Desktop\TV.wps

[2010/08/22 16:46:14 | 000,001,718 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2010/08/21 13:05:55 | 000,356,014 | ---- | C] () -- C:\Users\admin\AppData\Local\dd_vcredistMSI4F02.txt

[2010/08/21 13:05:55 | 000,011,446 | ---- | C] () -- C:\Users\admin\AppData\Local\dd_vcredistUI4F02.txt

[2010/06/30 00:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL

[2010/04/14 20:15:04 | 000,420,352 | ---- | C] () -- C:\Windows\SysWow64\vbscript.dll

[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2010/01/01 16:01:12 | 000,000,439 | ---- | C] () -- C:\Windows\SIERRA.INI

[2009/12/03 16:59:11 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2009/12/03 16:58:46 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/12/03 16:58:42 | 000,391,680 | ---- | C] () -- C:\Windows\SysWow64\mscms.dll

[2009/11/28 13:25:42 | 000,005,451 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2009/09/24 19:06:30 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2009/09/24 19:06:30 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest

[2009/08/22 15:27:04 | 000,156,160 | ---- | C] () -- C:\Windows\SysWow64\msls31.dll

[2009/07/31 15:30:01 | 000,026,112 | ---- | C] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/07/13 15:34:47 | 000,004,910 | ---- | C] () -- C:\Users\admin\AppData\Roaming\wklnhst.dat

[2009/07/13 12:49:56 | 000,000,680 | ---- | C] () -- C:\Users\admin\AppData\Local\d3d9caps.dat

[2009/04/22 04:18:42 | 000,354,816 | ---- | C] () -- C:\Windows\SysWow64\pythoncom26.dll

[2009/04/22 04:18:42 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\pywintypes26.dll

[2008/09/15 18:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll

[2008/09/15 18:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dtu100.dll.manifest

[2008/09/15 18:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dpl100.dll.manifest

[2008/09/15 18:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll

[2008/06/14 13:24:12 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\JpgLib.dll

[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

 

========== LOP Check ==========

 

[2009/07/13 17:27:24 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\BSD

[2010/08/25 19:03:28 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Canneverbe Limited

[2010/09/05 21:59:22 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\FrostWire

[2010/08/25 18:59:45 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\InfraRecorder

[2010/08/09 14:55:09 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Leadertech

[2009/07/12 17:50:50 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\PictureMover

[2009/12/11 23:22:43 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Red Kawa

[2010/05/22 20:28:54 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Registry Mechanic

[2010/05/25 21:15:45 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\SoundSpectrum

[2009/07/12 17:54:19 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\SupportSoft

[2009/07/13 15:34:49 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Template

[2009/10/09 18:01:33 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\WinBatch

[2010/06/15 01:14:23 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job

[2009/07/12 19:27:24 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job

[2010/07/31 10:43:39 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job

[2010/09/15 09:46:38 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.exe >

 

 

< MD5 for: AGP440.SYS >

[2008/01/20 20:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys

[2008/01/20 20:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

 

< MD5 for: ATAPI.SYS >

[2008/01/20 20:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys

[2009/04/11 01:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

 

< MD5 for: CNGAUDIT.DLL >

[2006/11/02 05:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll

[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll

[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll

[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 

< MD5 for: EVENTLOG.DLL >

[2007/05/17 22:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\Cyberlink\PowerDirector\EventLog.dll

 

< MD5 for: IASTOR.SYS >

[2008/12/04 06:48:52 | 000,407,064 | ---- | M] (Intel Corporation) MD5=8EACF469269FB1509561961A3188F670 -- C:\hp\drivers\Intel_Storage\IaStor.sys

[2008/12/04 12:48:52 | 000,407,064 | ---- | M] (Intel Corporation) MD5=8EACF469269FB1509561961A3188F670 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

[2008/12/04 12:34:52 | 000,328,728 | ---- | M] (Intel Corporation) MD5=BAABB0301949774A66B955C65319635A -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

 

< MD5 for: IASTORV.SYS >

[2008/01/20 20:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

 

< MD5 for: NETLOGON.DLL >

[2008/01/20 20:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll

[2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll

[2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corpora

Share this post


Link to post
Share on other sites

Hello Z4CK56

 

Thank you for the logs.

 

There are a few things we need to do here. You have number of different security programs installed, but if the popups prevent you from uninstalling them, we will need to run a script or two first.

 

Please do the following:

 

 

  • Please open OTL

     

     

    • Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.

       

      :OTL
      PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
      O4 - HKLM..\Run: [hpqSRMon] File not found
      O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
      O33 - MountPoints2\{26025e62-75a0-11de-aa33-00248c9cc39d}\Shell\AutoRun\command - "" = J:\WDSetup.exe -- File not found
      O33 - MountPoints2\{9c768287-9e75-11de-82bd-00248c9cc39d}\Shell\AutoRun\command - "" = J:\JDLightning\Windows\JDLightning.exe -- File not found
      O33 - MountPoints2\{9f1ddd31-91d7-11de-9f32-00248c9cc39d}\Shell\AutoRun\command - "" = CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\usr.exe
      O33 - MountPoints2\{9f1ddd31-91d7-11de-9f32-00248c9cc39d}\Shell\open\command - "" = CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\usr.exe
      O33 - MountPoints2\{9f1ddd34-91d7-11de-9f32-00248c9cc39d}\Shell - "" = AutoRun
      O33 - MountPoints2\{9f1ddd34-91d7-11de-9f32-00248c9cc39d}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
      O33 - MountPoints2\K\Shell - "" = AutoRun
      O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
      @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:D1B5B4F1
      
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [start explorer]
      [Reboot]
      
      

    • Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
    • Allow the program to run unhindered.
    • Your machine will re-start itself. This is normal.
    • A log will be created after your machine reboots. Please post the contents of the log in your next reply.

  • Please scan the following file

     

     

    • Please visit Virus Total by clicking here.
    • Click the Browse button and search for the following file (if present): C:\ProgramData\QueryExplorer\queryexplorer117.exe
    • Click Open.
    • Then click Send File.
    • Please be patient while the file is scanned.
    • If Virus Total tells you that the file has already been scanned, click "reanalyse now".
    • Once the scan results appear, copy and paste them into Notepad.
    • Please provide the results from the scan in your next reply.

    C:\Program Files (x86)\Free Offers from Freeze.com

    Did you install/use this program?

     

    Please post the OTL log and the Virus Total scan log in you next reply.

     

    Are you still receiving the "bad image" messages?

Share this post


Link to post
Share on other sites

As soon as i logged onto my computer today my avg software gave me a multiple threat detection warning popup.

File: C:\Program Files (x86)\QueryExplorer\queryexplorer.dll

Infection: Adware Generic4.ANOV

I had to check the box "Remove Threat as Power User" otherwise after i tried to remove it, it would say that i was interupted.

I don't know if this is related to my previous problem or not but i noticed that it had the .dll extension similar to my previous problem. Once i finish my virus scan i will post the logs.

Zach

 

EDIT:

Thank you for your quick reply.

I will run those scans as soon as my avg scan finishes. From the virus before so far the Multiple threat detection has found up to 30+ of the same file. Just thought i would update you.

Edited by Z4CK56

Share this post


Link to post
Share on other sites

here is the avg scan results.

I will run the other scans right now

 

AVG SCAN

"Scan ""Scan whole computer"" completed."

"Spyware";"9";"5";"4"

"Folders selected for scanning:";"Scan whole computer"

"Scan started:";"Thursday, September 16, 2010, 1:38:32 PM"

"Scan finished:";"Thursday, September 16, 2010, 2:36:23 PM (57 minute(s) 51 second(s))"

"Total object scanned:";"796258"

"User who launched the scan:";"admin"

 

"Spyware"

"File";"Infection";"Result"

"C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (1332)";"Adware Generic4.ANOV";""

"C:\Program Files (x86)\QueryExplorer\queryexplorer.dll";"Adware Generic4.ANOV";"Moved to Virus Vault"

"C:\Program Files (x86)\QueryExplorer\queryexplorer.dll";"Adware Generic4.ANOV";"Moved to Virus Vault"

"C:\Program Files (x86)\QueryExplorer\queryexplorer.dll";"Adware Generic4.ANOV";"Moved to Virus Vault"

"C:\Program Files (x86)\QueryExplorer\queryexplorer.dll";"Adware Generic4.ANOV";"Moved to Virus Vault"

"C:\Program Files (x86)\QueryExplorer\queryexplorer.dll";"Adware Generic4.ANOV";"Moved to Virus Vault"

"C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (3984)";"Adware Generic4.ANOV";""

"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (3828)";"Adware Generic4.ANOV";""

"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe (5312)";"Adware Generic4.ANOV";""

Share this post


Link to post
Share on other sites

Thank you again for your help

And quick question, with the virus total scan are the results all the anti virus programs i have? if so the only ones ive downloaded are bitdefender, mcafee, and avg.

 

And yes i am still getting the bad image error for, Setpoint, safari, mcafee, and/or others i may have not opened/run.

 

EDIT: Oh and no i did not install/use that program.

 

OTL SCAN

All processes killed

========== OTL ==========

No active process named explorer.exe was found!

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\hpqSRMon deleted successfully.

Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}

C:\ProgramData\webex\ieatgpc.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26025e62-75a0-11de-aa33-00248c9cc39d}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26025e62-75a0-11de-aa33-00248c9cc39d}\ not found.

File J:\WDSetup.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c768287-9e75-11de-82bd-00248c9cc39d}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c768287-9e75-11de-82bd-00248c9cc39d}\ not found.

File J:\JDLightning\Windows\JDLightning.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f1ddd31-91d7-11de-9f32-00248c9cc39d}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f1ddd31-91d7-11de-9f32-00248c9cc39d}\ not found.

File CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\usr.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f1ddd31-91d7-11de-9f32-00248c9cc39d}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f1ddd31-91d7-11de-9f32-00248c9cc39d}\ not found.

File CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\usr.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f1ddd34-91d7-11de-9f32-00248c9cc39d}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f1ddd34-91d7-11de-9f32-00248c9cc39d}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f1ddd34-91d7-11de-9f32-00248c9cc39d}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f1ddd34-91d7-11de-9f32-00248c9cc39d}\ not found.

File J:\LaunchU3.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ not found.

File K:\LaunchU3.exe not found.

ADS C:\ProgramData\Temp:D1B5B4F1 deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: admin

->Temp folder emptied: 2480849 bytes

->Temporary Internet Files folder emptied: 81928 bytes

->Java cache emptied: 45450756 bytes

->FireFox cache emptied: 47511252 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 46164 bytes

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Mcx1

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67339 bytes

->Flash cache emptied: 41620 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 197361 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 92.00 mb

 

 

[EMPTYFLASH]

 

User: admin

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: Default

->Flash cache emptied: 0 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: Mcx1

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0.00 mb

 

 

OTL by OldTimer - Version 3.2.12.1 log created on 09162010_144020

 

Files\Folders moved on Reboot...

File\Folder C:\Windows\temp\mcafee_lYd4wv0PgPC8oDc not found!

File\Folder C:\Windows\temp\mcmsc_CAHmbdFp9q0JSY8 not found!

File\Folder C:\Windows\temp\mcmsc_hpb63AYyJdBA2xu not found!

File\Folder C:\Windows\temp\mcmsc_qYouNP5v71gvPOl not found!

 

Registry entries deleted on Reboot...

 

 

 

 

Virus Total Scan

Antivirus Version Last Update Result AhnLab-V32010.09.17.002010.09.16-AntiVir8.2.4.522010.09.16-Antiy-AVL2.0.3.72010.09.16-Authentium5.2.0.52010.09.16-Avast4.8.1351.02010.09.16-Avast55.0.594.02010.09.16-AVG9.0.0.8512010.09.16-BitDefender7.22010.09.16-CAT-QuickHeal11.002010.09.16-ClamAV0.96.2.0-git2010.09.16-Comodo61012010.09.16-DrWeb5.0.2.033002010.09.16-eSafe7.0.17.02010.09.15-eTrust-Vet36.1.78592010.09.16-F-Prot4.6.1.1072010.09.16-F-Secure9.0.15370.02010.09.16-Fortinet4.1.143.02010.09.16-GData212010.09.16-IkarusT3.1.1.88.02010.09.16-Jiangmin13.0.9002010.09.16-K7AntiVirus9.63.25332010.09.16-Kaspersky7.0.0.1252010.09.16-McAfee5.400.0.11582010.09.16-McAfee-GW-Edition2010.1C2010.09.16-Microsoft1.61032010.09.16-NOD3254562010.09.16-Norman6.06.062010.09.16-nProtect2010-09-16.022010.09.16-Panda10.0.2.72010.09.16-PCTools7.0.3.52010.09.16-Prevx3.02010.09.16Low Risk AdwareRising22.65.03.042010.09.16-Sophos4.57.02010.09.16-Sunbelt68842010.09.16-SUPERAntiSpyware4.40.0.10062010.09.16-Symantec20101.1.1.72010.09.16-TheHacker6.7.0.0.0202010.09.16-TrendMicro9.120.0.10042010.09.16-TrendMicro-HouseCall9.120.0.10042010.09.16-VBA323.12.14.02010.09.16-ViRobot2010.8.25.40062010.09.16-VirusBuster12.65.10.02010.09.16- Additional information Show all MD5 : 823dd98799acd0ff5342169213ad0af4 SHA1 : 7ec6e8a57caefaccd739ce25aff49e42943cfc17 SHA256: 449e19d7972c629fcfe8b451aba531c0d4a5311487a6f11a6ac27dd47c048cf8

Edited by Z4CK56

Share this post


Link to post
Share on other sites

Hello Z4CK56

 

 

As soon as i logged onto my computer today my avg software gave me a multiple threat detection warning popup.

File: C:\Program Files (x86)\QueryExplorer\queryexplorer.dll

Infection: Adware Generic4.ANOV

Looks like AVG thought the file was bad too (I had my suspicions which is why I wanted it scanned).

 

And quick question, with the virus total scan are the results all the anti virus programs i have?

No. Those anti virus programs are not actually present on your machine - the file is uploaded to a remote location where all of those scanners can take a close look at it.

 

Oh and no i did not install/use that program.

Please navigate to and delete the following folder in bold:

 

C:\Program Files (x86)\Free Offers from Freeze.com <====== delete this folder

Once deleted, empty your recycle bin.

 

 

I keep getting this bad image error everytime my mcafee trys to run or i am trying to uninstall it.

I can see evidence of AVG, McAfee and Norton on your machine. We need to get you down to just one antivirus.

 

Please make sure that you only have ONE Firewall and ONE real-time Antivirus running on your system.

 

I am not sure which program you would like to keep, but you mentioned trying to uninstall McAfee. If you want to uninstall it but are unable to (through Add/Remove Programs), try using Revo Uninstaller. If Revo fails, please run the McAfee Removal Tool:

 

 

  • Revo Uninstaller

     

     

    • You can dowwnload Revo Uninstaller from here.
    • Information about how to use this program is provided on the download page.

  • Download and run the McAfee Removal Tool

     

     

    • Download the McAfee Removal Tool by clicking here and save the file (called MCPR.exe) to your desktop.
    • Right click on MCPR.exe and selec "Run as Administrator" to run the removal tool.
    • Once you receive the "Cleanup Successful" message, restart your computer.

    For more information about this removal tool please click here.

     

     

    Lets take care of the Norton remnants on your system:

     

  • Please download and run the Norton Removal Tool

     

     

    • The Norton removal tool will locate and remove all traces of Norton products from your computer.
    • To download the tool, click here.
    • Read throught the information on the page, and then select the Norton product that you have (this is the one that will be removed).
    • Follow the instructions to obtain the removal tool and to complete the removal process.

  • P2P Programs:

     

     

    • P2P programs are a major source of Malware infections.
    • From your log I see you have FrostWire 4.18.6. We do not pass judgment on file-sharing, however we must inform you that engaging in this activity and having this kind of software installed on your system will always make you more susceptible to Malware infections.
    • The use of P2P programs may be contributing to your current situation, and you would certainly be doing yourself a favour by removing them.
    • If you wish to keep the program(s), please do not use them until your computer is cleaned.

    • Information regarding the risk of using these programs can be found from here and here.

    • It is strongly recommend that you uninstall any P2P programs you have on your system.

    • To do this, Click on the "Windows Orb" (bottom left hand corner of your screen), then on "Computer" and then on the "Uninstall or Change a Program" tab.
    • A list of currently installed programs will be displayed.
    • Find the "FrostWire 4.18.6" program, click on it once and then click on the "Uninstall" button.
    • If you are prompted to re-boot your computer to complete the uninstall please do so.

       

       

      PLEASE NOTE:

    • Even if you are using a P2P program that is deemed safe, it is only the program that is safe. Any files that you receive using a "safe" P2P program may be infected with Malware. The malware writers use P2P file-sharing as a major conduit to spread infected files.

  • Please perform the following scan:

     

     

    • Please download MalwareBytes AntiMalware by clicking here and save the file (called mbam-setup.exe) to your desktop.

    • Right click on the mbam-setup.exe icon and select "Run as Administrator" to install the program.
    • Follow the prompts during installation and have the Installation Wizzard create a desktop icon.
    • Once installed, double click on the MalwareBytes AntiMalware icon to launch the program.
    • Click on the "Update" tab and then on "Check for Updates".
    • The program will now install the latest Malware definition files.
    • Once complete, click on the "Scanner" tab, select "Perform full scan"and then click on "Scan".
    • Once the program has scanned your computer, a log file will be created in Notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.

     

    • If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
    • The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
    • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
    • Come back here to this thread and Paste the log in your next reply.

Share this post


Link to post
Share on other sites

Ok Mcafee is removed, tried using revo but it used mcafees inprogram uninstaller, and that caused a bad image error and when the program popped up it only showed a blank screen within the program so i used the mcafee uninstaller and that worked fine. Along with norton, it has been so long since i have seen that program so i did not know which one it was. I don't ever remember installing it so i took a guess that it was a isp brand norton and then it went along with the uninstall completely fine. I am currently still recieving "Bad Image Errors" for my wireless mouse and keyboard combo "SetPoint" along with safari. I am not sure if this is related but i thought i would throw this out there hoping you could help. when ever i try to watch a online video "i.e. ABC, TNT" for tv shows, i click the link and try to watch the video and all it shows me is a black screen in the video play area, when i scroll my mouse over it nothing happens. This also happens in safari except in the black screen it shows a blue box with a question mark inside "?". I am not sure if this is related but if you could help me with that issue too i would be gratefull. But first things first i ran the scans as you asked and here is the resulst.

I also uninstalled frostwire as you requested.

 

Post-Scan

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Database version: 4640

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18943

 

9/17/2010 5:29:02 PM

mbam-log-2010-09-17 (17-29-02).txt

 

Scan type: Full scan (C:\|D:\|)

Objects scanned: 370051

Time elapsed: 1 hour(s), 13 minute(s), 40 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 9

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 6

Files Infected: 20

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_CLASSES_ROOT\AppID\{0d82acd6-a652-4496-a298-2bde705f4227} (Adware.ClickPotato) -> No action taken.

HKEY_CLASSES_ROOT\AppID\{7025e484-d4b0-441a-9f0b-69063bd679ce} (Adware.ClickPotato) -> No action taken.

HKEY_CLASSES_ROOT\AppID\{8258b35c-05b8-4c0e-9525-9bccc70f8f2d} (Adware.ClickPotato) -> No action taken.

HKEY_CLASSES_ROOT\AppID\{a89256ad-ec17-4a83-bef5-4b8bc4f39306} (Adware.ClickPotato) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\queryexplorer (Adware.QueryExplorer) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\QueryExplorer (Adware.QueryExplorer) -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QueryExplorer Service (Adware.QueryExplorer) -> No action taken.

 

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\srs_it_e8790576b076555332ac96 (Malware.Trace) -> No action taken.

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

C:\ProgramData\QueryExplorer (Adware.QueryExplorer) -> No action taken.

C:\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464} (Adware.QueryExplorer) -> No action taken.

C:\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}\chrome (Adware.QueryExplorer) -> No action taken.

C:\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}\defaults (Adware.QueryExplorer) -> No action taken.

C:\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}\defaults\preferences (Adware.QueryExplorer) -> No action taken.

C:\Program Files (x86)\QueryExplorer (Adware.QueryExplorer) -> No action taken.

 

Files Infected:

C:\Program Files (x86)\QueryExplorer\queryexplorer.exe (Adware.QueryExplorer) -> No action taken.

C:\ProgramData\QueryExplorer\queryexplorer117.exe (Adware.QueryExplorer) -> No action taken.

C:\Users\admin\Desktop\Recovered files\Building Potpourri.icon.png (Extension.Mismatch) -> No action taken.

C:\Users\admin\Desktop\Recovered files\Cable Car.icon.png (Extension.Mismatch) -> No action taken.

C:\Users\admin\Desktop\Recovered files\Cable Car.rgb.jpg (Extension.Mismatch) -> No action taken.

C:\Users\admin\Desktop\Recovered files\Chinatown Lanterns.rgb.jpg (Extension.Mismatch) -> No action taken.

C:\Users\admin\Desktop\Recovered files\City Hall Lamp.icon.png (Extension.Mismatch) -> No action taken.

C:\Users\admin\Desktop\Recovered files\Four.icon.png (Extension.Mismatch) -> No action taken.

C:\Users\admin\Desktop\Recovered files\Icon_8.png (Extension.Mismatch) -> No action taken.

C:\Users\admin\Desktop\Recovered files\OrbContacts.log (Extension.Mismatch) -> No action taken.

C:\Users\admin\Desktop\Recovered files\Radio City.icon.png (Extension.Mismatch) -> No action taken.

C:\Users\admin\Desktop\Recovered files\Rockefeller Center.icon.png (Extension.Mismatch) -> No action taken.

C:\Users\admin\Desktop\Recovered files\Sagittarius.png (Extension.Mismatch) -> No action taken.

C:\Users\admin\Desktop\Recovered files\Time Warner Center.icon.png (Extension.Mismatch) -> No action taken.

C:\Users\admin\Downloads\XvidSetup.exe (Adware.HotBar) -> No action taken.

C:\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}\chrome.manifest (Adware.QueryExplorer) -> No action taken.

C:\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}\install.rdf (Adware.QueryExplorer) -> No action taken.

C:\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}\chrome\queryexplorer.jar (Adware.QueryExplorer) -> No action taken.

C:\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}\defaults\preferences\prefs.js (Adware.QueryExplorer) -> No action taken.

C:\Program Files (x86)\QueryExplorer\uninstall.exe (Adware.QueryExplorer) -> No action taken.

 

 

Post-Disenfection

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Database version: 4640

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18943

 

9/17/2010 5:29:43 PM

mbam-log-2010-09-17 (17-29-43).txt

 

Scan type: Full scan (C:\|D:\|)

Objects scanned: 370051

Time elapsed: 1 hour(s), 13 minute(s), 40 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 9

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 6

Files Infected: 20

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_CLASSES_ROOT\AppID\{0d82acd6-a652-4496-a298-2bde705f4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{7025e484-d4b0-441a-9f0b-69063bd679ce} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{8258b35c-05b8-4c0e-9525-9bccc70f8f2d} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{a89256ad-ec17-4a83-bef5-4b8bc4f39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\queryexplorer (Adware.QueryExplorer) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\QueryExplorer (Adware.QueryExplorer) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QueryExplorer Service (Adware.QueryExplorer) -> Quarantined and deleted successfully.

 

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\srs_it_e8790576b076555332ac96 (Malware.Trace) -> Quarantined and deleted successfully.

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

C:\ProgramData\QueryExplorer (Adware.QueryExplorer) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464} (Adware.QueryExplorer) -> Delete on reboot.

C:\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}\chrome (Adware.QueryExplorer) -> Delete on reboot.

C:\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}\defaults (Adware.QueryExplorer) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}\defaults\preferences (Adware.QueryExplorer) -> Quarantined and deleted successfully.

C:\Program Files (x86)\QueryExplorer (Adware.QueryExplorer) -> Quarantined and deleted successfully.

 

Files Infected:

C:\Program Files (x86)\QueryExplorer\queryexplorer.exe (Adware.QueryExplorer) -> Quarantined and deleted successfully.

C:\ProgramData\QueryExplorer\queryexplorer117.exe (Adware.QueryExplorer) -> Quarantined and deleted successfully.

C:\Users\admin\Desktop\Recovered files\Building Potpourri.icon.png (Extension.Mismatch) -> Quarantined and deleted successfully.

C:\Users\admin\Desktop\Recovered files\Cable Car.icon.png (Extension.Mismatch) -> Quarantined and deleted successfully.

C:\Users\admin\Desktop\Recovered files\Cable Car.rgb.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

C:\Users\admin\Desktop\Recovered files\Chinatown Lanterns.rgb.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

C:\Users\admin\Desktop\Recovered files\City Hall Lamp.icon.png (Extension.Mismatch) -> Quarantined and deleted successfully.

C:\Users\admin\Desktop\Recovered files\Four.icon.png (Extension.Mismatch) -> Quarantined and deleted successfully.

C:\Users\admin\Desktop\Recovered files\Icon_8.png (Extension.Mismatch) -> Quarantined and deleted successfully.

C:\Users\admin\Desktop\Recovered files\OrbContacts.log (Extension.Mismatch) -> Quarantined and deleted successfully.

C:\Users\admin\Desktop\Recovered files\Radio City.icon.png (Extension.Mismatch) -> Quarantined and deleted successfully.

C:\Users\admin\Desktop\Recovered files\Rockefeller Center.icon.png (Extension.Mismatch) -> Quarantined and deleted successfully.

C:\Users\admin\Desktop\Recovered files\Sagittarius.png (Extension.Mismatch) -> Quarantined and deleted successfully.

C:\Users\admin\Desktop\Recovered files\Time Warner Center.icon.png (Extension.Mismatch) -> Quarantined and deleted successfully.

C:\Users\admin\Downloads\XvidSetup.exe (Adware.HotBar) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}\chrome.manifest (Adware.QueryExplorer) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}\install.rdf (Adware.QueryExplorer) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}\chrome\queryexplorer.jar (Adware.QueryExplorer) -> Delete on reboot.

C:\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}\defaults\preferences\prefs.js (Adware.QueryExplorer) -> Quarantined and deleted successfully.

C:\Program Files (x86)\QueryExplorer\uninstall.exe (Adware.QueryExplorer) -> Quarantined and deleted successfully.

 

 

I really do appreciate your time and effort.

Edited by Z4CK56

Share this post


Link to post
Share on other sites

Hello Z4CK56

 

Thank you for the logs.

 

Lets see if an Online Scan can provide us with a little more information.

 

Please do the following:

 

  • Please un-install your outdated Java

     

     

    • Older version of Java contain security flaws that can be exploited by malware.
    • Click on "Windows Orb" then on "Computer" and then on the "Uninstall or change a program" tab.
    • A list of currently installed programs will be displayed.
    • Uninstall the following programs by clicking on each once and then clicking on the "uninstall" button:

    Java™ SE Runtime Environment 6 Update 1

    Java™ 6 Update 3

    Java™ 6 Update 7

     

    • NOTE: DO NOT uninstall Java™ 6 Update 20.
    • If you are prompted to re-boot your computer to complete the uninstall please do so.

  • Please update your Java

     

     

    • To update your Java, Click on the "Windows Orb" then on "Control Panel" and then on the Java icon (looks like a coffee cup).
    • In the window that opens, click on the "Update" tab, and then on "Update Now".
    • Your Java should begin to update. Please follow any prompts that you receive.

  • Please perform the following scan:

     

     

    • This is a very deep scan that can take many hours. In some instances you may need to let it run overnight. Please be patient.

    • It is recommended that you disable your onboard antivirus program and antispyware programs while performing scans to eliminate software conflicts and to speed up scan time.
    • DO NOT surf the net while your resident protection is disabled!
    • Once the scan is finished remember to re-enable your resident antivirus protection along with whatever antispyware applications you use.

    • NOTES:
    • Before performing this online scan you must open your Internet Browser as Administrator. To do this, Right Click on your Internet Browser icon and select "Run as Administrator".
    • Once the scan is complete and you have saved the log produced, close your browser.
    • For all other browsing, open your browser by left clicking in the normal way.

     

    • Please perform a Kaspersky Online Scan of your computer by clicking here or here.

     

    • Click on the Accept button and install any components it needs.
    • The program will install and then begin downloading the latest definition files.
    • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
    • This will start the program and scan your system.
    • The scan will take a while, so be patient and let it run (at times it may appear to stall).
    • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

    • Once the scan is complete, click on View scan report. To obtain the report:
    • Click on: Save Report As
    • Next, in the Save as prompt, Save in area, select: Desktop
    • In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:Text file [*.txt]
    • Then, click: Save
    • Please post the Kaspersky Online Scanner Report in your reply.
    • If you need help performing the above steps, an animated tutorial can be found here.

    Please post the Kaspersky Online Scan log in your next reply.

Share this post


Link to post
Share on other sites

When i tried to uninstall Java SE Runtime Environment 6 update 1 it gave me the error 1719. The Windows Installer Service could not be accessed. This can occur if the windows installer is not correctly installed. Contact your support personnel for assistance. Same thing happened for the other Java's. Would you like me to continue anyways?

Share this post


Link to post
Share on other sites

Ok, never mind i was able to uninstall all the java's except 21 like you said that i shouldnt. But i am unable to find where to update it. would you like me to skip that and start the scan or do you have another way for me to find where to update it.

EDIT:: Found it in the programs section, i will post back with the kapersky results when they finish. =)

Edited by Z4CK56

Share this post


Link to post
Share on other sites

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Saturday, September 18, 2010

Operating system: Microsoft Windows Vista Home Premium Edition, 64-bit Service Pack 2 (build 6002)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Saturday, September 18, 2010 18:00:27

Records in database: 4220573

--------------------------------------------------------------------------------

 

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

 

Scan area - My Computer:

C:\

D:\

E:\

F:\

G:\

H:\

I:\

 

Scan statistics:

Objects scanned: 234830

Threats found: 2

Infected objects found: 3

Suspicious objects found: 0

Scan duration: 03:36:45

 

 

File name / Threat / Threats count

C:\Users\admin\Documents\FrostWire\Incomplete\T-1395705-Saving Abel- Drowning (Face Down).wma Infected: Trojan-Downloader.WMA.Wimad.v 1

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AF14T4SA\upgrade[1].cab Infected: not-a-virus:AdWare.Win32.Zwangi.bfy 1

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AF14T4SA\upgrade[1].cab Infected: not-a-virus:AdWare.Win32.Zwangi.bfy 1

 

Selected area has been scanned.

Share this post


Link to post
Share on other sites

Hello Z4CK56

 

Thank you for the log.

 

If would appear that you picked up an infected file when you used FrostWire.

 

Lets take care of what Kaspersky has detected:

 

  • Please open OTL

     

     

  • Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.

     

    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    
    :Files
    C:\Users\admin\Documents\FrostWire\Incomplete\T-1395705-Saving Abel- Drowning (Face Down).wma
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AF14T4SA\upgrade[1].cab 
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AF14T4SA\upgrade[1].cab
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [start explorer]
    [Reboot]
    
    

     

  • Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
  • Allow the program to run unhindered.
  • Your machine will re-start itself. This is normal.
  • A log will be created after your machine reboots. Please post the contents of the log in your next reply.

Please post the OTL log in your next reply and let me know how your machine is behaving now.

 

 

Share this post


Link to post
Share on other sites

Scan ran, no problems. I am still recieving "Bad Image" Error

thanks for your help

 

All processes killed

========== OTL ==========

No active process named explorer.exe was found!

========== FILES ==========

C:\Users\admin\Documents\FrostWire\Incomplete\T-1395705-Saving Abel- Drowning (Face Down).wma moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AF14T4SA\upgrade[1].cab moved successfully.

File\Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AF14T4SA\upgrade[1].cab not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: admin

->Temp folder emptied: 130724179 bytes

->Temporary Internet Files folder emptied: 65310 bytes

->Java cache emptied: 128101 bytes

->FireFox cache emptied: 47938170 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Mcx1

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 220662 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 171.00 mb

 

 

[EMPTYFLASH]

 

User: admin

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: Default

->Flash cache emptied: 0 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: Mcx1

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0.00 mb

 

 

OTL by OldTimer - Version 3.2.12.1 log created on 09192010_123028

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

Edited by Z4CK56

Share this post


Link to post
Share on other sites

Hello Z4CK56

 

Thank you for the log.

 

What with this being a 64-bit system, we are fast running out of tools.

 

Lets take a closer look at your system with the following:

 

 

  • MBRCheck

     

     

    • Please download MBRCheck by clicking here and save it to your desktop.
    • Be sure to disable your security programs.
    • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
    • A window will open on your desktop.
    • If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
    • If nothing unusual is found just press Enter.
    • A .txt file named MBRCheck_mm.dd.yy_hh.mm:filtered: should appear on your desktop.
    • Please post the contents of that file in your next reply.

  • BOOTKIT Remover

     

     

    • Please download BOOTKIT Remover by clicking here and save it to your desktop.
    • NOTE: This is a rar file. If you do not have a program to open it then download and install Peazip
    • Extract Remover.exe to your desktop.
    • Right click Remover.exe and select Run as Administrator (Vista/Win 7) or Double click (XP) to run the tool.
    • It will show a Black screen with some data on it.
    • Right click on the screen and select > "Select All".
    • Press Control+C.
    • Now open notepad and press Control+V.
    • Please post this log in your next reply.

    Please post both logs in your reply :)

Share this post


Link to post
Share on other sites

MBRCheck

MBRCheck, version 1.2.3

© 2010, AD

 

Command-line:

Windows Version: Windows Vista Home Premium Edition

Windows Information: Service Pack 2 (build 6002), 64-bit

Base Board Manufacturer: PEGATRON CORPORATION

BIOS Manufacturer: American Megatrends Inc.

System Manufacturer: HP-Pavilion

System Product Name: NY428AA-ABA p6110f

Logical Drives Mask: 0x000001fc

 

Kernel Drivers (total 144):

0x02054000 \SystemRoot\system32\ntoskrnl.exe

0x0200E000 \SystemRoot\system32\hal.dll

0x00606000 \SystemRoot\system32\kdcom.dll

0x00610000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x0064B000 \SystemRoot\system32\PSHED.dll

0x0065F000 \SystemRoot\system32\CLFS.SYS

0x006BC000 \SystemRoot\system32\CI.dll

0x0080F000 \SystemRoot\system32\drivers\Wdf01000.sys

0x008E9000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x008F7000 \SystemRoot\system32\drivers\acpi.sys

0x0094D000 \SystemRoot\system32\drivers\WMILIB.SYS

0x00956000 \SystemRoot\system32\drivers\msisadrv.sys

0x00960000 \SystemRoot\system32\drivers\pci.sys

0x00990000 \SystemRoot\System32\drivers\partmgr.sys

0x009A5000 \SystemRoot\system32\drivers\volmgr.sys

0x0076E000 \SystemRoot\System32\drivers\volmgrx.sys

0x009B9000 \SystemRoot\System32\drivers\mountmgr.sys

0x00A0C000 \SystemRoot\system32\drivers\iastor.sys

0x00B28000 \SystemRoot\system32\drivers\fltmgr.sys

0x00B6F000 \SystemRoot\system32\drivers\fileinfo.sys

0x00C0F000 \SystemRoot\System32\Drivers\ksecdd.sys

0x00E01000 \SystemRoot\system32\drivers\ndis.sys

0x00C96000 \SystemRoot\system32\drivers\msrpc.sys

0x00CE6000 \SystemRoot\system32\drivers\NETIO.SYS

0x01008000 \SystemRoot\System32\Drivers\Ntfs.sys

0x01188000 \SystemRoot\system32\drivers\volsnap.sys

0x011CC000 \SystemRoot\System32\Drivers\spldr.sys

0x011D4000 \SystemRoot\System32\Drivers\mup.sys

0x00FC4000 \SystemRoot\System32\drivers\ecache.sys

0x011E6000 \SystemRoot\system32\drivers\disk.sys

0x00D3F000 \SystemRoot\system32\drivers\CLASSPNP.SYS

0x00FF0000 \SystemRoot\system32\drivers\crcdisk.sys

0x00D6B000 \SystemRoot\System32\Drivers\avgrkx64.sys

0x0212E000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x0213B000 \SystemRoot\system32\DRIVERS\tunmp.sys

0x02144000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x02403000 \SystemRoot\system32\DRIVERS\igdkmd64.sys

0x03807000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x038EA000 \SystemRoot\System32\drivers\watchdog.sys

0x038FA000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x03906000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x0394C000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x03A02000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x03E04000 \SystemRoot\system32\DRIVERS\agrsm64.sys

0x03F40000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x03F42000 \SystemRoot\system32\drivers\modem.sys

0x03F51000 \SystemRoot\system32\DRIVERS\Rtlh64.sys

0x03AEF000 \SystemRoot\system32\DRIVERS\netr28x.sys

0x03F84000 \SystemRoot\system32\DRIVERS\ohci1394.sys

0x03F96000 \SystemRoot\system32\DRIVERS\1394BUS.SYS

0x03FA6000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x03FC2000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x03FD7000 \SystemRoot\system32\drivers\ksthunk.sys

0x03B77000 \SystemRoot\system32\drivers\ks.sys

0x03BAB000 \SystemRoot\system32\DRIVERS\msiscsi.sys

0x0395D000 \SystemRoot\system32\DRIVERS\storport.sys

0x03FDD000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x039BA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x03FEA000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x02157000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x03BE4000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x039DD000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x02DD0000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x02DE8000 \SystemRoot\system32\DRIVERS\termdd.sys

0x02188000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x03BF4000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x03FF6000 \SystemRoot\system32\DRIVERS\swenum.sys

0x02196000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x021A1000 \SystemRoot\system32\DRIVERS\umbus.sys

0x021B1000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x00D86000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x05E03000 \SystemRoot\system32\drivers\RTKVHD64.sys

0x05FA3000 \SystemRoot\system32\drivers\portcls.sys

0x00D9A000 \SystemRoot\system32\drivers\drmk.sys

0x05FDE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0x05FE8000 \SystemRoot\System32\Drivers\Null.SYS

0x03FF8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x05FF1000 \SystemRoot\System32\drivers\vga.sys

0x00DD3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x02121000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x00C00000 \SystemRoot\system32\drivers\rdpencdd.sys

0x00DBD000 \SystemRoot\System32\Drivers\Msfs.SYS

0x00B83000 \SystemRoot\System32\Drivers\Npfs.SYS

0x00DC8000 \SystemRoot\System32\DRIVERS\rasacd.sys

0x0600E000 \SystemRoot\System32\drivers\tcpip.sys

0x06184000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x061B0000 \SystemRoot\system32\DRIVERS\tdx.sys

0x061CD000 \SystemRoot\system32\DRIVERS\smb.sys

0x00B94000 \SystemRoot\System32\Drivers\avgtdia.sys

0x0620D000 \SystemRoot\System32\DRIVERS\netbt.sys

0x06251000 \SystemRoot\system32\drivers\afd.sys

0x062BC000 \SystemRoot\system32\DRIVERS\pacer.sys

0x062DA000 \SystemRoot\system32\DRIVERS\netbios.sys

0x062E9000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x06304000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x06351000 \SystemRoot\system32\drivers\nsiproxy.sys

0x0635D000 \SystemRoot\System32\Drivers\dfsc.sys

0x0637A000 \SystemRoot\System32\Drivers\avgmfx64.sys

0x06382000 \SystemRoot\System32\Drivers\avgldx64.sys

0x063C9000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0x063E1000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x06200000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x061E8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x00BE5000 \SystemRoot\system32\DRIVERS\LEqdUsb.Sys

0x06000000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x00A00000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x01000000 \SystemRoot\system32\DRIVERS\LHidEqd.Sys

0x009CC000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys

0x009E1000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys

0x02000000 \SystemRoot\system32\DRIVERS\cdfs.sys

0x0201C000 \SystemRoot\System32\Drivers\crashdmp.sys

0x0640A000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x000A0000 \SystemRoot\System32\win32k.sys

0x06526000 \SystemRoot\System32\drivers\Dxapi.sys

0x06532000 \SystemRoot\system32\DRIVERS\monitor.sys

0x00470000 \SystemRoot\System32\TSDDD.dll

0x00610000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x008A0000 \SystemRoot\System32\ATMFD.DLL

0x06545000 \SystemRoot\system32\drivers\luafv.sys

0x06567000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x0657B000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x065AF000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x065BA000 \SystemRoot\system32\DRIVERS\pnarp.sys

0x065C6000 \SystemRoot\system32\DRIVERS\purendis.sys

0x065D2000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x0202A000 \SystemRoot\system32\drivers\spsys.sys

0x0700B000 \SystemRoot\system32\drivers\HTTP.sys

0x070AE000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x070D7000 \SystemRoot\system32\DRIVERS\bowser.sys

0x070F5000 \SystemRoot\System32\drivers\mpsdrv.sys

0x0710F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x07138000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x07181000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x071A0000 \SystemRoot\System32\DRIVERS\srv2.sys

0x0740D000 \SystemRoot\System32\DRIVERS\srv.sys

0x074A2000 \SystemRoot\system32\drivers\peauth.sys

0x07558000 \SystemRoot\System32\Drivers\secdrv.SYS

0x07563000 \SystemRoot\System32\drivers\tcpipreg.sys

0x07573000 \SystemRoot\system32\DRIVERS\WSDPrint.sys

0x0757E000 \SystemRoot\system32\drivers\tdtcp.sys

0x0758B000 \SystemRoot\System32\DRIVERS\tssecsrv.sys

0x07599000 \SystemRoot\System32\Drivers\RDPWD.SYS

0x075D5000 \SystemRoot\system32\DRIVERS\serscan.sys

0x76DA0000 \Windows\System32\ntdll.dll

 

Processes (total 89):

0 System Idle Process

4 System

540 C:\Windows\System32\smss.exe

608 csrss.exe

644 C:\Windows\System32\wininit.exe

664 csrss.exe

752 C:\Windows\System32\services.exe

768 C:\Windows\System32\lsass.exe

776 C:\Windows\System32\lsm.exe

852 C:\Windows\System32\winlogon.exe

368 C:\Windows\System32\svchost.exe

484 C:\Windows\System32\svchost.exe

1108 C:\Windows\System32\svchost.exe

1132 C:\Windows\System32\svchost.exe

1144 C:\Windows\System32\svchost.exe

1228 C:\Windows\System32\audiodg.exe

1248 C:\Windows\System32\svchost.exe

1280 C:\Windows\System32\SLsvc.exe

1324 C:\Windows\System32\svchost.exe

1424 C:\Windows\System32\svchost.exe

1840 C:\Windows\System32\spoolsv.exe

1880 C:\Windows\System32\svchost.exe

1576 C:\Program Files\LSI SoftModem\agr64svc.exe

1168 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1960 C:\Windows\System32\dwm.exe

2076 C:\Windows\explorer.exe

2132 C:\Program Files (x86)\Bonjour\mDNSResponder.exe

2144 C:\Windows\System32\taskeng.exe

2212 C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe

2404 C:\Windows\SysWOW64\svchost.exe

2504 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

2676 C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe

2884 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

2920 C:\Windows\System32\igfxpers.exe

2940 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

2976 C:\Windows\System32\hkcmd.exe

3044 C:\Windows\ehome\ehtray.exe

1924 C:\Windows\System32\svchost.exe

2184 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

2424 C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccessU.exe

2548 C:\Windows\SysWOW64\java.exe

2564 C:\Windows\System32\svchost.exe

3100 C:\Windows\System32\svchost.exe

3160 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

3172 C:\Windows\System32\svchost.exe

3196 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

3232 C:\Windows\System32\svchost.exe

3280 C:\Windows\System32\SearchIndexer.exe

3316 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

3392 C:\Windows\System32\igfxsrvc.exe

3416 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe

3444 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

3456 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

3552 C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

3584 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

3592 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

3620 C:\Program Files (x86)\iTunes\iTunesHelper.exe

3664 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

3684 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

1612 C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe

3168 C:\Windows\System32\taskeng.exe

4648 C:\Windows\ehome\ehmsas.exe

4716 C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager64.exe

4996 C:\Windows\System32\svchost.exe

4968 C:\Program Files\iPod\bin\iPodService.exe

1868 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

1584 C:\Program Files\Windows Media Player\wmpnscfg.exe

5144 C:\Program Files\Windows Media Player\wmpnetwk.exe

5492 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe

5568 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

5700 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

5732 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe

5276 C:\Windows\System32\wbem\WMIADAP.exe

5192 WmiPrvSE.exe

4236 WmiPrvSE.exe

1220 C:\Windows\servicing\TrustedInstaller.exe

5748 C:\Windows\System32\VSSVC.exe

5352 C:\Windows\System32\svchost.exe

2660 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe

6012 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe

2748 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe

1036 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

1392 C:\Program Files (x86)\AVG\AVG9\avgam.exe

1560 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe

2568 C:\Program Files (x86)\AVG\AVG9\avgemc.exe

2500 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe

4756 dllhost.exe

5844 dllhost.exe

1676 C:\Users\admin\Desktop\MBRCheck.exe

 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000091`9fbe1000 (NTFS)

 

PhysicalDrive0 Model Number: WDCWD6400AAKS-65A7B2, Rev: 01.03B01

 

Size Device Name MBR Status

--------------------------------------------

596 GB \\.\PhysicalDrive0 Hewlett-Packard MBR code detected

SHA1: F362CE084BC77B454330005C1657154A64FB9456

 

 

Done!

 

Bootkit remover

Bootkit Remover

© 2009 eSage Lab

www.esagelab.com

 

Program version: 1.2.0.0

OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6

002), 64-bit

 

System volume is \\.\C:

\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00

Boot sector MD5 is: 306a70bb88e51c06c67244ab8a2237bf

 

Size Device Name MBR Status

--------------------------------------------

596 GB \\.\PhysicalDrive0 Unknown boot code

 

Unknown boot code has been found on some of your physical disks.

To inspect the boot code manually, dump the master boot sector:

remover.exe dump <device_name> [output_file]

To disinfect the master boot sector, use the following command:

remover.exe fix <device_name>

 

 

Done;

Press any key to quit...

Share this post


Link to post
Share on other sites

I am checking your logs and will be back as soon as I can.

 

JonTom

Share this post


Link to post
Share on other sites

Hello Z4CK56

 

Thank you for the logs.

 

After running and removing malware with OTL, MBAM and KAS you are still experiencing problems :(

 

Your MBRCheck log is clean, and whilst BootKit Remover highlights the presence of an unknown MBR, this is in fact, the legitimate yet non-standard MBR used by HP systems.

 

As I mentioned previously, the advanced malware detection and removal tools we have at our disposal do not run on 64-bit systems. In light of your continued problems I believe at this point that a system restore (before you noticed something was wrong) would be worth a try. If you continue to experience problems after restoring, a full system recovery (back to factory settings) would be the best option.

 

HP System Recovery would ensure (without doubt) that all infecting malware is removed, at the very least giving you peace of mind.

 

Perform a system restore and see if this solves the problem.

 

If not, restoring your HP machine is relatively painless.

 

When you first purchased your HP system you were most likely prompted to create a set of resore disks (standard procedure for the more recent HP machines). You can use these disks to return your system back to factory settings.

 

Alternatively, if you do not have a set of restore disks handy you should be able to restore your system using the pre-installed recovery partition.

 

Before you do any of this, please make sure you must back up all of your important data and documents.

 

 

Information describing the recovery procedure can be found here: http://www.ehow.com/how_4479537_restore-hp-computer-factory-settings.html

 

Let me know how you get on :)

Share this post


Link to post
Share on other sites

I just want to make sure... If I say backup a file that could be unknowingly causing this problem would it start the problem all over again?

Share this post


Link to post
Share on other sites

The weird thing is that it only affected mcafee which is gone now, safari (already tried uninstalling and reinstalling it, didn't work) and my wireless mouse/keyboard manager nothing else

Share this post


Link to post
Share on other sites

Well there wasn't a date early enough so I just restored to factory settings oh and I didn't need the disks because there was a second hard drive dedicated to system restore

Share this post


Link to post
Share on other sites

Ok I restored my system how do I get rid of all this factory crap like windows defender etc etc it dosent show up on revo and I can't delete from hd because I need permission even though I'm admin

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...