Jump to content
Sign in to follow this  
Kate Townsend

DLL bad image error message

Recommended Posts

Hi! Help! I have a Dell Windows XP computer and recently I keep receiving a DLL bad image error message for just about every program on my computer which says something like "The application or DLL name.DLL is not a valid windows Image. Please check this against your installation diskette."

 

I've run AVG and no threats appear. I did a full Malwarebytes scan and although it did remove some malware, it didn't fix the problem. I also tried to do a system restore but that didn't fix it either.

 

I'm thinking about trying to do a clean install reinstallation of Windows but I know this is a long process and I'm wondering if there's a faster, better way to get rid of the infection.

 

Any help will be so very greatly appreciated!! I never know what to do with computers when these things happen. Thanks! :) Kate

Share this post


Link to post
Share on other sites

Hi Kate,

 

Can you post the log from Malwarebytes so we have an idea of what was found?

Share this post


Link to post
Share on other sites

Hi, thanks for your response. Here is the Malwarebytes log from the full scan:

 

 

 

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
Database version: v2013.03.28.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Student :: MS-F07-05 [administrator]
Protection: Enabled
3/27/2013 10:23:17 PM
mbam-log-2013-03-27 (22-23-17).txt
Scan type: Full scan (C:|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 319852
Time elapsed: 3 hour(s), 34 minute(s), 14 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 29
HKCRAppID{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCRAppID{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCRAppID{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCRAppID{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCRAppID{D2083641-E57F-4eab-BB85-0582424F4A29} (Adware.HotBar.CP) -> Quarantined and deleted successfully.
HKCRTypelib{814BAA91-DC22-4350-87D6-0C86E93F7F08} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCRInterface{419EDA30-6DFF-432C-B534-E15D899ABEE4} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCUSOFTWAREMicrosoftInternet ExplorerSearchScopes{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtSettings{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtStats{6FD31ED6-7C94-4BBC-8E95-F927F4D3A949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtStats{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtStats{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCRMenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCRMenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCRShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCRShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCRAppIDMenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCUSOFTWAREMediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
HKCUSoftwareclickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKLMSOFTWAREClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKLMSOFTWAREResultBar (Adware.ResultBar) -> Quarantined and deleted successfully.
HKLMSYSTEMCurrentControlSetEnumRootLEGACY_RESULTBAR_SERVICE (Adware.ResultBar) -> Quarantined and deleted successfully.
HKLMSYSTEMCurrentControlSetServicesResultBar Service (Adware.ResultBar) -> Quarantined and deleted successfully.
Registry Values Detected: 5
HKCUSOFTWAREMicrosoftInternet ExplorerToolbarWebBrowser{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Data: -> Quarantined and deleted successfully.
HKCUSOFTWAREMicrosoftInternet ExplorerToolbarWebBrowser|{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Data: a·¸+߬H»à¼À:›; -> Quarantined and deleted successfully.
HKCUSOFTWAREMicrosoftInternet ExplorerMenuExt&Search| (Adware.Hotbar) -> Data: http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?s=100000336&p=ZRman000&si=&a=3y1hhhtNOsq.8uqSY2ou2A&n=2010092416 -> Quarantined and deleted successfully.
HKLMSOFTWAREMicrosoftWindowsCurrentVersionInternet Settings5.0User AgentPost Platform|SRS_IT_E8790477B6765C503EA091 (Malware.Trace) -> Data: -> Quarantined and deleted successfully.
HKLMSOFTWAREMozillaFirefoxextensions|[email protected] (Adware.ClickPotato) -> Data: C:Program FilesClickPotatoLitebin11.0.16.0firefoxextensions -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 12
C:Documents and SettingsAll UsersApplication Data2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:Documents and SettingsAll UsersApplication DataClickPotatoLiteSA (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:Documents and SettingsStudentApplication DataClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:Documents and SettingsAll UsersApplication DataResultBar (Adware.ResultBar) -> Quarantined and deleted successfully.
C:Program FilesClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:Program FilesClickPotatoLitebin (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:Program FilesClickPotatoLitebin11.0.16.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:Program FilesClickPotatoLitebin11.0.16.0firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:Program FilesClickPotatoLitebin11.0.16.0firefoxextensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:Program FilesClickPotatoLitebin11.0.16.0firefoxextensionsplugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:Program FilesResultBar (Adware.ResultBar) -> Quarantined and deleted successfully.
C:Documents and SettingsAll UsersStart MenuProgramsClickPotato (Adware.ClickPotato) -> Quarantined and deleted successfully.
Files Detected: 14
C:Documents and SettingsStudentLocal SettingsTempclickpotatolitesa.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:program filesclickpotatolitebin11.0.16.0firefoxextensionspluginsnpclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:System Volume Information_restore{46DE8921-1D39-44D2-A9E9-64119261F211}RP1187A0217910.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:System Volume Information_restore{46DE8921-1D39-44D2-A9E9-64119261F211}RP1187A0217936.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:Documents and SettingsAll UsersApplication DataClickPotatoLiteSAClickPotatoLiteSA.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:Documents and SettingsAll UsersApplication DataClickPotatoLiteSAClickPotatoLiteSAAbout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:Documents and SettingsAll UsersApplication DataClickPotatoLiteSAClickPotatoLiteSAau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:Documents and SettingsAll UsersApplication DataClickPotatoLiteSAClickPotatoLiteSAEULA.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:Documents and SettingsAll UsersApplication DataClickPotatoLiteSAClickPotatoLiteSA_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:Program FilesClickPotatoLitebin11.0.16.0copyright.txt (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:Program FilesClickPotatoLitebin11.0.16.0firefoxextensionsinstall.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:Documents and SettingsAll UsersStart MenuProgramsClickPotatoAbout Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:Documents and SettingsAll UsersStart MenuProgramsClickPotatoClickPotato Customer Support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:Documents and SettingsAll UsersStart MenuProgramsClickPotatoClickPotato Uninstall Instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
(end)

Share this post


Link to post
Share on other sites

Also, please let me know if there's any other scans I should be performing. I have always used AVG or some similar anti-virus scan and this is actually the first time I've run a Malwarebytes scan. thanks

Share this post


Link to post
Share on other sites

I'm not surprised that this is your first run of Mbam. A couple of those infections are really old. I suspect that some have been on their for years.

 

Let's run another tool. This isn't for everyday use like your AVG or Mbam.

 

Download ComboFix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • [*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link -->
http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html
[*]Double click on ComboFix.exe & follow the prompts.
[*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

 

 

Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:ComboFix.txt in your next reply.


Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

 

 

 

Share this post


Link to post
Share on other sites
C:ComboFix.txt
ComboFix 13-03-28.01 - Student 03/29/2013 21:17:58.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.595 [GMT -4:00]
Running from: c:documents and settingsStudentDesktopComboFix.exe
AV: Trend Micro Titanium *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:documents and settingsStudentApplication DataOfferBox
c:documents and settingsStudentApplication DataOfferBoxconfig.xml
c:windowssystem32Cache
c:windowssystem32Cache12a062a32be8b9e5.fb
c:windowssystem32Cache217a0231d125fc4c.fb
c:windowssystem32Cache26c630d098e22dd5.fb
c:windowssystem32Cache272512937d9e61a4.fb
c:windowssystem32Cache287204568329e189.fb
c:windowssystem32Cache28bc8f716fd76a47.fb
c:windowssystem32Cache2c53092c95605355.fb
c:windowssystem32Cache31a0997e9a5b5eb3.fb
c:windowssystem32Cache32c84fe32bb74d60.fb
c:windowssystem32Cache3917078cb68ec657.fb
c:windowssystem32Cache590ba23ce359fd0c.fb
c:windowssystem32Cache610289e025a3ee9a.fb
c:windowssystem32Cache64cf7eb1483e5388.fb
c:windowssystem32Cache651c5d3cdbfb8bd1.fb
c:windowssystem32Cache6c59ac5e7e7a3ad0.fb
c:windowssystem32Cache6d03dad1035885d3.fb
c:windowssystem32Cache71a35ad13a073272.fb
c:windowssystem32Cache72cc590af6c4e25b.fb
c:windowssystem32Cache95f567698be8a182.fb
c:windowssystem32Cachea8556537add6dfc5.fb
c:windowssystem32Cachead10a52aff5e038d.fb
c:windowssystem32Cachebf73f9477f409734.fb
c:windowssystem32Cachec1fa887b03019701.fb
c:windowssystem32Cachec4d28dca2e7648be.fb
c:windowssystem32Cachec87c3cef715fe591.fb
c:windowssystem32Cached201ef9910cd39de.fb
c:windowssystem32Cached2e94710a5708128.fb
c:windowssystem32Cached79b9dfe81484ec4.fb
c:windowssystem32Cachee0de16f883bea794.fb
c:windowssystem32Cachef637ef6ed8bf1e21.fb
c:windowssystem32Cachef998975c9cc711ee.fb
c:windowssystem32driversetchosts.ics
c:windowssystem32URTTemp
c:windowssystem32URTTempfusion.dll
c:windowssystem32URTTempmscoree.dll
c:windowssystem32URTTempmscoree.dll.local
c:windowssystem32URTTempmscorsn.dll
c:windowssystem32URTTempmscorwks.dll
c:windowssystem32URTTempmsvcr71.dll
c:windowssystem32URTTempregtlib.exe
c:windowswininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-30 )))))))))))))))))))))))))))))))
.
.
2013-03-28 02:25 . 2013-03-28 04:42 181808 ----a-w- c:windowsRegBootClean.exe
2013-03-28 02:18 . 2013-03-28 02:18 -------- d-----w- c:documents and settingsStudentApplication DataMalwarebytes
2013-03-28 02:17 . 2013-03-28 02:17 -------- d-----w- c:documents and settingsAll UsersApplication DataMalwarebytes
2013-03-28 02:17 . 2012-12-14 20:49 21104 ----a-w- c:windowssystem32driversmbam.sys
2013-03-28 02:08 . 2013-03-28 02:08 -------- d-----w- C:TMRescueDisk
2013-03-28 02:04 . 2012-07-11 08:35 90808 ----a-w- c:windowssystem32driverstmeext.sys
2013-03-28 02:04 . 2012-07-06 03:33 171064 ----a-w- c:windowssystem32driverstmnciesc.sys
2013-03-28 02:04 . 2012-05-02 19:27 92304 ----a-w- c:windowssystem32driverstmtdi.sys
2013-03-28 02:03 . 2012-07-12 10:30 94200 ----a-w- c:windowssystem32driverstmactmon.sys
2013-03-28 02:03 . 2012-07-12 10:29 75624 ----a-w- c:windowssystem32driverstmevtmgr.sys
2013-03-28 02:03 . 2012-07-12 10:29 257928 ----a-w- c:windowssystem32driverstmcomm.sys
2013-03-28 02:03 . 2012-08-24 13:06 38328 ----a-w- c:windowssystem32driversTMEBC32.sys
2013-03-28 02:02 . 2013-03-28 02:02 59 ----a-w- c:windowssystem32SupportTool.exe.bat
2013-03-28 02:01 . 2013-03-28 02:25 -------- d-----w- c:documents and settingsAll UsersApplication DataTrend Micro
2013-03-28 01:27 . 2013-03-28 02:07 -------- d-----w- c:program filesTrend Micro
2013-03-26 23:02 . 2013-03-26 23:02 -------- d-----w- c:windowssystem32wbemRepository
2013-03-26 23:02 . 2013-03-26 23:02 -------- d-----w- c:program filesCommon FilesSkype
2013-03-26 22:58 . 2013-03-26 23:32 -------- d-----w- c:documents and settingsStudentApplication DatauTorrent
2013-03-25 03:01 . 2013-03-25 03:01 -------- d-----w- c:documents and settingsStudentApplication DataDriverCure
2013-03-23 22:59 . 2013-03-28 02:18 -------- d-----w- c:program filesMalwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-26 23:48 . 2013-02-25 03:55 693976 ----a-w- c:windowssystem32FlashPlayerApp.exe
2013-03-26 23:48 . 2013-02-25 03:55 73432 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl
2013-02-12 00:32 . 2009-08-02 15:48 12928 ----a-w- c:windowssystem32driversusb8023x.sys
2013-02-12 00:32 . 2004-08-11 16:00 12928 ----a-w- c:windowssystem32driversusb8023.sys
2013-02-05 20:05 . 2004-08-11 16:00 916480 ----a-w- c:windowssystem32wininet.dll
2013-02-05 20:05 . 2004-08-11 16:00 43520 ----a-w- c:windowssystem32licmgr10.dll
2013-02-05 20:05 . 2004-08-11 16:00 1469440 ----a-w- c:windowssystem32inetcpl.cpl
2013-02-05 05:53 . 2004-08-11 16:00 385024 ----a-w- c:windowssystem32html.iec
2013-01-26 03:55 . 2004-08-11 16:00 552448 ----a-w- c:windowssystem32oleaut32.dll
2013-01-07 01:19 . 2004-08-11 16:00 2148864 ----a-w- c:windowssystem32ntoskrnl.exe
2013-01-07 00:37 . 2004-08-03 21:59 2027520 ----a-w- c:windowssystem32ntkrnlpa.exe
2013-01-04 01:20 . 2004-08-11 16:00 1867264 ----a-w- c:windowssystem32win32k.sys
2013-01-02 06:49 . 2004-08-11 16:00 1292288 ----a-w- c:windowssystem32quartz.dll
2013-01-02 06:49 . 2004-08-11 16:00 148992 ----a-w- c:windowssystem32mpg2splt.ax
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOTCLSID{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:documents and settingsStudentApplication DataDropboxbinDropboxExt.17.dll
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOTCLSID{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:documents and settingsStudentApplication DataDropboxbinDropboxExt.17.dll
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOTCLSID{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:documents and settingsStudentApplication DataDropboxbinDropboxExt.17.dll
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOTCLSID{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:documents and settingsStudentApplication DataDropboxbinDropboxExt.17.dll
.
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"ModemOnHold"="c:program filesNetWaitingnetWaiting.exe" [2003-09-10 20480]
"swg"="c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2007-08-28 68856]
"Spotify Web Helper"="c:documents and settingsStudentApplication DataSpotifyDataSpotifyWebHelper.exe" [2013-03-27 1104280]
"Spotify"="c:documents and settingsStudentApplication DataSpotifySpotify.exe" [2013-03-27 4480920]
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"Apoint"="c:program filesApointApoint.exe" [2005-10-06 176128]
"igfxtray"="c:windowssystem32igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:windowssystem32hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:windowssystem32igfxpers.exe" [2005-12-13 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"IntelZeroConfig"="c:program filesIntelWirelessbinZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:program filesIntelWirelessBinifrmewrk.exe" [2006-10-18 696320]
"Dell QuickSet"="c:program filesDellQuickSetquickset.exe" [2007-02-20 1191936]
"ISUSPM Startup"="c:progra~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:program filesCommon FilesInstallShieldUpdateServiceissch.exe" [2004-07-27 81920]
"PDVDDXSrv"="c:program filesCyberLinkPowerDVD DXPDVDDXSrv.exe" [2006-10-20 118784]
"SunJavaUpdateSched"="c:program filesJavajre6binjusched.exe" [2010-01-10 149280]
"Nikon Message Center 2"="c:program filesNikonNikon Message Center 2NkMC2.exe" [2010-05-25 619008]
"APSDaemon"="c:program filesCommon FilesAppleApple Application SupportAPSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe" [2012-12-03 946352]
"QuickTime Task"="c:program filesQuickTimeQTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:program filesiTunesiTunesHelper.exe" [2012-12-12 152544]
"Trend Micro Client Framework"="c:program filesTrend MicroUniClientUiFrmWrkUIWatchDog.exe" [2012-07-25 133456]
"Trend Micro Titanium"="c:program filesTrend MicroTitaniumUIFrameworkuiWinMgr.exe" [2012-07-25 1374864]
.
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="c:windowssystem32CTFMON.EXE" [2008-04-14 15360]
.
c:documents and settingsStudentStart MenuProgramsStartup
Dropbox.lnk - c:documents and settingsStudentApplication DataDropboxbinDropbox.exe [2013-3-12 29106336]
Logitech Touch Mouse Server.lnk - c:program filesLogitech Touch Mouse ServeriTouch-Server-Win.exe [2009-10-23 228352]
.
c:documents and settingsAll UsersStart MenuProgramsStartup
Bluetooth Manager.lnk - c:program filesToshibaBluetooth Toshiba StackTosBtMng.exe [2005-11-18 1724416]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringTrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"=
"%windir%Network Diagnosticxpnetdiag.exe"=
"c:Documents and SettingsStudentLocal SettingsApplication DataGoogleChromeApplicationchrome.exe"=
"c:Program FilesFrostWire 5FrostWire.exe"=
"c:Program FilesBonjourmDNSResponder.exe"=
"c:Documents and SettingsStudentApplication DataDropboxbinDropbox.exe"=
"c:Program FilesLogitech Touch Mouse ServeriTouch-Server-Win.exe"=
"c:Program FilesCommon FilesAppleApple Application SupportWebKit2WebProcess.exe"=
"c:Program FilesiTunesiTunes.exe"=
"c:Documents and SettingsStudentApplication DataSpotifyspotify.exe"=
"c:Program FilesSkypePhoneSkype.exe"=
.
R0 TMEBC;TMEBC;c:windowssystem32driversTMEBC32.sys [3/27/2013 10:03 PM 38328]
R1 tmeext;tmeext;c:windowssystem32driverstmeext.sys [3/27/2013 10:04 PM 90808]
R1 tmevtmgr;tmevtmgr;c:windowssystem32driverstmevtmgr.sys [3/27/2013 10:03 PM 75624]
R2 MBAMScheduler;MBAMScheduler;c:program filesMalwarebytes' Anti-Malwarembamscheduler.exe [3/27/2013 10:17 PM 398184]
R2 MBAMService;MBAMService;c:program filesMalwarebytes' Anti-Malwarembamservice.exe [3/27/2013 10:17 PM 682344]
R2 Skype C2C Service;Skype C2C Service;c:documents and settingsAll UsersApplication DataSkypeToolbarsSkype C2C Servicec2c_service.exe [1/31/2013 11:38 AM 3289208]
R3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [3/27/2013 10:17 PM 21104]
R3 tmnciesc;tmnciesc;c:windowssystem32driverstmnciesc.sys [3/27/2013 10:04 PM 171064]
S2 Amsp;Trend Micro Solution Platform;c:program filesTrend MicroAMSPcoreServiceShell.exe [3/27/2013 10:01 PM 221264]
S2 FreemakeVideoCapture;FreemakeVideoCapture;"c:program filesFreemakeCaptureLibCaptureLibService.exe" --> c:program filesFreemakeCaptureLibCaptureLibService.exe [?]
S2 SkypeUpdate;Skype Updater;c:program filesSkypeUpdaterUpdater.exe [11/9/2012 6:21 AM 160944]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:program filesAVGAVG10ToolbarToolbarBroker.exe --> c:program filesAVGAVG10ToolbarToolbarBroker.exe [?]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:windowssystem32driversnx6000.sys [5/31/2008 9:42 PM 33808]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-30 c:windowsTasksAdobe Flash Player Updater.job
- c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2013-02-25 23:48]
.
2013-03-28 c:windowsTasksAppleSoftwareUpdate.job
- c:program filesApple Software UpdateSoftwareUpdate.exe [2011-06-01 22:57]
.
2013-03-29 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-577909240-3888902602-3002504040-1005Core.job
- c:documents and settingsStudentLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2010-06-09 00:53]
.
2013-03-30 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-577909240-3888902602-3002504040-1005UA.job
- c:documents and settingsStudentLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2010-06-09 00:53]
.
2013-03-30 c:windowsTasksUser_Feed_Synchronization-{972C6162-CAF9-4AE8-9E30-4E803D8C5149}.job
- c:windowssystem32msfeedssync.exe [2006-10-17 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
Trusted Zone: intuit.comttlc
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-Search Protection - c:program filesYahoo!Search ProtectionSearchProtection.exe
HKCU-Run-Logitech Vid HD - c:program filesLogitechVidvid.exe
HKLM-Run-DivXMediaServer - c:program filesDivXDivX Media ServerDivXMediaServer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-29 21:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4060)
c:windowssystem32WININET.dll
c:documents and settingsStudentApplication DataDropboxbinDropboxExt.17.dll
c:windowssystem32ieframe.dll
c:windowssystem32webcheck.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:program filesIntelWirelessBinEvtEng.exe
c:program filesIntelWirelessBinS24EvMon.exe
c:program filesIntelWirelessBinWLKeeper.exe
c:program filesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
c:program filesBonjourmDNSResponder.exe
c:program filesJavajre6binjqs.exe
c:program filesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
c:program filesIntelWirelessBinRegSrvc.exe
c:program filesMalwarebytes' Anti-Malwarembamgui.exe
c:windowsstsystra.exe
c:program filesApointHidFind.exe
c:program filesApointApntex.exe
c:windowssystem32igfxsrvc.exe
c:program filesiPodbiniPodService.exe
c:program filesToshibaBluetooth Toshiba StackTosA2dp.exe
c:program filesToshibaBluetooth Toshiba StackTosBtHid.exe
c:program filesToshibaBluetooth Toshiba StackTosBtHsp.exe
c:program filesIntelWirelessBinDot1XCfg.exe
c:program filesToshibaBluetooth Toshiba StacktosOBEX.exe
c:program filesToshibaBluetooth Toshiba StacktosBtProc.exe
c:program filesJavajre6binjucheck.exe
c:windowssystem32wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-03-29 21:50:35 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-30 01:50
.
Pre-Run: 46,099,451,904 bytes free
Post-Run: 46,671,237,120 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 341FEF0BB95D3CD4292653163FCAAB48

Share this post


Link to post
Share on other sites

urottent
You have utorrent, a P2P/file sharing programs installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.

References for the risk of these programs can be found in these links:
http://www.microsoft.com/windows/ie/commun...protection.mspx
http://www.techweb.com/wire/160500554
http://www.internetworldstats.com/articles/art053.htm


I would recommend that you uninstall utorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

 

How is your computer running now?

 

Let's get an online scan:

 

Go here to run an online scanner from ESET.

  • [*]Turn off the real time scanner of any existing antivirus program while performing the online scan [*]Tick the box next to
YES, I accept the Terms of Use. [*]Click Start [*]When asked, allow the activeX control to install [*]Click Start [*]Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked. [*]Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked. [*]Click Scan [*]Wait for the scan to finish [*]When the scan completes, press the LIST OF THREATS FOUND button [*]Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop [*]Include the contents of this report in your next reply. [*]Press the BACK button. [*]Press Finish

 

Share this post


Link to post
Share on other sites

I actually did try to uninstall utorrent because I understand it makes the computer very vulnerable. I guess I wasn't able to successfully uninstall it or maybe the system restore brought it back. I will uninstall it and run this other scan this evening.

 

The computer seems to be running better already - I've stopped receiving the error message I got before. Thanks so much for all your help! :)

Share this post


Link to post
Share on other sites

I uninstalled utorrent (hopefully completely) by deleting the data application from the C:/ drive. Do you think I should also run a CCleaner in order to delete associated files? I found that reccommendation on another site and it seemed like a good idea to do that perhaps at a later point in time.

 

I'm not able to get past step 2 of the ESET scan. During the initialization stage, it reaches 98% and then a red message appears telling me it cannot get an update and asks me if the proxy is configured. I went back and tried to see if I could configure it but I don't understand what information I need to fill in for the proxy address, port, username, and password... should I have this information somewhere? It would seem I need to configure the proxy in order to get through the scan. How can I complete this?

Share this post


Link to post
Share on other sites

I don't believe you use a proxy so this shouldn't be the issue. Sounds to me like you lost connection. Are you connected to the internet wirelessly?

Share this post


Link to post
Share on other sites
I guess I have a faulty wifi connection... I connected via ethernet and was able to run the full scan. Here's the log:
ESET
C:Program FilesGoforFilesuninstall.exe a variant of Win32/YourFileDownloader.B application
C:System Volume Information_restore{46DE8921-1D39-44D2-A9E9-64119261F211}RP1188A0219292.exe a variant of Win32/Adware.MediaFinder.F application
I waiting on your wisdom for the next step. Thanks

Share this post


Link to post
Share on other sites

It may not be a "faulty" wifi connection... it might just have gotten interrupted. All kinds of things can cause the signal to be interrupted for a short time. One I've seen before is wireless telephones. Many cordless phones operated on 2.4 GHz wavelength. 2.4 GHz is probably the most common wifi signal also - some wifi is 5 GHz. I've known of wifi signals to disconnect briefly when someone answers a cordless phone.

 

You have one issue there in your ESET log. You have a program called Go for Files. It is considered malware. Odds are that you did not install it on purpose. I suggest we get rid of it.

 

Check in your add or remove programs in your control panel. If it is listed there... uninstall it. If not, don't worry about it. Either way continue with following instructions:

 

COMBOFIX-Script

  • [*]Please open
Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Folder::C:Program FilesGoforFiles
[*]Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

Posted Image [*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". [*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. [*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. [*]When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

 

Share this post


Link to post
Share on other sites
ComboFix 13-03-28.01 - Student 04/01/2013 18:31:28.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.574 [GMT -4:00]
Running from: c:documents and settingsStudentDesktopComboFix.exe
Command switches used :: c:documents and settingsStudentDesktopCFScript.txt
AV: Trend Micro Titanium *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:program filesGoforFiles
c:program filesGoforFilesuninstall.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-03-01 to 2013-04-01 )))))))))))))))))))))))))))))))
.
.
2013-04-01 15:31 . 2013-04-01 15:31 -------- d-----w- c:documents and settingsStudentLocal SettingsApplication DataTrend Micro
2013-03-28 02:25 . 2013-03-28 04:42 181808 ----a-w- c:windowsRegBootClean.exe
2013-03-28 02:18 . 2013-03-28 02:18 -------- d-----w- c:documents and settingsStudentApplication DataMalwarebytes
2013-03-28 02:17 . 2013-03-28 02:17 -------- d-----w- c:documents and settingsAll UsersApplication DataMalwarebytes
2013-03-28 02:17 . 2012-12-14 20:49 21104 ----a-w- c:windowssystem32driversmbam.sys
2013-03-28 02:08 . 2013-03-28 02:08 -------- d-----w- C:TMRescueDisk
2013-03-28 02:04 . 2012-07-11 08:35 90808 ----a-w- c:windowssystem32driverstmeext.sys
2013-03-28 02:04 . 2012-07-06 03:33 171064 ----a-w- c:windowssystem32driverstmnciesc.sys
2013-03-28 02:04 . 2012-05-02 19:27 92304 ----a-w- c:windowssystem32driverstmtdi.sys
2013-03-28 02:03 . 2012-07-12 10:30 94200 ----a-w- c:windowssystem32driverstmactmon.sys
2013-03-28 02:03 . 2012-07-12 10:29 75624 ----a-w- c:windowssystem32driverstmevtmgr.sys
2013-03-28 02:03 . 2012-07-12 10:29 257928 ----a-w- c:windowssystem32driverstmcomm.sys
2013-03-28 02:03 . 2012-08-24 13:06 38328 ----a-w- c:windowssystem32driversTMEBC32.sys
2013-03-28 02:02 . 2013-03-28 02:02 59 ----a-w- c:windowssystem32SupportTool.exe.bat
2013-03-28 02:01 . 2013-03-28 02:25 -------- d-----w- c:documents and settingsAll UsersApplication DataTrend Micro
2013-03-28 01:27 . 2013-03-28 02:07 -------- d-----w- c:program filesTrend Micro
2013-03-26 23:02 . 2013-03-26 23:02 -------- d-----w- c:windowssystem32wbemRepository
2013-03-26 23:02 . 2013-03-26 23:02 -------- d-----w- c:program filesCommon FilesSkype
2013-03-25 03:01 . 2013-03-25 03:01 -------- d-----w- c:documents and settingsStudentApplication DataDriverCure
2013-03-23 22:59 . 2013-03-28 02:18 -------- d-----w- c:program filesMalwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-26 23:48 . 2013-02-25 03:55 693976 ----a-w- c:windowssystem32FlashPlayerApp.exe
2013-03-26 23:48 . 2013-02-25 03:55 73432 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl
2013-02-12 00:32 . 2009-08-02 15:48 12928 ----a-w- c:windowssystem32driversusb8023x.sys
2013-02-12 00:32 . 2004-08-11 16:00 12928 ----a-w- c:windowssystem32driversusb8023.sys
2013-02-05 20:05 . 2004-08-11 16:00 916480 ----a-w- c:windowssystem32wininet.dll
2013-02-05 20:05 . 2004-08-11 16:00 43520 ----a-w- c:windowssystem32licmgr10.dll
2013-02-05 20:05 . 2004-08-11 16:00 1469440 ----a-w- c:windowssystem32inetcpl.cpl
2013-02-05 05:53 . 2004-08-11 16:00 385024 ----a-w- c:windowssystem32html.iec
2013-01-26 03:55 . 2004-08-11 16:00 552448 ----a-w- c:windowssystem32oleaut32.dll
2013-01-07 01:19 . 2004-08-11 16:00 2148864 ----a-w- c:windowssystem32ntoskrnl.exe
2013-01-07 00:37 . 2004-08-03 21:59 2027520 ----a-w- c:windowssystem32ntkrnlpa.exe
2013-01-04 01:20 . 2004-08-11 16:00 1867264 ----a-w- c:windowssystem32win32k.sys
2013-01-02 06:49 . 2004-08-11 16:00 1292288 ----a-w- c:windowssystem32quartz.dll
2013-01-02 06:49 . 2004-08-11 16:00 148992 ----a-w- c:windowssystem32mpg2splt.ax
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOTCLSID{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:documents and settingsStudentApplication DataDropboxbinDropboxExt.17.dll
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOTCLSID{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:documents and settingsStudentApplication DataDropboxbinDropboxExt.17.dll
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOTCLSID{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:documents and settingsStudentApplication DataDropboxbinDropboxExt.17.dll
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOTCLSID{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:documents and settingsStudentApplication DataDropboxbinDropboxExt.17.dll
.
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"ModemOnHold"="c:program filesNetWaitingnetWaiting.exe" [2003-09-10 20480]
"swg"="c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2007-08-28 68856]
"Spotify Web Helper"="c:documents and settingsStudentApplication DataSpotifyDataSpotifyWebHelper.exe" [2013-03-27 1104280]
"Spotify"="c:documents and settingsStudentApplication DataSpotifySpotify.exe" [2013-03-27 4480920]
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"Apoint"="c:program filesApointApoint.exe" [2005-10-06 176128]
"igfxtray"="c:windowssystem32igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:windowssystem32hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:windowssystem32igfxpers.exe" [2005-12-13 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"IntelZeroConfig"="c:program filesIntelWirelessbinZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:program filesIntelWirelessBinifrmewrk.exe" [2006-10-18 696320]
"Dell QuickSet"="c:program filesDellQuickSetquickset.exe" [2007-02-20 1191936]
"ISUSPM Startup"="c:progra~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:program filesCommon FilesInstallShieldUpdateServiceissch.exe" [2004-07-27 81920]
"PDVDDXSrv"="c:program filesCyberLinkPowerDVD DXPDVDDXSrv.exe" [2006-10-20 118784]
"SunJavaUpdateSched"="c:program filesJavajre6binjusched.exe" [2010-01-10 149280]
"Nikon Message Center 2"="c:program filesNikonNikon Message Center 2NkMC2.exe" [2010-05-25 619008]
"APSDaemon"="c:program filesCommon FilesAppleApple Application SupportAPSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe" [2012-12-03 946352]
"QuickTime Task"="c:program filesQuickTimeQTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:program filesiTunesiTunesHelper.exe" [2012-12-12 152544]
"Trend Micro Client Framework"="c:program filesTrend MicroUniClientUiFrmWrkUIWatchDog.exe" [2012-07-25 133456]
"Trend Micro Titanium"="c:program filesTrend MicroTitaniumUIFrameworkuiWinMgr.exe" [2012-07-25 1374864]
.
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="c:windowssystem32CTFMON.EXE" [2008-04-14 15360]
.
c:documents and settingsStudentStart MenuProgramsStartup
Dropbox.lnk - c:documents and settingsStudentApplication DataDropboxbinDropbox.exe [2013-3-12 29106336]
Logitech Touch Mouse Server.lnk - c:program filesLogitech Touch Mouse ServeriTouch-Server-Win.exe [2009-10-23 228352]
.
c:documents and settingsAll UsersStart MenuProgramsStartup
Bluetooth Manager.lnk - c:program filesToshibaBluetooth Toshiba StackTosBtMng.exe [2005-11-18 1724416]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringTrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"=
"%windir%Network Diagnosticxpnetdiag.exe"=
"c:Documents and SettingsStudentLocal SettingsApplication DataGoogleChromeApplicationchrome.exe"=
"c:Program FilesFrostWire 5FrostWire.exe"=
"c:Program FilesBonjourmDNSResponder.exe"=
"c:Documents and SettingsStudentApplication DataDropboxbinDropbox.exe"=
"c:Program FilesLogitech Touch Mouse ServeriTouch-Server-Win.exe"=
"c:Program FilesCommon FilesAppleApple Application SupportWebKit2WebProcess.exe"=
"c:Program FilesiTunesiTunes.exe"=
"c:Documents and SettingsStudentApplication DataSpotifyspotify.exe"=
"c:Program FilesSkypePhoneSkype.exe"=
.
R0 TMEBC;TMEBC;c:windowssystem32driversTMEBC32.sys [3/27/2013 10:03 PM 38328]
R1 tmeext;tmeext;c:windowssystem32driverstmeext.sys [3/27/2013 10:04 PM 90808]
R1 tmevtmgr;tmevtmgr;c:windowssystem32driverstmevtmgr.sys [3/27/2013 10:03 PM 75624]
R3 tmnciesc;tmnciesc;c:windowssystem32driverstmnciesc.sys [3/27/2013 10:04 PM 171064]
S2 Amsp;Trend Micro Solution Platform;c:program filesTrend MicroAMSPcoreServiceShell.exe [3/27/2013 10:01 PM 221264]
S2 FreemakeVideoCapture;FreemakeVideoCapture;"c:program filesFreemakeCaptureLibCaptureLibService.exe" --> c:program filesFreemakeCaptureLibCaptureLibService.exe [?]
S2 MBAMScheduler;MBAMScheduler;c:program filesMalwarebytes' Anti-Malwarembamscheduler.exe [3/27/2013 10:17 PM 398184]
S2 MBAMService;MBAMService;c:program filesMalwarebytes' Anti-Malwarembamservice.exe [3/27/2013 10:17 PM 682344]
S2 Skype C2C Service;Skype C2C Service;c:documents and settingsAll UsersApplication DataSkypeToolbarsSkype C2C Servicec2c_service.exe [1/31/2013 11:38 AM 3289208]
S2 SkypeUpdate;Skype Updater;c:program filesSkypeUpdaterUpdater.exe [11/9/2012 6:21 AM 160944]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:program filesAVGAVG10ToolbarToolbarBroker.exe --> c:program filesAVGAVG10ToolbarToolbarBroker.exe [?]
S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [3/27/2013 10:17 PM 21104]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:windowssystem32driversnx6000.sys [5/31/2008 9:42 PM 33808]
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-01 c:windowsTasksAdobe Flash Player Updater.job
- c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2013-02-25 23:48]
.
2013-03-28 c:windowsTasksAppleSoftwareUpdate.job
- c:program filesApple Software UpdateSoftwareUpdate.exe [2011-06-01 22:57]
.
2013-03-31 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-577909240-3888902602-3002504040-1005Core.job
- c:documents and settingsStudentLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2010-06-09 00:53]
.
2013-04-01 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-577909240-3888902602-3002504040-1005UA.job
- c:documents and settingsStudentLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2010-06-09 00:53]
.
2013-04-01 c:windowsTasksUser_Feed_Synchronization-{972C6162-CAF9-4AE8-9E30-4E803D8C5149}.job
- c:windowssystem32msfeedssync.exe [2006-10-17 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
Trusted Zone: intuit.comttlc
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-01 18:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2013-04-01 18:41:56
ComboFix-quarantined-files.txt 2013-04-01 22:41
ComboFix2.txt 2013-03-30 01:50
.
Pre-Run: 47,075,835,904 bytes free
Post-Run: 47,057,612,800 bytes free
.
- - End Of File - - 2608323480C59D50422CA2505D4629CB

Share this post


Link to post
Share on other sites

That looks good.

 

How are things running now?

 

If things seem good, we just have some housekeeping to do.

Share this post


Link to post
Share on other sites

Overall things seems to run better. The error message that was the initial problem has not reappeared so your magic has worked wonders!

 

Earlier, before I ran the scan my computer shut down all of a sudden and I received a stop error screen. I restarted manually and it loaded normally. For a few months now, every once and a while this happens... and I usually just manually restart the computer and everything seems fine, but I can't figure out why it occurs or how to stop it from happening again.

 

Housekeeping sounds like a great idea. I will follow your every direction. Thank you so much!

Share this post


Link to post
Share on other sites

The stop error could be a whole host of things. I'm thinking this is a laptop. Correct? The first thing I think of is heat. A laptop is really hard to keep the dust out of and dust causes things to become "plugged" and to cause overheating. Also, laptops tend to be placed on (I know you will be shocked here)... laps. The air vents are usually found on the bottom of the laptop. Lint from clothes is even harder on the system than plain dust. Same thing goes for when people set a running laptop on a soft surface such as a couch or a bed. No ventilation.

 

That all leads me to a question. Do you notice anything in common with the stop errors? Does it happen only after the system has been on for a long time? Does it only happen after you have set it down on the couch?

 

If the answer to either of the last two questions is yes... then I'm really thinking heat. In this case I suggest that you use your laptop from a hard surface. A desk, a table, a board or even a large book on your lap so that the little feet on the bottom of your computer can do their job and help keep a space for ventilation.

 

Housekeeping!

 

 

  • [*]Click
START then RUN [*] [*]Now type ComboFix /Uninstall in the runbox and click OK. [*]Note the space between the X and the U, it needs to be there. [*]Posted Image

The above procedure will:

  • [*]Implement some cleanup procedures. [*]Reset System Restore.

 

 

 

Tools and logs left on your desktop can just be deleted.


Please re-enable any security that was disabled.

 


The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing. Remember that this is just advice and gives you somethings to think about. You do not have to run every program mentioned in the linked articles.

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein


Also: "How to prevent malware"
by miekiemoes

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved.

Share this post


Link to post
Share on other sites

Yes, you guessed correctly - it is a laptop. Overheating sounds pretty logical - I hope it's nothing more serious than that.

 

These sites look very informative. Thank you so much for all your help!!

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

 

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Sign in to follow this  

×
×
  • Create New...