Jump to content

Rose27

Members
  • Content count

    7
  • Joined

  • Last visited

About Rose27

  • Rank
    New Member
  1. Rose27

    Bad Image Error

    Everything seems to be back to normal and everything is running much better now. Thank you so much for all your help I appreciate it so much! Thank you again
  2. Rose27

    Bad Image Error

    Here is the combo fix log. ComboFix 11-04-28.01 - Rosario 04/29/2011 8:01.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1977.1277 [GMT 10:00] Running from: c:\documents and settings\Rosario\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Rosario\Desktop\CFScript.txt . FILE :: "c:\documents and settings\Rosario\Application Data\Sun\Java\Deployment\cache\6.0\16\2b998a90-171faa20" "c:\documents and settings\Rosario\Application Data\Sun\Java\Deployment\cache\6.0\17\48e876d1-12c05f34" "c:\documents and settings\Rosario\Application Data\Sun\Java\Deployment\cache\6.0\40\9e0db28-3da89674" "c:\documents and settings\Rosario\Application Data\Sun\Java\Deployment\cache\6.0\42\1a20bdea-3cfd1a70" "c:\documents and settings\Rosario\Application Data\Sun\Java\Deployment\cache\6.0\49\35217071-4595ab71" "d:\data\Rose\My Documents\MP3's\MP3sLIMEWIRE\throwing punches at lies.mp3" "d:\system\DL\Software\Hiren's Boot Cd\hirens.bootcd.8.6.zip" "d:\system\DL\Software\Ut\Batch Tools\batch_tools.zip" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Rosario\Application Data\Sun\Java\Deployment\cache\6.0\16\2b998a90-171faa20 c:\documents and settings\Rosario\Application Data\Sun\Java\Deployment\cache\6.0\17\48e876d1-12c05f34 c:\documents and settings\Rosario\Application Data\Sun\Java\Deployment\cache\6.0\40\9e0db28-3da89674 c:\documents and settings\Rosario\Application Data\Sun\Java\Deployment\cache\6.0\42\1a20bdea-3cfd1a70 c:\documents and settings\Rosario\Application Data\Sun\Java\Deployment\cache\6.0\49\35217071-4595ab71 d:\data\Rose\My Documents\MP3's\MP3sLIMEWIRE\throwing punches at lies.mp3 d:\system\DL\Software\Hiren's Boot Cd\hirens.bootcd.8.6.zip d:\system\DL\Software\Ut\Batch Tools\batch_tools.zip . . ((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-28 ))))))))))))))))))))))))))))))) . . 2011-04-28 07:35 . 2011-04-28 07:35 -------- d-----w- c:\program files\ESET 2011-04-25 05:25 . 2011-04-25 05:25 388096 ----a-r- c:\documents and settings\Rosario\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-04-25 05:25 . 2011-04-25 05:25 -------- d-----w- c:\program files\Trend Micro 2011-04-24 10:16 . 2011-04-24 10:16 -------- d-----w- c:\documents and settings\Rosario\Application Data\Malwarebytes 2011-04-24 10:15 . 2010-12-20 08:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-04-24 10:15 . 2011-04-24 10:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-04-24 10:15 . 2011-04-24 10:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-04-24 10:15 . 2010-12-20 08:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-22 03:49 . 2011-04-22 03:49 -------- d-----w- c:\program files\iPod 2011-04-22 03:45 . 2011-04-22 03:45 -------- d-----w- c:\program files\Bonjour 2011-04-18 08:28 . 2011-04-18 08:28 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-04-18 08:28 . 2011-04-18 08:28 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-04-18 08:28 . 2011-04-18 08:28 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-04-18 08:28 . 2011-04-18 08:28 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-04-18 08:28 . 2011-04-18 08:28 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll 2011-04-18 08:28 . 2011-04-18 08:28 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-04-18 08:28 . 2011-04-18 08:28 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-04-18 08:28 . 2011-04-18 08:28 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll 2011-04-06 06:20 . 2011-04-06 06:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 06:20 . 2011-04-06 06:20 107808 ----a-w- c:\windows\system32\dns-sd.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-07 05:33 . 2004-08-04 08:00 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:37 . 2004-08-04 08:00 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21 . 2004-08-04 08:00 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-02-22 23:06 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-02-22 23:06 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-02-22 23:06 . 2004-08-04 08:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-02-22 11:41 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec 2011-02-18 05:36 . 2010-02-04 10:06 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2011-02-18 05:36 . 2010-02-04 10:06 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-02-17 13:18 . 2004-08-04 08:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-02-17 13:18 . 2004-08-04 08:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys 2011-02-17 12:32 . 2009-04-16 08:50 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-02-15 12:56 . 2004-08-04 08:00 290432 ----a-w- c:\windows\system32\atmfd.dll 2011-02-09 13:53 . 2004-08-04 08:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2004-08-04 08:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-08 13:33 . 2004-08-04 08:00 978944 ----a-w- c:\windows\system32\mfc42.dll 2011-02-08 13:33 . 2004-08-04 08:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2011-02-02 11:40 . 2010-08-16 08:54 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-02 09:19 . 2008-12-25 06:16 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-02 07:58 . 2004-08-04 08:00 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-02-02 06:11 . 2009-10-03 09:06 222080 -c----w- c:\windows\system32\MpSigStub.exe 2011-04-18 08:28 . 2011-04-18 08:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-04-28_06.54.33 ))))))))))))))))))))))))))))))))))))))))) . + 2011-04-28 22:08 . 2011-04-28 22:08 16384 c:\windows\Temp\Perflib_Perfdata_3bc.dat + 2008-12-23 06:46 . 2011-04-18 05:46 42181064 c:\windows\system32\MRT.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsmqIntCert"="mqrt.dll" [2008-04-13 177152] "AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-06-09 82224] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712] "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168] "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-05-08 238984] "CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456] "Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2008-05-14 61440] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-05 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-05 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-05 141848] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480] "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-30 2595616] "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-30 909208] "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-30 140568] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-08 155648] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520] "lxeamon.exe"="c:\program files\Lexmark S300-S400 Series\lxeamon.exe" [2009-08-10 766632] "EzPrint"="c:\program files\Lexmark S300-S400 Series\ezprint.exe" [2009-08-10 139944] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http:" [X] . c:\documents and settings\Rosario\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-3-31 576104] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc] 2007-05-15 23:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock] 2007-05-15 23:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 2008-05-21 00:42 111888 ----a-w- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\WINDOWS\\system32\\lxeacoms.exe"= "c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [5/14/2008 10:36 AM 108752] R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [5/14/2008 10:36 AM 51376] R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [5/14/2008 10:36 AM 12928] R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [3/28/2008 8:14 PM 24064] R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [5/14/2008 10:36 AM 12496] R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/16/2007 9:08 AM 182576] R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 6:00 PM 14336] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 6:00 PM 14336] R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [5/15/2008 6:41 AM 34184] R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [5/14/2008 10:35 AM 256512] R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?] R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [6/3/2010 5:17 PM 98984] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [6/24/2008 10:19 PM 193840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASBroker ASChannel . Contents of the 'Scheduled Tasks' folder . 2011-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 01:50] . 2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1879634062-4280796892-653003711-1007Core.job - c:\documents and settings\Rosario\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-19 11:53] . 2011-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1879634062-4280796892-653003711-1007UA.job - c:\documents and settings\Rosario\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-19 11:53] . 2011-04-28 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 08:20] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Rosario\Start Menu\Programs\IMVU\Run IMVU.lnk FF - ProfilePath - c:\documents and settings\Rosario\Application Data\Mozilla\Firefox\Profiles\9zefja6f.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=hp#!/?sk=lf|http://www.tumblr.com/dashboard FF - prefs.js: network.proxy.type - 0 FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-04-29 08:09 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe???????????????????????|?M?|?????M?|??@ . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1120) c:\windows\system32\ackpbsc.dll c:\windows\system32\aclog.dll c:\windows\system32\ACLIBEAY.dll c:\windows\system32\acevtsub.dll c:\windows\system32\asphat32.dll c:\windows\system32\acerrmes.dll c:\windows\system32\aspcom.dll c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll c:\program files\Hewlett-Packard\IAM\bin\brand.dll c:\program files\Hewlett-Packard\IAM\Bin\AsChnl.dll c:\program files\Hewlett-Packard\IAM\Bin\HPPlugIn.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHostServices.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.HPQWMIEXLib.dll c:\program files\ActivIdentity\ActivClient\acunlock.dll c:\windows\system32\aipingui.dll c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTHstServsLib.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHstServs.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\BIOSDomain.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTPluginLib.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\HPjCard.dll c:\windows\system32\acomx.dll c:\windows\system32\acbsi21.dll c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll c:\program files\Hewlett-Packard\IAM\Bin\ItReports.DLL c:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll c:\program files\Hewlett-Packard\IAM\Bin\NetAdmin.dll . - - - - - - - > 'explorer.exe'(5160) c:\windows\system32\WININET.dll c:\windows\system32\APSHook.dll c:\windows\system32\btmmhook.dll c:\program files\iTunes\iTunesMiniPlayer.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\xpsp3res.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\ActivIdentity\ActivClient\acevents.exe c:\windows\System32\SCardSvr.exe c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe c:\windows\system32\msdtc.exe c:\program files\Common Files\Acronis\Schedule2\schedul2.exe c:\windows\system32\agrsmsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\FolderSize\FolderSizeSvc.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\lxeacoms.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe c:\windows\system32\mqsvc.exe c:\windows\system32\mqtgsvc.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\system32\igfxsrvc.exe c:\program files\ActivIdentity\ActivClient\acevents.exe c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE c:\program files\Hewlett-Packard\Shared\HpqToaster.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2011-04-29 08:14:35 - machine was rebooted ComboFix-quarantined-files.txt 2011-04-28 22:14 ComboFix2.txt 2011-04-28 06:56 ComboFix3.txt 2011-04-27 07:23 . Pre-Run: 2,133,393,408 bytes free Post-Run: 1,971,646,464 bytes free . - - End Of File - - D32EE742236D2A8FEC8564AABFDE45FA
  3. Rose27

    Bad Image Error

    ComboFix 11-04-27.02 - Rosario 04/28/2011 16:53:11.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1977.1099 [GMT 10:00] Running from: c:\documents and settings\Rosario\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Rosario\Desktop\CFScript.txt . - REDUCED FUNCTIONALITY MODE - . . ((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-28 ))))))))))))))))))))))))))))))) . . 2011-04-28 06:38 . 2011-04-28 06:38 -------- d-----w- c:\windows\LastGood 2011-04-25 05:25 . 2011-04-25 05:25 388096 ----a-r- c:\documents and settings\Rosario\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-04-25 05:25 . 2011-04-25 05:25 -------- d-----w- c:\program files\Trend Micro 2011-04-24 10:16 . 2011-04-24 10:16 -------- d-----w- c:\documents and settings\Rosario\Application Data\Malwarebytes 2011-04-24 10:15 . 2010-12-20 08:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-04-24 10:15 . 2011-04-24 10:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-04-24 10:15 . 2011-04-24 10:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-04-24 10:15 . 2010-12-20 08:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-22 03:49 . 2011-04-22 03:49 -------- d-----w- c:\program files\iPod 2011-04-22 03:45 . 2011-04-22 03:45 -------- d-----w- c:\program files\Bonjour 2011-04-18 08:28 . 2011-04-18 08:28 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-04-18 08:28 . 2011-04-18 08:28 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-04-18 08:28 . 2011-04-18 08:28 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-04-18 08:28 . 2011-04-18 08:28 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-04-18 08:28 . 2011-04-18 08:28 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll 2011-04-18 08:28 . 2011-04-18 08:28 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-04-18 08:28 . 2011-04-18 08:28 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-04-18 08:28 . 2011-04-18 08:28 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll 2011-04-06 06:20 . 2011-04-06 06:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 06:20 . 2011-04-06 06:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2011-03-29 09:37 . 2011-03-29 09:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-07 05:33 . 2004-08-04 08:00 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:37 . 2004-08-04 08:00 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21 . 2004-08-04 08:00 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-02-22 23:06 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-02-22 23:06 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-02-22 23:06 . 2004-08-04 08:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-02-22 11:41 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec 2011-02-18 05:36 . 2010-02-04 10:06 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2011-02-18 05:36 . 2010-02-04 10:06 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-02-17 13:18 . 2004-08-04 08:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-02-17 13:18 . 2004-08-04 08:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys 2011-02-17 12:32 . 2009-04-16 08:50 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-02-15 12:56 . 2004-08-04 08:00 290432 ----a-w- c:\windows\system32\atmfd.dll 2011-02-09 13:53 . 2004-08-04 08:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2004-08-04 08:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-08 13:33 . 2004-08-04 08:00 978944 ----a-w- c:\windows\system32\mfc42.dll 2011-02-08 13:33 . 2004-08-04 08:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2011-02-02 11:40 . 2010-08-16 08:54 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-02 09:19 . 2008-12-25 06:16 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-02 07:58 . 2004-08-04 08:00 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-02-02 06:11 . 2009-10-03 09:06 222080 -c----w- c:\windows\system32\MpSigStub.exe 2011-04-18 08:28 . 2011-04-18 08:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsmqIntCert"="mqrt.dll" [2008-04-13 177152] "AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-06-09 82224] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712] "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168] "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-05-08 238984] "CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456] "Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2008-05-14 61440] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-05 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-05 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-05 141848] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480] "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-30 2595616] "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-30 909208] "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-30 140568] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-08 155648] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520] "lxeamon.exe"="c:\program files\Lexmark S300-S400 Series\lxeamon.exe" [2009-08-10 766632] "EzPrint"="c:\program files\Lexmark S300-S400 Series\ezprint.exe" [2009-08-10 139944] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http:" [X] . c:\documents and settings\Rosario\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-3-31 576104] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc] 2007-05-15 23:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock] 2007-05-15 23:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 2008-05-21 00:42 111888 ----a-w- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\APSHook.dll c:\windows\system32\APSHook.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\WINDOWS\\system32\\lxeacoms.exe"= "c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [5/14/2008 10:36 AM 108752] R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [5/14/2008 10:36 AM 51376] R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [5/14/2008 10:36 AM 12928] R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [3/28/2008 8:14 PM 24064] R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [5/14/2008 10:36 AM 12496] R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/16/2007 9:08 AM 182576] R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 6:00 PM 14336] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 6:00 PM 14336] R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [5/15/2008 6:41 AM 34184] R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [5/14/2008 10:35 AM 256512] R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?] R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [6/3/2010 5:17 PM 98984] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [6/24/2008 10:19 PM 193840] R4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?] R4 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?] R4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?] R4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?] R4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys --> c:\windows\system32\DRIVERS\avgrkx86.sys [?] R4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys --> c:\windows\system32\DRIVERS\avgtdix.sys [?] . --- Other Services/Drivers In Memory --- . *Deregistered* - Avgldx86 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASBroker ASChannel . Contents of the 'Scheduled Tasks' folder . 2011-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 01:50] . 2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1879634062-4280796892-653003711-1007Core.job - c:\documents and settings\Rosario\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-19 11:53] . 2011-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1879634062-4280796892-653003711-1007UA.job - c:\documents and settings\Rosario\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-19 11:53] . 2011-04-28 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 08:20] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Rosario\Start Menu\Programs\IMVU\Run IMVU.lnk FF - ProfilePath - c:\documents and settings\Rosario\Application Data\Mozilla\Firefox\Profiles\9zefja6f.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=hp#!/?sk=lf|http://www.tumblr.com/dashboard FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 50370 FF - prefs.js: network.proxy.type - 0 FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-04-28 16:54 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe???????????????????????|?M?|?????M?|??@ . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1368) c:\windows\system32\APSHook.dll c:\windows\system32\ackpbsc.dll c:\windows\system32\aclog.dll c:\windows\system32\ACLIBEAY.dll c:\windows\system32\acevtsub.dll c:\windows\system32\asphat32.dll c:\windows\system32\acerrmes.dll c:\windows\system32\aspcom.dll c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll c:\program files\Hewlett-Packard\IAM\bin\brand.dll c:\program files\Hewlett-Packard\IAM\Bin\AsChnl.dll c:\program files\Hewlett-Packard\IAM\Bin\HPPlugIn.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHostServices.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.HPQWMIEXLib.dll c:\program files\ActivIdentity\ActivClient\acunlock.dll c:\windows\system32\aipingui.dll c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTHstServsLib.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHstServs.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\BIOSDomain.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTPluginLib.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\HPjCard.dll c:\windows\system32\acomx.dll c:\windows\system32\acbsi21.dll c:\program files\Hewlett-Packard\IAM\Bin\ItReports.DLL c:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll . - - - - - - - > 'lsass.exe'(1428) c:\windows\system32\APSHook.dll . - - - - - - - > 'explorer.exe'(3824) c:\windows\system32\WININET.dll c:\windows\system32\btmmhook.dll c:\program files\iTunes\iTunesMiniPlayer.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-04-28 16:56:41 ComboFix-quarantined-files.txt 2011-04-28 06:56 ComboFix2.txt 2011-04-27 07:23 . Pre-Run: 2,323,742,720 bytes free Post-Run: 2,339,758,080 bytes free . - - End Of File - - 6B5B62BB987CF57F08FFEB3A17BD1B15 Here is the MalwareBytes log. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6461 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 4/28/2011 5:24:56 PM mbam-log-2011-04-28 (17-24-56).txt Scan type: Quick scan Objects scanned: 156226 Time elapsed: 2 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) And finally here is the ESET log C:\Documents and Settings\Rosario\Application Data\Sun\Java\Deployment\cache\6.0\16\2b998a90-171faa20 probably a variant of Win32/Agent.RPSVWU trojan C:\Documents and Settings\Rosario\Application Data\Sun\Java\Deployment\cache\6.0\17\48e876d1-12c05f34 multiple threats C:\Documents and Settings\Rosario\Application Data\Sun\Java\Deployment\cache\6.0\40\9e0db28-3da89674 multiple threats C:\Documents and Settings\Rosario\Application Data\Sun\Java\Deployment\cache\6.0\42\1a20bdea-3cfd1a70 multiple threats C:\Documents and Settings\Rosario\Application Data\Sun\Java\Deployment\cache\6.0\49\35217071-4595ab71 multiple threats D:\Data\Rose\My Documents\MP3's\MP3sLIMEWIRE\throwing punches at lies.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan D:\System\DL\Software\Hiren's Boot Cd\hirens.bootcd.8.6.zip probably a variant of Win32/TrojanDownloader.Agent.IPMCVMF trojan D:\System\DL\Software\Ut\Batch Tools\batch_tools.zip probably a variant of Win32/PSW.OnLineGames.DPBUIIE trojan
  4. Rose27

    Bad Image Error

    I think this may have fixed the problem, I am no longer receiving any 'Bad Image' messages at all! Thank you so much for all of your help, I can't thank you enough Is there anything I still need to do? Am I able to reinstall AVG 2011 again now that I have finished with ComboFix? I was also wondering if it is safe to remove ComboFix, RootkitUnhooker and Gmer now, and do I simply delete them from my computer or must I remove them another way? Here is the ComboFix log as requested. ComboFix 11-04-26.03 - Rosario 04/27/2011 17:11:58.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1977.1253 [GMT 10:00] Running from: c:\documents and settings\Rosario\Desktop\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\data c:\documents and settings\Rosario\WINDOWS c:\windows\system32\drivers\brootjul.sys c:\windows\system32\MMSFEJFEJ.DLL c:\windows\system32\system . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_kjnqryzwzr . . ((((((((((((((((((((((((( Files Created from 2011-03-27 to 2011-04-27 ))))))))))))))))))))))))))))))) . . 2011-04-25 05:25 . 2011-04-25 05:25 388096 ----a-r- c:\documents and settings\Rosario\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-04-25 05:25 . 2011-04-25 05:25 -------- d-----w- c:\program files\Trend Micro 2011-04-24 10:16 . 2011-04-24 10:16 -------- d-----w- c:\documents and settings\Rosario\Application Data\Malwarebytes 2011-04-24 10:15 . 2010-12-20 08:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-04-24 10:15 . 2011-04-24 10:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-04-24 10:15 . 2011-04-24 10:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-04-24 10:15 . 2010-12-20 08:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-22 03:49 . 2011-04-22 03:49 -------- d-----w- c:\program files\iPod 2011-04-22 03:45 . 2011-04-22 03:45 -------- d-----w- c:\program files\Bonjour 2011-04-18 08:28 . 2011-04-18 08:28 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-04-18 08:28 . 2011-04-18 08:28 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-04-18 08:28 . 2011-04-18 08:28 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-04-18 08:28 . 2011-04-18 08:28 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-04-18 08:28 . 2011-04-18 08:28 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll 2011-04-18 08:28 . 2011-04-18 08:28 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-04-18 08:28 . 2011-04-18 08:28 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-04-18 08:28 . 2011-04-18 08:28 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll 2011-04-06 06:20 . 2011-04-06 06:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 06:20 . 2011-04-06 06:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2011-03-29 09:37 . 2011-03-29 09:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-07 05:33 . 2004-08-04 08:00 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:37 . 2004-08-04 08:00 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21 . 2004-08-04 08:00 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-02-22 23:06 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-02-22 23:06 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-02-22 23:06 . 2004-08-04 08:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-02-22 11:41 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec 2011-02-18 05:36 . 2010-02-04 10:06 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2011-02-18 05:36 . 2010-02-04 10:06 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-02-17 13:18 . 2004-08-04 08:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-02-17 13:18 . 2004-08-04 08:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys 2011-02-17 12:32 . 2009-04-16 08:50 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-02-15 12:56 . 2004-08-04 08:00 290432 ----a-w- c:\windows\system32\atmfd.dll 2011-02-09 13:53 . 2004-08-04 08:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2004-08-04 08:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-08 13:33 . 2004-08-04 08:00 978944 ----a-w- c:\windows\system32\mfc42.dll 2011-02-08 13:33 . 2004-08-04 08:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2011-02-02 11:40 . 2010-08-16 08:54 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-02 09:19 . 2008-12-25 06:16 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-02 07:58 . 2004-08-04 08:00 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-02-02 06:11 . 2009-10-03 09:06 222080 -c----w- c:\windows\system32\MpSigStub.exe 2011-01-27 11:57 . 2004-08-04 08:00 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-04-18 08:28 . 2011-04-18 08:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsmqIntCert"="mqrt.dll" [2008-04-13 177152] "AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-06-09 82224] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712] "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168] "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-05-08 238984] "CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456] "Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2008-05-14 61440] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-05 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-05 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-05 141848] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480] "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-30 2595616] "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-30 909208] "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-30 140568] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-08 155648] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520] "lxeamon.exe"="c:\program files\Lexmark S300-S400 Series\lxeamon.exe" [2009-08-10 766632] "EzPrint"="c:\program files\Lexmark S300-S400 Series\ezprint.exe" [2009-08-10 139944] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http:" [X] . c:\documents and settings\Rosario\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-3-31 576104] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc] 2007-05-15 23:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock] 2007-05-15 23:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 2008-05-21 00:42 111888 ----a-w- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\APSHook.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\WINDOWS\\system32\\lxeacoms.exe"= "c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [5/14/2008 10:36 AM 108752] R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [5/14/2008 10:36 AM 51376] R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [5/14/2008 10:36 AM 12928] R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [3/28/2008 8:14 PM 24064] R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [5/14/2008 10:36 AM 12496] R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/16/2007 9:08 AM 182576] R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 6:00 PM 14336] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 6:00 PM 14336] R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [5/15/2008 6:41 AM 34184] R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [5/14/2008 10:35 AM 256512] R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?] R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [6/3/2010 5:17 PM 98984] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [6/24/2008 10:19 PM 193840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASBroker ASChannel . Contents of the 'Scheduled Tasks' folder . 2011-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 01:50] . 2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1879634062-4280796892-653003711-1007Core.job - c:\documents and settings\Rosario\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-19 11:53] . 2011-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1879634062-4280796892-653003711-1007UA.job - c:\documents and settings\Rosario\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-19 11:53] . 2011-04-27 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 08:20] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = <local>;*.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Rosario\Start Menu\Programs\IMVU\Run IMVU.lnk FF - ProfilePath - c:\documents and settings\Rosario\Application Data\Mozilla\Firefox\Profiles\9zefja6f.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=hp#!/?sk=lf|http://www.tumblr.com/dashboard FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 50370 FF - prefs.js: network.proxy.type - 0 FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - ORPHANS REMOVED - - - - . HKCU-Run-DeskSpace - f:\lol!!!\deskspace.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-04-27 17:18 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe???????????????????????|?M?|?????M?|??@ . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1116) c:\windows\system32\ackpbsc.dll c:\windows\system32\aclog.dll c:\windows\system32\ACLIBEAY.dll c:\windows\system32\acevtsub.dll c:\windows\system32\asphat32.dll c:\windows\system32\acerrmes.dll c:\windows\system32\aspcom.dll c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll c:\program files\Hewlett-Packard\IAM\bin\brand.dll c:\program files\Hewlett-Packard\IAM\Bin\AsChnl.dll c:\program files\Hewlett-Packard\IAM\Bin\HPPlugIn.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHostServices.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.HPQWMIEXLib.dll c:\program files\ActivIdentity\ActivClient\acunlock.dll c:\windows\system32\aipingui.dll c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTHstServsLib.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHstServs.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\BIOSDomain.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTPluginLib.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\HPjCard.dll c:\windows\system32\acomx.dll c:\windows\system32\acbsi21.dll c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll c:\program files\Hewlett-Packard\IAM\Bin\ItReports.DLL c:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll c:\program files\Hewlett-Packard\IAM\Bin\NetAdmin.dll . - - - - - - - > 'explorer.exe'(4872) c:\windows\system32\WININET.dll c:\windows\system32\APSHook.dll c:\windows\system32\btmmhook.dll c:\program files\iTunes\iTunesMiniPlayer.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\xpsp3res.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\ActivIdentity\ActivClient\acevents.exe c:\windows\System32\SCardSvr.exe c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe c:\windows\system32\msdtc.exe c:\program files\Common Files\Acronis\Schedule2\schedul2.exe c:\windows\system32\agrsmsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\FolderSize\FolderSizeSvc.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\lxeacoms.exe c:\windows\system32\igfxsrvc.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe c:\program files\ActivIdentity\ActivClient\acevents.exe c:\windows\system32\mqsvc.exe c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE c:\windows\system32\mqtgsvc.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe . ************************************************************************** . Completion time: 2011-04-27 17:23:03 - machine was rebooted ComboFix-quarantined-files.txt 2011-04-27 07:23 . Pre-Run: 2,322,313,216 bytes free Post-Run: 2,330,804,224 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 8EF1D169413972F950D7D86CE89CCB93
  5. Rose27

    Bad Image Error

    Here is the attach.txt log as requested. DDS (Ver_11-03-05.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 12/23/2008 10:21:21 PM System Uptime: 4/26/2011 11:48:48 AM (1 hours ago) . Motherboard: Hewlett-Packard | | 30E8 Processor: Intel Pentium III Xeon processor | Intel® Genuine processor | 2261/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 25 GiB total, 2.132 GiB free. D: is FIXED (NTFS) - 204 GiB total, 159.651 GiB free. E: is CDROM (UDF) Y: is FIXED (FAT32) - 1 GiB total, 0.999 GiB free. Z: is FIXED (NTFS) - 3 GiB total, 0.556 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP458: 4/20/2011 12:41:38 PM - System Checkpoint RP459: 4/20/2011 11:04:56 PM - Software Distribution Service 3.0 RP460: 4/21/2011 6:00:21 PM - Software Distribution Service 3.0 RP461: 4/22/2011 11:17:10 PM - Restore Operation RP462: 4/25/2011 2:55:42 PM - Installed Java 6 Update 24 RP463: 4/25/2011 3:25:21 PM - Installed HiJackThis RP464: 4/25/2011 11:16:04 PM - Removed Windows Messenger 5.1 . ==== Installed Programs ====================== . 2007 Microsoft Office system 7-Zip 4.62 ABBYY FineReader 6.0 Sprint Acronis True Image Home Activation Assistant for the 2007 Microsoft Office suites ActivClient 6.1 x86 Adobe Flash Player 10 Plugin Adobe Flash Player ActiveX Adobe Reader 7.0.9 Adobe Shockwave Player 11.5 Adobe® Photoshop® Album Starter Edition 3.2 Agere Systems HDA Modem Apple Application Support Apple Mobile Device Support Apple Software Update AVG 2011 Belarc Advisor 7.2 Bonjour CCleaner Credential Manager for HP ProtectTools Critical Update for Windows Media Player 11 (KB959772) Drive Encryption for HP ProtectTools Facebook Plug-In Folder Size for Windows GIMP 2.6.6 Google Chrome HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP 3D DriveGuard HP Doc Viewer HP Help and Support HP Integrated Module with Bluetooth wireless technology HP JavaCard for HP ProtectTools HP ProtectTools Security Manager HP ProtectTools Security Manager Suite HP Quick Launch Buttons 6.40 E1 HP Software Setup 5.00.A.7 HP User Guide Bluetooth Addendum 0062 HP User Guides 0108 HP Wallpaper HP Webcam HP Webcam Application HP Wireless Assistant Intel® Graphics Media Accelerator Driver Intel® Matrix Storage Manager Interlok driver setup x32 iTunes Java Auto Updater Java 6 Update 24 Junk Mail filter update Lexmark Printable Web Lexmark S300-S400 Series Lexmark Tools for Office LG USB Modem driver Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB925168) Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office Live Add-in 1.3 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Hybrid 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft WSE 3.0 Runtime Mozilla Firefox 4.0 (x86 en-GB) MS Access 97 SP2 MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser (KB927977) Nero OEM ninemsn Internet Software OGA Notifier 2.0.0048.0 PerformanceTest v5.0 QuickTime Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2466156) Security Update for 2007 Microsoft Office System (KB2509488) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB2464583) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2464594) Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623) Security Update for Microsoft Office Publisher 2007 (KB2284697) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Segoe UI Skype Toolbars Skype™ 5.1 SoundMAX Synaptics Pointing Device Driver SyncBack The Sims™ 3 TS3 Install Helper Monkey Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office Outlook 2007 (KB2412171) Update for Outlook 2007 Junk Email Filter (KB2522999) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB955759) Update for Windows XP (KB961503) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VideoLAN VLC media player 0.8.6d WebFldrs XP Windows Defender Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Toolbar Windows Live Upload Tool Windows Live Writer Windows Media Format 11 runtime Windows Media Player 11 wxChecksums 1.2.0 XML Paper Specification Shared Components Pack 1.0 . ==== Event Viewer Messages From Past Week ======== . 4/24/2011 9:52:40 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AliIde atapi IntelIde PCIIde Pcmcia ViaIde 4/24/2011 9:50:49 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 4/24/2011 9:47:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E} 4/24/2011 9:43:20 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix BANTExt Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss RsvLock Tcpip 4/24/2011 9:43:20 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. 4/24/2011 9:43:20 PM, error: Service Control Manager [7001] - The Message Queuing Triggers service depends on the Message Queuing service which failed to start because of the following error: The dependency service or group failed to start. 4/24/2011 9:43:20 PM, error: Service Control Manager [7001] - The Message Queuing service depends on the Distributed Transaction Coordinator service which failed to start because of the following error: The dependency service or group failed to start. 4/24/2011 9:43:20 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/24/2011 9:43:20 PM, error: Service Control Manager [7001] - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/24/2011 9:43:20 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/24/2011 9:43:20 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 4/24/2011 9:43:20 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/24/2011 9:43:20 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/24/2011 9:42:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} 4/24/2011 9:42:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 4/24/2011 8:36:09 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect. 4/24/2011 8:36:09 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/24/2011 6:29:35 PM, error: Service Control Manager [7034] - The HP ProtectTools Service service terminated unexpectedly. It has done this 1 time(s). . ==== End Of File =========================== I tried GMER again and followed your instructions unfortunately it didn't work so I went ahead and installed Rootkit Unhooker. RkU Version: 3.8.388.590, Type LE (SR2) ============================================== OS Name: Windows XP Version 5.1.2600 (Service Pack 3) Number of processors #2 ============================================== >Drivers ============================================== 0xF4584000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 6021120 bytes (Intel Corporation, Intel Graphics Miniport Driver) 0xF41AE000 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys 3629056 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver) 0xBF25B000 C:\WINDOWS\System32\igxpdx32.DLL 3174400 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology) 0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System) 0x804D7000 PnpManager 2154496 bytes 0x804D7000 RAW 2154496 bytes 0x804D7000 WMIxWDM 2154496 bytes 0xBF04F000 C:\WINDOWS\System32\igxpdv32.DLL 2146304 bytes (Intel Corporation, Component GHAL Driver) 0xBF800000 Win32k 1859584 bytes 0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver) 0xA8190000 C:\WINDOWS\system32\DRIVERS\snp2uvc.sys 1806336 bytes (-, UVC Camera Streaming Driver) 0xA993B000 C:\WINDOWS\system32\DRIVERS\AGRSM.sys 1204224 bytes (Agere Systems, SoftModem Device Driver) 0xF3FBF000 C:\WINDOWS\system32\DRIVERS\btkrnl.sys 856064 bytes (Broadcom Corporation., Bluetooth Bus Enumerator) 0xF71FE000 iaStor.sys 843776 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32) 0xF710A000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver) 0xA7FA3000 C:\WINDOWS\system32\drivers\btaudio.sys 524288 bytes (Broadcom Corporation., Bluetooth Audio Device) 0xF40EA000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic) 0xA80AB000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr) 0xF7072000 timntr.sys 438272 bytes (Acronis, Acronis True Image Backup Archive Explorer) 0xF3F09000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver) 0xA83DF000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver) 0xF7019000 tdrpman.sys 364544 bytes (Acronis, Acronis Try&Decide and Restore Points Volume Filter Driver) 0xA1AC8000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver) 0xA9A9D000 C:\WINDOWS\system32\drivers\ADIHdAud.sys 356352 bytes (Analog Devices, Inc., High Definition Audio Function Driver) 0xF4165000 C:\WINDOWS\system32\DRIVERS\yk51x86.sys 299008 bytes (Marvell, Miniport Driver for Marvell Yukon Ethernet Controller.) 0xA8397000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 294912 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher) 0xBF562000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver) 0xA103E000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack) 0xA806F000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver) 0xF40B3000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 225280 bytes (Synaptics, Inc., Synaptics Touchpad Driver) 0xA193F000 C:\WINDOWS\system32\drivers\RMCast.sys 204800 bytes (Microsoft Corporation, Reliable Multicast Transport) 0xF3F67000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector) 0xF7358000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT) 0xA1E48000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr) 0xF70DD000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver) 0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 176128 bytes (Intel Corporation, Intel Graphics 2D Driver) 0xA079B000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer) 0xA811B000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver) 0xA166F000 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 163840 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.) 0xF4524000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a) 0xA8168000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver) 0xF72E4000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver) 0xA8371000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator) 0xA8023000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver) 0xA9A79000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices)) 0xF454C000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver) 0xF4090000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library) 0xA8146000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock) 0x806E5000 ACPI_HAL 134400 bytes 0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL) 0xF71DE000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager) 0xF730A000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver) 0xA8047000 C:\WINDOWS\system32\DRIVERS\btwdndis.sys 122880 bytes (Broadcom Corporation., Bluetooth LAN Access Server Driver) 0xF7329000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver) 0xF6FFB000 snapman.sys 122880 bytes (Acronis, Acronis Snapshot API) 0xF71AE000 TPkd.sys 122880 bytes (PACE Anti-Piracy, Inc., InterLok system file) 0xF6FC8000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver) 0xF6FE2000 SafeBoot.sys 102400 bytes 0xA9A61000 C:\WINDOWS\system32\drivers\AEAudio.sys 98304 bytes (Andrea Electronics Corporation, Audio Noise Filtering Driver (32-bit)) 0xF72CC000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver) 0xF7197000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface) 0xA1999000 C:\WINDOWS\system32\drivers\mqac.sys 94208 bytes (Microsoft Corporation, Windows NT MQ Access Control Device Driver) 0xF3FA8000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption)) 0xA2530000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper) 0xF4570000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver) 0xA8438000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver) 0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver) 0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver) 0xF71CC000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver) 0xF7347000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator) 0xF3F97000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler) 0xA2635000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver) 0xF2342000 C:\WINDOWS\System32\Drivers\btwusb.sys 65536 bytes (Broadcom Corporation., Driver for Bluetooth USB Devices) 0xF7567000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver) 0xF7497000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver) 0xF2372000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter) 0xF7577000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver) 0xA2C79000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter) 0xF263C000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB) 0xF74A7000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver) 0xF74F7000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll) 0xF5C98000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver) 0xF7597000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver) 0xF2332000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0) 0xF74C7000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver) 0xF5C88000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR) 0xF7647000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver) 0xF4BA2000 C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 49152 bytes (Microsoft Corporation, Family Safety Filter Driver (TDI)) 0xF75B7000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol) 0xF2352000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver) 0xF5C78000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver) 0xF74B7000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager) 0xF75A7000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver) 0xF74D7000 SbAlg.sys 45056 bytes (SafeBoot N.V., SafeBoot FIPS AES Algorithm (256 bit)) 0xF7507000 sfaudio.sys 45056 bytes (Sonic Focus, Inc, Sonic Focus DSP driver for ADI) 0xA18B7000 C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.) 0xA1F22000 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.) 0xF7487000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver) 0xF269C000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy) 0xF75D7000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver) 0xF2382000 C:\WINDOWS\system32\DRIVERS\tifsfilt.sys 40960 bytes (Acronis, Acronis True Image File System Filter) 0xF7517000 AVGIDSEH.Sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.) 0xF74E7000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver) 0xF7587000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library) 0xF5CA8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver) 0xF75C7000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier) 0xF2787000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver) 0xA0CF6000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver) 0xF3015000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver) 0xF7847000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver) 0xF23F2000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver) 0xF7737000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver) 0xF3E7D000 C:\WINDOWS\system32\DRIVERS\btport.sys 28672 bytes (Broadcom Corporation., Bluetooth BTPORT Driver for Windows 2000) 0xF7797000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library) 0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension) 0xA8753000 C:\WINDOWS\system32\DRIVERS\sncduvc.SYS 28672 bytes (-, USBCAMD for Sonix UVC) 0xF7787000 C:\WINDOWS\system32\DRIVERS\Accelerometer.sys 24576 bytes (Hewlett-Packard Corporation, HP Accelerometer - SATA/RAID) 0xF778F000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter) 0xF77A7000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver) 0xF779F000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver) 0xF772F000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver) 0xA9842000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver) 0xF771F000 avgrkx86.sys 20480 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver) 0xF7717000 hpdskflt.sys 20480 bytes (Hewlett-Packard Corporation, HP Disk Filter - SATA/RAID) 0xF773F000 C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys 20480 bytes (Hewlett-Packard Development Company, L.P., HpqKbFiltr Keyboard Filter Driver) 0xA8763000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver) 0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager) 0xF777F000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library) 0xF7747000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver) 0xF7777000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper) 0xA738B000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver) 0xF789F000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver) 0xF65F5000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver) 0xF660D000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver) 0xF6EA4000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver) 0xF6E88000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver) 0xF78A3000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver) 0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver) 0xF789B000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver) 0xF65F1000 C:\WINDOWS\system32\DRIVERS\cpqbttn.sys 12288 bytes (Hewlett-Packard Development Company, L.P., HP Tablet PC Key Button HID Driver) 0xA51F6000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver) 0xF65E9000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver) 0xF6EC8000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver) 0xF65ED000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI) 0xF798F000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver) 0xF7A2F000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver) 0xF7991000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver) 0xF7A2D000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver) 0xF798B000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver) 0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL) 0xF7A31000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator) 0xF7A39000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport) 0xF7A3F000 C:\WINDOWS\System32\Drivers\RsvLock.SYS 8192 bytes (SafeBoot International, SafeBoot Reserved Files Lock Driver) 0xF7993000 SbFsLock.sys 8192 bytes (SafeBoot International, SafeBoot FS Locker) 0xF79C3000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator) 0xF79C1000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver) 0xF798D000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver) 0xF7989000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll) 0xF7ABA000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver) 0xA8A11000 C:\WINDOWS\System32\Drivers\BANTExt.sys 4096 bytes 0xF7AC6000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk) 0xF7A66000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver) 0xF7A50000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver) 0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver) ============================================== >Stealth ============================================== 0x04F60000 Hidden Image-->PTHostServices.dll [ EPROCESS 0x89411DA0 ] PID: 1384, 1413120 bytes 0x036F0000 Hidden Image-->PTHostServices.dll [ EPROCESS 0x822D4020 ] PID: 1748, 1413120 bytes 0x03710000 Hidden Image-->PTHostServices.dll [ EPROCESS 0x824C0570 ] PID: 4092, 1413120 bytes WARNING: File locked for read access [C:\WINDOWS\system32\drivers\SafeBoot.sys] 0x050C0000 Hidden Image-->System.XML.dll [ EPROCESS 0x89411DA0 ] PID: 1384, 2060288 bytes 0x05B60000 Hidden Image-->BIOSDomain.dll [ EPROCESS 0x89411DA0 ] PID: 1384, 258048 bytes 0x034B0000 Hidden Image-->BIOSDomain.dll [ EPROCESS 0x822D4020 ] PID: 1748, 258048 bytes 0x04D50000 Hidden Image-->BIOSDomain.dll [ EPROCESS 0x824C0570 ] PID: 4092, 258048 bytes 0x06770000 Hidden Image-->System.Security.dll [ EPROCESS 0x89411DA0 ] PID: 1384, 266240 bytes 0x00BE0000 Hidden Image-->Interop.PTHstServsLib.dll [ EPROCESS 0x89411DA0 ] PID: 1384, 28672 bytes 0x057E0000 Hidden Image-->Interop.HPQWMIEXLib.dll [ EPROCESS 0x89411DA0 ] PID: 1384, 28672 bytes 0x04EC0000 Hidden Image-->Interop.HPQWMIEXLib.dll [ EPROCESS 0x822D4020 ] PID: 1748, 28672 bytes 0x063C0000 Hidden Image-->Interop.HPQWMIEXLib.dll [ EPROCESS 0x824C0570 ] PID: 4092, 28672 bytes 0x034A0000 Hidden Image-->Interop.PTHstServsLib.dll [ EPROCESS 0x824C0570 ] PID: 4092, 28672 bytes 0x052E0000 Hidden Image-->System.dll [ EPROCESS 0x89411DA0 ] PID: 1384, 3190784 bytes 0x05710000 Hidden Image-->Interop.PTPluginLib.dll [ EPROCESS 0x89411DA0 ] PID: 1384, 36864 bytes 0x03930000 Hidden Image-->Interop.PTPluginLib.dll [ EPROCESS 0x822D4020 ] PID: 1748, 36864 bytes 0x04DA0000 Hidden Image-->Interop.PTPluginLib.dll [ EPROCESS 0x824C0570 ] PID: 4092, 36864 bytes !!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =) There you go
  6. Rose27

    Bad Image Error

    Hello JonTom thank you for your reply, your help is greatly appreciated Here is the log from the Malwarebytes quick scan I performed. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6433 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 4/24/2011 9:47:56 PM mbam-log-2011-04-24 (21-47-56).txt Scan type: Quick scan Objects scanned: 161690 Time elapsed: 4 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 8 Registry Data Items Infected: 3 Folders Infected: 2 Files Infected: 5 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\AppID\activex.DLL (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\KOO9RV9K4Z (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rundll32 (Trojan.Agent) -> Value: rundll32 -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KOO9RV9K4Z (Trojan.FakeAlert) -> Value: KOO9RV9K4Z -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{3580F21D-E72E-8749-4BF0-6EFFFB498BA2} (Trojan.ZbotR.Gen) -> Value: {3580F21D-E72E-8749-4BF0-6EFFFB498BA2} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\adver_id (Malware.Trace) -> Value: adver_id -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rundll32 (Trojan.Agent) -> Value: rundll32 -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Documents and Settings\Rosario\Application Data\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe C:\WINDOWS\system32\ntdevice.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully. Folders Infected: c:\program files\premieropinion (Trojan.Agent) -> Quarantined and deleted successfully. c:\program files\premieropinion\components (Trojan.Agent) -> Quarantined and deleted successfully. Files Infected: c:\documents and settings\Rosario\application data\microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> Quarantined and deleted successfully. c:\documents and settings\Rosario\pizda_bkurl.dat (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. c:\WINDOWS\Tasks\{35dc3473-a719-4d14-b7c1-fd326ca84a0c}.job (Trojan.Downloader) -> Quarantined and deleted successfully. DSS Log . DDS (Ver_11-03-05.01) - NTFSx86 Run by Rosario at 12:10:37.65 on Tue 04/26/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1977.927 [GMT 10:00] . AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\WINDOWS\System32\svchost.exe -k Cognizance C:\WINDOWS\system32\svchost -k DcomLaunch c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\AccelerometerSt.Exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe svchost.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe c:\Program Files\ActivIdentity\ActivClient\accoca.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\FolderSize\FolderSizeSvc.exe c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe C:\Program Files\Lexmark S300-S400 Series\ezprint.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\iTunes\iTunesHelper.exe c:\Program Files\ActivIdentity\ActivClient\acevents.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxeaserv.exe C:\WINDOWS\system32\lxeacoms.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Documents and Settings\Rosario\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Rosario\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Rosario\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Rosario\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Rosario\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Data\Rose\My Documents\Downloads\dds.scr . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = <local>;*.local BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [DeskSpace] f:\lol!!!\deskspace.exe uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [Google Update] "c:\documents and settings\rosario\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [MsmqIntCert] regsvr32 /s mqrt.dll mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.Exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [<NO NAME>] mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe" mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [soundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe" mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe" mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun mRun: [lxeamon.exe] "c:\program files\lexmark s300-s400 series\lxeamon.exe" mRun: [EzPrint] "c:\program files\lexmark s300-s400 series\ezprint.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\docume~1\rosario\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\rosario\start menu\programs\imvu\Run IMVU.lnk IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} - hxxp://games.bigfishgames.com/en_cooking-dash/online/CookingDashWeb.1.0.0.9.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: ackpbsc - c:\windows\system32\ackpbsc.dll Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll Notify: igfxcui - igfxdev.dll Notify: OneCard - c:\program files\hewlett-packard\iam\bin\ASWLNPkg.dll AppInit_DLLs: c:\windows\system32\mmsfejfej.dll APSHook.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll LSA: Authentication Packages = msv1_0 relog_ap LSA: Notification Packages = scecli ASWLNPkg . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\rosario\applic~1\mozilla\firefox\profiles\9zefja6f.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=hp#!/?sk=lf|http://www.tumblr.com/dashboard FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 50370 FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll FF - plugin: c:\documents and settings\rosario\application data\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\documents and settings\rosario\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064] R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2008-5-14 108752] R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2008-5-14 51376] R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2008-5-14 12928] R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-3-28 24064] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984] R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2008-5-14 12496] R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-16 182576] R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336] R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720] R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-17 54752] R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2008-5-15 34184] R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2008-5-14 256512] R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?] R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2010-6-3 98984] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 26192] R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-6-24 193840] S0 kjnqryzwzr;kjnqryzwzr;c:\windows\system32\drivers\brootjul.sys [2010-9-28 0] S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864] . =============== Created Last 30 ================ . 2011-04-25 05:25:23 388096 ----a-r- c:\docume~1\rosario\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-04-25 05:25:21 -------- d-----w- c:\program files\Trend Micro 2011-04-24 10:16:09 -------- d-----w- c:\docume~1\rosario\applic~1\Malwarebytes 2011-04-24 10:15:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-04-24 10:15:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-04-24 10:15:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-24 10:15:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-04-22 07:39:46 20 ----a-w- c:\windows\system32\MMSFEJFEJ.DLL 2011-04-22 03:49:00 -------- d-----w- c:\program files\iPod 2011-04-22 03:45:02 -------- d-----w- c:\program files\Bonjour 2011-04-18 08:28:46 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll 2011-04-18 08:28:46 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll 2011-04-18 08:28:46 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll 2011-04-18 08:28:45 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll 2011-04-18 08:28:45 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll 2011-04-18 08:28:45 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll 2011-04-18 08:28:45 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-04-18 08:28:44 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll 2011-04-06 06:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 06:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe . ==================== Find3M ==================== . 2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll 2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-02-22 23:06:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec 2011-02-18 05:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll 2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll 2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll 2011-02-02 11:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-02 09:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-02-02 06:11:20 222080 -c----w- c:\windows\system32\MpSigStub.exe 2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe . ============= FINISH: 12:12:31.93 =============== I followed your instructions for the GMER Rootkit Scanner but when it came to performing the scan it worked for a while before suddenly my computer would freeze and a blue window came up with a lot of writing that disappeared to quickly for me to read then my computer restarted. I tried the scan a second time with the same results. Any ideas as to why this is happening?
  7. Rose27

    Bad Image Error

    Hello, I'm new to the community. I've been experiencing a very annoying problem for the past few days and would greatly appreciate some help fixing it. Every time I boot up my computer, even before I make it to the desktop I get a Bad Image error message. When I type in my password and log in I then receive dozens of Bad Image messages. Once I click OK for all these I am then able to use everything as normal except for receiving a Bad Image message before I run a program - for example when I open up Microsoft Word I get a message titled WINWORD.EXE - Bad Image. The application or DLL C:\***** .dll is not a valid Windows Image. Please check this against your installation diskette. Similar to what is described in http://forums.pcpits...error-resolved/ and http://forums.pcpits...in-xp-resolved/ I scanned my computer using my Anti-Virus program AVG Anti-Virus Free Addition 2011 which came up with nothing. So on advice from a friend I downloaded and scanned my computer using Malwarebytes Anti-Malware. I did a quick scan which found multiple problems and I was able remove them all. Unfortunately this didn't solve the problem so I did a full scan just to be sure which found no other problems that could explain why I was still receiving Bad Image error messages. I've been looking for answers for the past few days now and I have seen many people resolve this same problem different ways through this forum so I am hoping that I will find help here too. Any help would be very much appreciated, thank you. Here is my HJT log. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 4:13:55 PM, on 4/25/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\spoolsv.exe c:\Program Files\ActivIdentity\ActivClient\accoca.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\FolderSize\FolderSizeSvc.exe c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxeaserv.exe C:\WINDOWS\system32\lxeacoms.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVG\AVG10\avgnsx.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\AccelerometerSt.Exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe c:\Program Files\ActivIdentity\ActivClient\acevents.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe C:\Program Files\Lexmark S300-S400 Series\ezprint.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Documents and Settings\Rosario\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Documents and Settings\Rosario\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Rosario\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Rosario\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Documents and Settings\Rosario\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Rosario\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.Exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun O4 - HKLM\..\Run: [lxeamon.exe] "C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark S300-S400 Series\ezprint.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [DeskSpace] F:\LoL!!!\deskspace.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Rosario\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Rosario\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} (CPlayFirstCookingDasControl Object) - http://games.bigfish...Web.1.0.0.9.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\mmsfejfej.dll APSHook.dll O20 - Winlogon Notify: ackpbsc - c:\WINDOWS\system32\ackpbsc.dll O20 - Winlogon Notify: acunlock - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll O20 - Winlogon Notify: OneCard - c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: lxeaCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe O23 - Service: lxea_device - - C:\WINDOWS\system32\lxeacoms.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- End of file - 16382 bytes
×