Jump to content
Sign in to follow this  
Slade2

Bad Image Errors \ Datamngr.dll

Recommended Posts

This all started yesterday upon start up. A constant stream of bad image / dll errors. All the messages are the same. The error reads as follows "C:\PROGRA~2\IMESHA~1\mediabar\datamngr\x64\datamngr.dll is either not designed to run on windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support." The only part that varies is the .exe file that has the bad image error. None of these errors are seeming to impact the computers preformance, but the sheer amount of them are quite annoying. I was told that there has not been anything installed on the computer resently, until i download hijackthis, malwarebytes, and DDS. I hope someone here can help me, I am typical quite good finding solutions to computer issues, but this one needs some real pros. I have copied the DDS log and the HJT log below.

 

Below is the DDS log.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Brittany at 21:12:04 on 2012-05-07

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4057.2107 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\RUNDLL32.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\Ask.com\Updater\Updater.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\splwow64.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\AVG\AVG2012\avgui.exe

C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uWindow Title = Internet Explorer, optimized for Bing and MSN

uInternet Settings,ProxyOverride = <local>;*.local

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll

mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll

BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll

TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

TB: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2

mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [<NO NAME>]

mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\Users\Brittany\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{37243987-C644-45F9-8767-25A177AA99F3} : DhcpNameServer = 8.8.8.8 8.8.4.4 4.2.2.1

TCP: Interfaces\{39CEA3B2-6B65-4778-B634-995915D72C63} : DhcpNameServer = 192.168.1.254

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll

BHO-X64: MediaBar - No File

BHO-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

BHO-X64: Conduit Engine - No File

BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO-X64: Canon Easy-WebPrint EX BHO - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll

BHO-X64: BitTorrentBar - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

TB-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll

TB-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

TB-X64: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll

TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB-X64: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File

EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2

mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [(Default)]

mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe [?]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-9-23 155648]

R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-5-3 517632]

R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-4-22 92592]

R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc --> RUNDLL32.EXE ykx64coinst,serviceStartProc [?]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA009Ufd.sys --> C:\Windows\system32\DRIVERS\OA009Ufd.sys [?]

R3 OA009Vid;Creative Camera OA009 Function Driver;C:\Windows\system32\DRIVERS\OA009Vid.sys --> C:\Windows\system32\DRIVERS\OA009Vid.sys [?]

R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-17 89920]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-05-08 01:34:07 -------- d-----w- C:\Lop SD

2012-05-08 01:22:52 -------- d-----w- C:\Users\Brittany\AppData\Roaming\Malwarebytes

2012-05-08 01:22:36 -------- d-----w- C:\ProgramData\Malwarebytes

2012-05-08 01:22:35 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-05-08 01:22:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-15 23:37:03 78848 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-15 23:37:03 5632 ----a-w- C:\Windows\System32\wmi.dll

2012-04-15 23:37:03 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-15 23:37:03 219136 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-15 23:37:03 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-15 23:37:03 16384 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-15 23:37:02 157696 ----a-w- C:\Windows\SysWow64\imagehlp.dll

.

==================== Find3M ====================

.

2012-03-05 00:31:16 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-14 16:49:43 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll

2012-02-14 16:49:43 196096 ----a-w- C:\Windows\System32\d3d10_1.dll

2012-02-14 15:45:30 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2012-02-14 15:45:30 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2012-02-13 14:38:31 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll

2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2012-02-13 14:06:48 834048 ----a-w- C:\Windows\System32\d2d1.dll

2012-02-13 14:03:11 1555968 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-13 13:47:57 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll

2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll

.

============= FINISH: 21:12:34.49 ===============

 

 

Below is the HJT log.

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:08:08 PM, on 5/7/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\Ask.com\Updater\Updater.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\AVG\AVG2012\avgui.exe

C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Brittany\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll

F2 - REG:system.ini: UserInit=userinit.exe,

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll (file missing)

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: BitTorrentBar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

O3 - Toolbar: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll (file missing)

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')

O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab

O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} (WebBrowserType Class) - https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe (file missing)

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--

End of file - 12440 bytes

Share this post


Link to post
Share on other sites

Hello Slade2 and :wp:

 

My name is JonTom

  • Malware Logs can sometimes take a lot of time to research and interpret.
  • Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
  • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  • Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
  • PLEASE NOTE: If you do not reply after 3 days your thread will be closed.
When you ran DDS two logs would have been produced.

 

You have posted the DDS.txt log but I also need to see the attach.txt log.

 

In addition to the attach.txt log please run the following scan and post the log created:

  • aswMBR

  • Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the "Scan" button to start scan.

Posted Image

 

  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Posted Image

 

Please post the attach.txt log and the aswMBR log in your next reply.

Share this post


Link to post
Share on other sites

Thanks for the reply JonTom. I had some issues with the aswMBR scan. It kept freezing and blue screened the computer twice. I ran the scan several times but it seemed to keep getting hung up on the same portion of the scan, each time the scan sat for 20 minutes. Finally on the last attempt it sat on the portion with no activity for 45 minutes, so at that point i created the log that is posted below.

 

below is the attach.txt as requested.

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 3/13/2009 2:42:44 AM

System Uptime: 5/7/2012 8:40:55 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 0G848F

Processor: Intel® Core2 Duo CPU T6400 @ 2.00GHz | Microprocessor | 1600/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 283 GiB total, 167.407 GiB free.

E: is FIXED (NTFS) - 15 GiB total, 6.857 GiB free.

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

.

Update for Microsoft Office 2007 (KB2508958)

Acrobat.com

Adobe AIR

Adobe Creative Suite

Adobe Flash Player 11 ActiveX

Adobe Reader 9.5.0

Adobe SVG Viewer 3.0

Advanced Audio FX Engine

Apple Application Support

Apple Software Update

BitTorrent

Canon Easy-WebPrint EX

Canon MP Navigator EX 3.0

Canon MP560 series User Registration

Canon Utilities Easy-PhotoPrint EX

Canon Utilities My Printer

Canon Utilities Solution Menu

Choice Guard

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Compatibility Pack for the 2007 Office system

Conduit Engine

Consumer In-Home Service Agreement

Coupon Printer for Windows

Cozi

Dell Getting Started Guide

Dell Webcam Central

DELL0604

EDocs

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Java Auto Updater

Java 6 Update 31

Junk Mail filter update

Live! Cam Avatar Creator

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Office Word Viewer 2003

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

MSVCRT

PowerDVD

QuickTime

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

TomTom HOME 2.8.2.2264

TomTom HOME Visual Studio Merge Modules

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Visual C++ 8.0 Runtime Setup Package (x64)

Visual Studio 2008 x64 Redistributables

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

.

==== Event Viewer Messages From Past Week ========

.

5/7/2012 8:43:00 PM, Error: Service Control Manager [7000] - The Intel® PRO/1000 PCI Express Network Connection Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

5/7/2012 8:43:00 PM, Error: Service Control Manager [7000] - The Intel® PRO/1000 NDIS 6 Adapter Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

.

==== End Of File ===========================

 

Below is the MBR log - it should be noted that this scan kept locking up and blue screening the computer.

 

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-05-08 19:43:38

-----------------------------

19:43:38.786 OS Version: Windows x64 6.0.6002 Service Pack 2

19:43:38.786 Number of processors: 2 586 0x170A

19:43:38.786 ComputerName: BRITTANY-PC UserName: Brittany

19:43:41.532 Initialize success

19:43:53.702 AVAST engine defs: 12050801

19:44:58.271 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

19:44:58.271 Disk 0 Vendor: SAMSUNG_ 2SS0 Size: 305245MB BusType: 3

19:44:58.302 Disk 0 MBR read successfully

19:44:58.317 Disk 0 MBR scan

19:44:58.317 Disk 0 Windows VISTA default MBR code

19:44:58.364 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63

19:44:58.411 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920

19:44:58.427 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 290204 MB offset 30801920

19:44:58.536 Disk 0 scanning C:\Windows\system32\drivers

19:45:29.814 Service scanning

19:46:11.607 Modules scanning

19:46:11.607 Disk 0 trace - called modules:

19:46:11.638 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll

19:46:11.638 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048f0790]

19:46:11.654 3 CLASSPNP.SYS[fffffa60011d0c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800457b050]

19:46:29.360 AVAST engine scan C:\Windows

19:46:56.176 AVAST engine scan C:\Windows\system32

19:54:03.849 AVAST engine scan C:\Windows\system32\drivers

19:54:25.769 AVAST engine scan C:\Users\Brittany

20:02:36.422 Disk 0 MBR has been saved successfully to "C:\Users\Brittany\Desktop\MBR.dat"

20:02:36.422 The log file has been saved successfully to "C:\Users\Brittany\Desktop\aswMBR.txt"

Share this post


Link to post
Share on other sites

Hello Slade2

 

Thank you for the logs.

 

it should be noted that this scan kept locking up and blue screening the computer

The log appears to be fine. Not sure why it locked up the machine.

  • P2P Programs:

  • P2P programs are a major source of Malware infections.
  • From your log I see you have BitTorrent. We do not pass judgment on file-sharing, however we must inform you that engaging in this activity and having this kind of software installed on your system will always make you more susceptible to Malware infections.
  • The use of P2P programs may be contributing to your current situation, and you would certainly be doing yourself a favour by removing them.
  • If you wish to keep the program(s), please do not use them until your computer is cleaned.
  • Information regarding the risk of using these programs can be found from here and here.
  • It is strongly recommend that you uninstall any P2P programs you have on your system.
  • To do this, Click on the "Windows Orb" (bottom left hand corner of your screen), then on "Computer" and then on the "Uninstall or Change a Program" tab.
  • A list of currently installed programs will be displayed.
  • Find the "BitTorrent" program, click on it once and then click on the "Uninstall" button.
  • If you are prompted to re-boot your computer to complete the uninstall please do so.

     

     

    PLEASE NOTE:

  • Even if you are using a P2P program that is deemed safe, it is only the program that is safe. Any files that you receive using a "safe" P2P program may be infected with Malware. The malware writers use P2P file-sharing as a major conduit to spread infected files.

 

You presently have AVG installed. In order to run the required tools AVG will need to be uninstalled (you can do this through Add/Remove Programs).

 

Once uninstalled, please stay off the net except to post logs back here.

  • Combofix

  • Download ComboFix from one of the following locations:

     

    Link 1

    Link 2

  • VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here.
  • Right click on ComboFix.exe and select "Run as Administrator" to run the program. Follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Posted Image

 

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Posted Image

 

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
  • Should there be issues with internet afterward:

     

    In IE: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings -> uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

     

    In Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.

Please post the Combofix log in your next reply.

 

Share this post


Link to post
Share on other sites

Thanks for the reply JonTom.

 

Below is the log from Combofix

 

 

ComboFix 12-05-09.01 - Brittany 05/09/2012 19:47:19.1.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4057.2176 [GMT -5:00]

Running from: c:\users\Brittany\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-04-10 to 2012-05-10 )))))))))))))))))))))))))))))))

.

.

2012-05-10 00:57 . 2012-05-10 00:57 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-09 00:52 . 2012-03-30 12:45 1423744 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-08 01:34 . 2012-05-08 01:34 -------- d-----w- C:\Lop SD

2012-05-08 01:22 . 2012-05-08 01:22 -------- d-----w- c:\users\Brittany\AppData\Roaming\Malwarebytes

2012-05-08 01:22 . 2012-05-08 01:22 -------- d-----w- c:\programdata\Malwarebytes

2012-05-08 01:22 . 2012-05-08 01:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-08 01:22 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-15 23:37 . 2012-02-29 15:37 5632 ----a-w- c:\windows\system32\wmi.dll

2012-04-15 23:37 . 2012-02-29 15:37 219136 ----a-w- c:\windows\system32\wintrust.dll

2012-04-15 23:37 . 2012-02-29 15:35 78848 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-15 23:37 . 2012-02-29 15:11 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-15 23:37 . 2012-02-29 15:11 172032 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-15 23:37 . 2012-02-29 13:52 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-15 23:37 . 2012-02-29 15:09 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-05 00:31 . 2010-07-17 04:17 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]

.

c:\users\Brittany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-11-27 110592]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-09-04 272896]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-09 153624]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-09 225816]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-09 200216]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 4119552]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2008-08-21 2037328]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 2184520]

"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>;*.local

TCP: DhcpNameServer = 192.168.1.254

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)

BHO-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

Toolbar-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll

Toolbar-10 - (no file)

Toolbar-10 - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)

HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe

HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Dell\DellDock\DockLogin.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files (x86)\Common Files\Motive\McciCMService.exe

c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe

.

**************************************************************************

.

Completion time: 2012-05-09 20:29:09 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-10 01:29

.

Pre-Run: 179,143,610,368 bytes free

Post-Run: 178,779,148,288 bytes free

.

- - End Of File - - 6C08AFF5DD09689376CE570903BBD3D9

Share this post


Link to post
Share on other sites

Hello Slade2

 

Thank you for the log.

 

 

Are you still receiving the bad image error messages?

 

Have you ran Lop SD on this machine? Who recommended you do so?

 

  • Temporary File Cleaner

  • Download TFC to your desktop.
  • Close any open windows.
  • Right click the TFC icon and select "Run as Administrator" to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish.
  • Once complete it should automatically reboot your machine.
  • If your machine does not reboot automatically, manually reboot to ensure a complete clean.
  • Note: After running TFC your machine may take slightly longer to boot the first time. This is normal.
  • MalwareBytes AntiMalware:

    • I can see that you have MBAM installed.
    • Double click on your MalwareBytes AntiMalware icon to launch the program.
    • Click on the "Update" tab and then on "Check for Updates".
    • The program will now install the latest Malware definition files.
    • Once complete, click on the "Scanner" tab, select "Perform FULL Scan"and then click on "Scan".
    • Once the program has scanned your computer, a log file will be created in Notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
    • The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
    • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
    • Come back here to this thread and Paste the log in your next reply.
  • Please run the following scan

    • Note: You will need to use Internet Explorer for this scan.
    • Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator".
    • Please disable your real time security programs before performing the scan.
    • Scan your system with Eset Online Scanner
    • Place a check mark in the box YES, I accept the Terms Of Use.
    • Click the Posted Image button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
    • Check Posted Image
    • Click the Posted Image button.
    • Accept any security warnings from your browser.
    • Check Posted Image
    • Make sure that the option to "Remove Found Threats" is UN checked.
    • Push the "Start" button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push Posted Image
    • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the Posted Image button.
    • Push Posted Image
    Please post the MBAM log and the ESET log in your next reply.

Share this post


Link to post
Share on other sites

The errors have stopped!

 

I am not sure how to answer your question about LOP SD, because i am not sure what that program is. The problem on the machine was brought to my attention after some investiagation had been done, but no "fixing programs" run. The only program diagnostics were run by me, and only the programs you requested were run.

 

Below are the logs you requested. the three scans did not find anything. The ESET did not give me the option to export a text log.

 

I have attached a file that shows the final screen from ESET. Well apparently i cannot upload a file of this type. So below i have typed out the final screen.

 

No threats found.

scanned files: 1789793

Infected files: 0

Cleaned file: 0

Total scan time: 01:47:41

Scan Status: Finished

 

Select unistall if you want to remove all ESET online scanner files from your computer. the next time you run the ESET online scanner, they will need to be downloaded again.

 

The only option i have is push "finish"

 

Below is the log from MBAM

 

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.10.04

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

Brittany :: BRITTANY-PC [administrator]

5/10/2012 7:01:45 PM

mbam-log-2012-05-10 (19-01-45).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 377365

Time elapsed: 1 hour(s), 24 minute(s), 40 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Hello Slade2

 

The only option i have is push "finish"

Thats okay :)

 

i am not sure what that program is

Nothing to worry about :)

 

The errors have stopped!

Thats what we like to hear!

 

MBAM looks good, and no ESET log is produced if no infections are found.

 

 

Please re-install your AVG and post a new set of DDS logs for me to review.

Share this post


Link to post
Share on other sites

The AVG has been reinstalled.

 

below are the DDS log you requested.

 

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Brittany at 18:15:03 on 2012-05-12

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4057.2494 [GMT -5:00]

.

AV: AVG Anti-Virus 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:PROGRA~2AVGAVG2012avgrsa.exe

C:Program Files (x86)AVGAVG2012avgcsrva.exe

C:Windowssystem32wininit.exe

C:Windowssystem32lsm.exe

C:Windowssystem32svchost.exe -k DcomLaunch

C:Windowssystem32svchost.exe -k rpcss

C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted

C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted

C:Windowssystem32svchost.exe -k netsvcs

C:WindowsSystem32DriverStoreFileRepositorystwrt64.inf_cce24a4cSTacSV64.exe

C:Windowssystem32svchost.exe -k GPSvcGroup

C:Windowssystem32SLsvc.exe

C:Windowssystem32svchost.exe -k LocalService

C:Program FilesDellDellDockDockLogin.exe

C:Windowssystem32svchost.exe -k NetworkService

C:WindowsSystem32WLTRYSVC.EXE

C:WindowsSystem32bcmwltry.exe

C:Windowssystem32WLANExt.exe

C:WindowsSystem32spoolsv.exe

C:Windowssystem32svchost.exe -k LocalServiceNoNetwork

C:WindowsSystem32DriverStoreFileRepositorystwrt64.inf_cce24a4cAESTSr64.exe

C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe

C:Program Files (x86)AVGAVG2012avgwdsvc.exe

C:Program Files (x86)MicrosoftBingBarBBSvc.EXE

C:Program Files (x86)MicrosoftBingBarSeaPort.EXE

C:Program FilesBonjourmDNSResponder.exe

C:Program Files (x86)AVGAVG2012avgnsa.exe

C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTMon.exe

C:Program Files (x86)Common FilesMotiveMcciCMService.exe

C:Program FilesCommon FilesMotiveMcciCMService.exe

C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted

C:Windowssystem32svchost.exe -k imgsvc

C:Program Files (x86)TomTom HOME 2TomTomHOMEService.exe

C:WindowsSystem32svchost.exe -k WerSvcGroup

C:Windowssystem32SearchIndexer.exe

C:Windowssystem32RUNDLL32.EXE

C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe

C:Windowssystem32 askeng.exe

C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation

C:Windowssystem32Dwm.exe

C:Windowssystem32 askeng.exe

C:WindowsExplorer.EXE

C:Program FilesDellTPadApoint.exe

C:WindowsSystem32hkcmd.exe

C:WindowsSystem32igfxpers.exe

C:WindowsSystem32WLTRAY.EXE

C:Program Files (x86)IntelIntel Matrix Storage ManagerIAAnotif.exe

C:Program FilesCanonMyPrinterBJMYPRT.EXE

C:Program FilesIDTWDMsttray64.exe

C:Program FilesWindows Sidebarsidebar.exe

C:Windowsehomeehtray.exe

C:Program Files (x86)TomTom HOME 2TomTomHOMERunner.exe

C:Program FilesDellDellDockDellDock.exe

C:Program FilesCyberLinkPowerDVD DXPDVDDXSrv.exe

C:Program Files (x86)Common FilesJavaJava Updatejusched.exe

C:Program Files (x86)AdobeReader 9.0Readerreader_sl.exe

C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe

C:Program Files (x86)iTunesiTunesHelper.exe

C:Program Files (x86)AVGAVG2012avgtray.exe

C:Program Files (x86)AVGAVG2012avgcsrva.exe

C:Program FilesiPodbiniPodService.exe

C:Program FilesWindows Media Playerwmpnscfg.exe

C:Program FilesWindows Media Playerwmpnetwk.exe

C:Windowssystem32wbemwmiprvse.exe

C:Windowssystem32igfxsrvc.exe

C:Windowsehomeehmsas.exe

C:Program FilesDellTPadApMsgFwd.exe

C:Program FilesDellTPadHidFind.exe

C:Program FilesDellTPadApntex.exe

C:WindowsservicingTrustedInstaller.exe

C:Windowssystem32vssvc.exe

C:Windowssystem32DllHost.exe

C:Windowssystem32DllHost.exe

C:WindowsSysWOW64cmd.exe

C:WindowsSysWOW64cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = <local>;*.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll

BHO: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:PROGRA~2IMESHA~1MediaBarToolBarimeshdtxmltbpi.dll

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:Program Files (x86)CanonEasy-WebPrint EXewpexbho.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:Program Files (x86)AVGAVG2012avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:Program Files (x86)Javajre6binssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:Program Files (x86)MicrosoftBingBarBingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:Program Files (x86)Javajre6binjp2ssv.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:Program Files (x86)CanonEasy-WebPrint EXewpexhlp.dll

TB: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:PROGRA~2IMESHA~1MediaBarToolBarimeshdtxmltbpi.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:Program Files (x86)MicrosoftBingBarBingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:Program Files (x86)CanonEasy-WebPrint EXewpexhlp.dll

uRun: [sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun

uRun: [ehTray.exe] C:WindowsehomeehTray.exe

uRun: [TomTomHOME.exe] "C:Program Files (x86)TomTom HOME 2TomTomHOMERunner.exe"

mRun: [Dell Webcam Central] "C:Program Files (x86)Dell WebcamDell Webcam CentralWebcamDell.exe" /mode2

mRun: [PDVDDXSrv] "C:Program FilesCyberLinkPowerDVD DXPDVDDXSrv.exe"

mRun: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"

mRun: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"

mRun: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe"

mRun: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"

mRun: [QuickTime Task] "C:Program Files (x86)QuickTimeQTTask.exe" -atboottime

mRun: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe"

mRun: [AVG_TRAY] "C:Program Files (x86)AVGAVG2012avgtray.exe"

StartupFolder: C:UsersBrittanyAppDataRoamingMICROS~1WindowsSTARTM~1ProgramsStartupDELLDO~1.LNK - C:Program Files (x86)DellDellDockDellDock.exe

StartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupADOBEG~1.LNK - C:Program Files (x86)Common FilesAdobeCalibrationAdobe Gamma Loader.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:PROGRA~2MICROS~2Office12REFIEBAR.DLL

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces{37243987-C644-45F9-8767-25A177AA99F3} : DhcpNameServer = 8.8.8.8 8.8.4.4 4.2.2.1

TCP: Interfaces{39CEA3B2-6B65-4778-B634-995915D72C63} : DhcpNameServer = 192.168.1.254

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:Program Files (x86)Cozi ExpressCoziProtocolHandler.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG2012avgpp.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:PROGRA~2IMESHA~1MediaBarToolBarimeshdtxmltbpi.dll

BHO-X64: MediaBar - No File

BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:Program Files (x86)CanonEasy-WebPrint EXewpexbho.dll

BHO-X64: Canon Easy-WebPrint EX BHO - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files (x86)AVGAVG2012avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre6binssv.dll

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:Program Files (x86)MicrosoftBingBarBingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dll

TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:Program Files (x86)CanonEasy-WebPrint EXewpexhlp.dll

TB-X64: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:PROGRA~2IMESHA~1MediaBarToolBarimeshdtxmltbpi.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:Program Files (x86)MicrosoftBingBarBingExt.dll"

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File

mRun-x64: [Dell Webcam Central] "C:Program Files (x86)Dell WebcamDell Webcam CentralWebcamDell.exe" /mode2

mRun-x64: [PDVDDXSrv] "C:Program FilesCyberLinkPowerDVD DXPDVDDXSrv.exe"

mRun-x64: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"

mRun-x64: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe"

mRun-x64: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"

mRun-x64: [QuickTime Task] "C:Program Files (x86)QuickTimeQTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe"

mRun-x64: [AVG_TRAY] "C:Program Files (x86)AVGAVG2012avgtray.exe"

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:Windowssystem32DRIVERSAVGIDSEH.Sys --> C:Windowssystem32DRIVERSAVGIDSEH.Sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:Windowssystem32DRIVERSavgrkx64.sys --> C:Windowssystem32DRIVERSavgrkx64.sys [?]

R0 PxHlpa64;PxHlpa64;C:Windowssystem32DriversPxHlpa64.sys --> C:Windowssystem32DriversPxHlpa64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:Windowssystem32DRIVERSavgldx64.sys --> C:Windowssystem32DRIVERSavgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:Windowssystem32DRIVERSavgmfx64.sys --> C:Windowssystem32DRIVERSavgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:Windowssystem32DRIVERSavgtdia.sys --> C:Windowssystem32DRIVERSavgtdia.sys [?]

R2 AESTFilters;Andrea ST Filters Service;C:WindowsSystem32DriverStoreFileRepositorystwrt64.inf_cce24a4cAESTSr64.exe --> C:WindowsSystem32DriverStoreFileRepositorystwrt64.inf_cce24a4cAESTSr64.exe [?]

R2 AVGIDSAgent;AVGIDSAgent;C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;C:Program Files (x86)AVGAVG2012avgwdsvc.exe [2011-8-2 192776]

R2 BBSvc;Bing Bar Update Service;C:Program Files (x86)MicrosoftBingBarBBSvc.EXE [2011-10-21 196176]

R2 BBUpdate;BBUpdate;C:Program Files (x86)MicrosoftBingBarSeaPort.EXE [2011-10-13 249648]

R2 DockLoginService;Dock Login Service;C:Program FilesDellDellDockDockLogin.exe [2008-9-23 155648]

R2 FontCache;Windows Font Cache Service;C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 McciCMService64;McciCMService64;C:Program FilesCommon FilesMotiveMcciCMService.exe [2011-5-3 517632]

R2 TomTomHOMEService;TomTomHOMEService;C:Program Files (x86)TomTom HOME 2TomTomHOMEService.exe [2011-4-22 92592]

R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc --> RUNDLL32.EXE ykx64coinst,serviceStartProc [?]

R3 AVGIDSDriver;AVGIDSDriver;C:Windowssystem32DRIVERSAVGIDSDriver.Sys --> C:Windowssystem32DRIVERSAVGIDSDriver.Sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:Windowssystem32DRIVERSAVGIDSFilter.Sys --> C:Windowssystem32DRIVERSAVGIDSFilter.Sys [?]

R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;C:Windowssystem32DRIVERSOA009Ufd.sys --> C:Windowssystem32DRIVERSOA009Ufd.sys [?]

R3 OA009Vid;Creative Camera OA009 Function Driver;C:Windowssystem32DRIVERSOA009Vid.sys --> C:Windowssystem32DRIVERSOA009Vid.sys [?]

R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:Windowssystem32DRIVERSyk60x64.sys --> C:Windowssystem32DRIVERSyk60x64.sys [?]

S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:WindowsMicrosoft.NETFramework64v2.0.50727mscorsvw.exe [2009-9-17 89920]

S3 PerfHost;Performance Counter DLL Host;C:WindowsSysWOW64perfhost.exe [2008-1-20 19968]

S3 USBAAPL64;Apple Mobile USB Driver;C:Windowssystem32Driversusbaapl64.sys --> C:Windowssystem32Driversusbaapl64.sys [?]

.

=============== File Associations ===============

.

JSEFile=C:WindowsSysWOW64WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-05-10 01:59:41 -------- d-sh--w- C:$RECYCLE.BIN

2012-05-10 01:54:57 -------- d-----w- C:WindowsSysWow64driversAVG

2012-05-10 00:43:01 98816 ----a-w- C:Windowssed.exe

2012-05-10 00:43:01 518144 ----a-w- C:WindowsSWREG.exe

2012-05-10 00:43:01 256000 ----a-w- C:WindowsPEV.exe

2012-05-10 00:43:01 208896 ----a-w- C:WindowsMBR.exe

2012-05-09 00:52:56 1423744 ----a-w- C:WindowsSystem32drivers cpip.sys

2012-05-08 01:34:07 -------- d-----w- C:Lop SD

2012-05-08 01:22:52 -------- d-----w- C:UsersBrittanyAppDataRoamingMalwarebytes

2012-05-08 01:22:36 -------- d-----w- C:ProgramDataMalwarebytes

2012-05-08 01:22:35 24904 ----a-w- C:WindowsSystem32driversmbam.sys

2012-05-08 01:22:35 -------- d-----w- C:Program Files (x86)Malwarebytes' Anti-Malware

2012-04-15 23:37:03 78848 ----a-w- C:WindowsSystem32imagehlp.dll

2012-04-15 23:37:03 5632 ----a-w- C:WindowsSystem32wmi.dll

2012-04-15 23:37:03 5120 ----a-w- C:WindowsSysWow64wmi.dll

2012-04-15 23:37:03 219136 ----a-w- C:WindowsSystem32wintrust.dll

2012-04-15 23:37:03 172032 ----a-w- C:WindowsSysWow64wintrust.dll

2012-04-15 23:37:03 16384 ----a-w- C:WindowsSystem32driversfs_rec.sys

2012-04-15 23:37:02 157696 ----a-w- C:WindowsSysWow64imagehlp.dll

.

==================== Find3M ====================

.

2012-04-03 08:22:15 4699520 ----a-w- C:WindowsSystem32ntoskrnl.exe

2012-04-02 13:59:51 2766848 ----a-w- C:WindowsSystem32win32k.sys

2012-03-20 23:34:30 72576 ----a-w- C:WindowsSystem32driverspartmgr.sys

2012-03-05 00:31:16 472808 ----a-w- C:WindowsSysWow64deployJava1.dll

2012-03-01 15:39:45 327680 ----a-w- C:WindowsSystem32d3d10_1core.dll

2012-03-01 15:39:45 196096 ----a-w- C:WindowsSystem32d3d10_1.dll

2012-03-01 14:46:01 219648 ----a-w- C:WindowsSysWow64d3d10_1core.dll

2012-03-01 14:46:01 160768 ----a-w- C:WindowsSysWow64d3d10_1.dll

2012-02-29 14:40:31 2002944 ----a-w- C:WindowsSystem32d3d10warp.dll

2012-02-29 14:09:35 834048 ----a-w- C:WindowsSystem32d2d1.dll

2012-02-29 14:08:47 1172480 ----a-w- C:WindowsSysWow64d3d10warp.dll

2012-02-29 14:06:08 1556480 ----a-w- C:WindowsSystem32DWrite.dll

2012-02-29 13:44:50 683008 ----a-w- C:WindowsSysWow64d2d1.dll

2012-02-29 13:41:40 1069056 ----a-w- C:WindowsSysWow64DWrite.dll

2012-02-28 06:56:48 2311168 ----a-w- C:WindowsSystem32jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:WindowsSystem32wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:WindowsSystem32inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:WindowsSystem32mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:WindowsSysWow64jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:WindowsSysWow64inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:WindowsSysWow64wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:WindowsSysWow64mshtml.tlb

.

============= FINISH: 18:17:32.70 ===============

 

 

Below is the Attach log you requested.

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: DeviceHarddiskVolume3

Install Date: 3/13/2009 2:42:44 AM

System Uptime: 5/12/2012 6:09:11 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0G848F

Processor: Intel® Core2 Duo CPU T6400 @ 2.00GHz | Microprocessor | 1200/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 283 GiB total, 167.902 GiB free.

E: is FIXED (NTFS) - 15 GiB total, 6.857 GiB free.

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

.

Update for Microsoft Office 2007 (KB2508958)

Acrobat.com

Adobe AIR

Adobe Creative Suite

Adobe Flash Player 11 ActiveX

Adobe Reader 9.5.0

Adobe SVG Viewer 3.0

Advanced Audio FX Engine

Apple Application Support

Apple Software Update

Bing Bar

BitTorrent

Canon Easy-WebPrint EX

Canon MP Navigator EX 3.0

Canon MP560 series User Registration

Canon Utilities Easy-PhotoPrint EX

Canon Utilities My Printer

Canon Utilities Solution Menu

Choice Guard

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Compatibility Pack for the 2007 Office system

Consumer In-Home Service Agreement

Coupon Printer for Windows

Cozi

Dell Getting Started Guide

Dell Webcam Central

DELL0604

EDocs

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Java Auto Updater

Java 6 Update 31

Junk Mail filter update

Live! Cam Avatar Creator

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Office Word Viewer 2003

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

MSVCRT

PowerDVD

QuickTime

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

TomTom HOME 2.8.2.2264

TomTom HOME Visual Studio Merge Modules

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition

Visual C++ 8.0 Runtime Setup Package (x64)

Visual Studio 2008 x64 Redistributables

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

.

==== Event Viewer Messages From Past Week ========

.

5/9/2012 7:58:13 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

5/8/2012 7:37:08 PM, Error: EventLog [6008] - The previous system shutdown at 7:35:05 PM on 5/8/2012 was unexpected.

5/12/2012 6:11:14 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep

5/12/2012 6:11:14 PM, Error: Service Control Manager [7000] - The Intel® PRO/1000 PCI Express Network Connection Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

5/12/2012 6:11:14 PM, Error: Service Control Manager [7000] - The Intel® PRO/1000 NDIS 6 Adapter Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

.

==== End Of File ===========================

 

 

Everything on the computer is running much better now. Thank you for you help again. Does everything look ok in the logs?

Share this post


Link to post
Share on other sites

Hello Slade2

 

Everything on the computer is running much better now

Good :)

 

Your latest logs appear to be clean, so provided you are no longer having any problems we can remove our tools:

  • Please Uninstall Combofix

  • Hold down the Windows key (has the Windows symbol on it) and press the "R" key.
  • A Run box will open.
  • Type combofix /uninstall in the run box and click "OK". Please note the space between the "x" and the "/Uninstall", it needs to be there.
  • Removal of Tools

    • You no longer need DDS or aswMBR. Please delete them from your machine
  • Your Adobe Reader is out of date

    • You can obtain the latest version of Adobe Reader from here, and the latest version of Flash Player from here.
    • For more information and links to Adobe updates and downloads click here.
    Once you have completed the above steps you should be good to go! If you have any further questions, please feel free to ask.
  • Finally, please take the time to read through the information provided below:

     

    Enhance your System Security

    • For an excellent list of free anti virus software, free online virus scanners, free spyware detection/removal and free firewalls, click here.
    • IMPORTANT! Please make sure you only have ONE firewall and ONE real-time antivirus installed on your system. When using "on demand" scanners, first update the detection signature files, then disconnect from the internet and disable your resident security program before running the scan.
    • Once complete, remember to re-engage your resident security before going online.
    Web Browsers and Browser Security

     

    Firefox

    • Firefox is generally considered to have greater browsing security in comparison to other popular programs. You can download Firefox 3.0 from here.
    No-Script

    • If you use Firefox as your default browser, No-Script can provide additional security by preventing malicious scripts from being executed on your system.
    • You can download No-Script by clicking here.
    Internet Explorer

    • The newest version of Internet Explorer is available from here.
    SpywareBlaster

    • If you use Internet Explorer as your default browser, SpywareBlaster would be a valuable addition to your online security.
    • SpywareBlaster prevents malicious ActiveX objects from being downloaded onto your system.
    • You can download SpywareBlaster by clicking here.
    Web of Trust

    • When using search engines, Web of Trust provides you with an easy way of telling the good sites from the bad and is compatible with both Firefox and Internet Explorer.
    • Coloured symbols are displayed next to search results, giving you more confidence in the links you choose to click on: Green (To go), Yellow (Caution) and Red (Stop).
    • You can download Web of Trust by clicking here.
    Keep your Software Updated

    • Outdated software can sometimes have vulnerabilities that are exploitable by malware.
    • Check if there are available updates for your installed software with Secunia's Online Software Inspector by clicking here.
    Passwords

    • Learn how to create strong passwords by clicking here and test the strength of the passwords you already use by clicking here.
    General Reading

    Learn How To Combat Malware

    • Would you like to learn how to fight back against malware and help others? Enroll at the What The Tech (Formerly Tom Coyotes) Malware Classroom by clicking here.

Share this post


Link to post
Share on other sites

Since this problem appears to be resolved this topic is now closed.

 

Glad we could help :)

 

Best wishes

JonTom

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

Click here to Read Amazon Reviews!



×