Solved Bad image error problem
- Thread starter nbk7pos
- Start date
- Status
Everytime I open a new application (internet, control panel, anything) I receive a bad image error popup. When it first appeared I only saw it with internet explorer but now as I turn on the computer I recieve about 5-6 error messages before windows starts. I tried to install AVG but it will not load correctly and fails installation kicking out more error messages.
Bobbye
Posts: 16,313 +36
Boot into Safe Mode
Follow the directions and screen shots here: http://www.netsquirrel.com/msconfig/msconfig_vista.html
Once you have accessed the msconfig utility, choose Selective Startup then Startup tab
Uncheck each of the following and any related processes> see notes:
AVG
ParetoLogic PC Health Advisor
Uniblue RegistryBooster
Hijackthis 1.99.1
Java
Click on Apply> OK> Reboot into Normal Mode> Close the nag message after checking 'don't show this message again.' Stay in Selective Startup.
Some notes:
1. Antivirus: you have Microsoft Windows OneCare Live AntiSpyware and AntiVirus installed.You have some processes for AVG running. Decide if you want #1 or #2 for the AV and remove the other.
3. Registry cleaners:
Please disable the Uniblue RegistryBooster. We don't recommend Registry cleaners and it's important that it does not run and/or make Registry changes while I'm helping you.
About ParetoLogic PC Health Advisor. Their hype:
4. Hijackthis 1.99.1 is outdated. Please remove it. I will have you download the current version later.
5. You have Java(TM) 6 Update 7. The current version is v6u20. Update the Java. The old version is a vulnerability. Check this site .Java Updates . Uninstall any earlier versions in Add/Remove Programs.
===================================
See if this makes any difference to what you can do in the system.
If it does not. Please run this and see if there is an Error corresponding to the times you're getting this message:
Please download VEW and save it to your Desktop:
Setting up the program
Double-click VEW.exe to run.
- Restart your computer and start pressing the F8 key on your keyboard.
- Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
Follow the directions and screen shots here: http://www.netsquirrel.com/msconfig/msconfig_vista.html
Once you have accessed the msconfig utility, choose Selective Startup then Startup tab
Uncheck each of the following and any related processes> see notes:
AVG
ParetoLogic PC Health Advisor
Uniblue RegistryBooster
Hijackthis 1.99.1
Java
Click on Apply> OK> Reboot into Normal Mode> Close the nag message after checking 'don't show this message again.' Stay in Selective Startup.
Some notes:
1. Antivirus: you have Microsoft Windows OneCare Live AntiSpyware and AntiVirus installed.You have some processes for AVG running. Decide if you want #1 or #2 for the AV and remove the other.
3. Registry cleaners:
Please disable the Uniblue RegistryBooster. We don't recommend Registry cleaners and it's important that it does not run and/or make Registry changes while I'm helping you.
About ParetoLogic PC Health Advisor. Their hype:
I guarantee you that using this will cause system problems. Hopefully you're still using the trial because I recommend you uninstall it now.
4. Hijackthis 1.99.1 is outdated. Please remove it. I will have you download the current version later.
5. You have Java(TM) 6 Update 7. The current version is v6u20. Update the Java. The old version is a vulnerability. Check this site .Java Updates . Uninstall any earlier versions in Add/Remove Programs.
===================================
See if this makes any difference to what you can do in the system.
If it does not. Please run this and see if there is an Error corresponding to the times you're getting this message:
Please download VEW and save it to your Desktop:
Setting up the program
Double-click VEW.exe to run.
Select log to query, select- Application
- System
Under Select type to list, select: - Critical (Vista only)
- Error
Click the radio button for Number of events - Type 20 in the 1 to 20 box
- Then click the Run button.
- Notepad will open with the output log.
Load the log - In Notepad, click Edit> Select all
- Then press Edit > Copy
- Press Ctrl+V on your keyboard to paste the log to your next reply.
Bobbye
Posts: 16,313 +36
One more thought:
ATI Catalyst Control Center™:
What are the system requirements for the ATI Catalyst™ Control Center?
There are also many reported problems from Catalyst users for the atikmdag.sys. It is noted in your logs that this driver may have a problem.
Hardware isn't my things, so bear with me if this shows my ignorance!
ATI Catalyst Control Center™:
What are the system requirements for the ATI Catalyst™ Control Center?
Your Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
There are also many reported problems from Catalyst users for the atikmdag.sys. It is noted in your logs that this driver may have a problem.
Hardware isn't my things, so bear with me if this shows my ignorance!
I removed:
ParetoLogic PC Health Advisor
Uniblue RegistryBooster
Hijackthis 1.99.
ATI Catalyst™ Control Center
AVG
Within "msconfig" I unchecked all startup processes
I updated java per your request above
I downloaded VEW but when I hit "run" I get the following error:
Run-time error '75':
Path/file access error
Anythoughts of how to fix VEW?
ParetoLogic PC Health Advisor
Uniblue RegistryBooster
Hijackthis 1.99.
ATI Catalyst™ Control Center
AVG
Within "msconfig" I unchecked all startup processes
I updated java per your request above
I downloaded VEW but when I hit "run" I get the following error:
Run-time error '75':
Path/file access error
Anythoughts of how to fix VEW?
Bobbye
Posts: 16,313 +36
VEW link:http://images.malwareremoval.com/vino/VEW.exe
Is that what you're using? Download and save to the desktop. Don't try to run it from the download.
Is that what you're using? Download and save to the desktop. Don't try to run it from the download.
I appologize for the late reply. I had to go out of town and am just now getting a chance to reply.
I still receive the bad image error any time I open a application.
For example when I try to open internet explorer I get the folowing:
"Iexplore.exe - Bad Image
C:\Progra~1\google\GOOGLE~3\GOEC62~1.DLL is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support."
I tried to reinstall google but nothing changed.
I still receive the bad image error any time I open a application.
For example when I try to open internet explorer I get the folowing:
"Iexplore.exe - Bad Image
C:\Progra~1\google\GOOGLE~3\GOEC62~1.DLL is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support."
I tried to reinstall google but nothing changed.
Bobbye
Posts: 16,313 +36
Thanks for the example. It appears that Google added a BHO to their at some point. This has caused problems, so I'll have you remove the entries and see if that helps: Can't believe I got this far and haven't had you run Combofix yet! I have the script all written to run:
Please download ComboFix from Here and save to your Desktop.
Note: Make sure you re-enable your security programs, when you're done with Combofix..
=====================================
After you have run Combofix, reboot the machine and go on to this:
Custom CFScript
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it will produce a log for you at C:\ComboFix.txt . Please attach to your next reply.
====================
Then Download the HijackThis Installer HERE and save to the desktop:
NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
The Bad Image error should be gone after the script, but if there are any entries left, I'll see them in the HJT log and have you remove them-wait until I instruct you before doing anything with this log.
Please download ComboFix from Here and save to your Desktop.
[1]. Do NOT rename Combofix unless instructed.
[2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3].Close any open browsers.
[4]. Double click combofix.exe & follow the prompts to run.- NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
[5]. If Combofix asks you to install Recovery Console, please allow it.
[6]. If Combofix asks you to update the program, always allow. - Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
[7]. A report will be generated after the scan. Please post the C:\ComboFix.txt in next reply.
Note: Make sure you re-enable your security programs, when you're done with Combofix..
=====================================
After you have run Combofix, reboot the machine and go on to this:
Custom CFScript
[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad and copy/paste the text in the code below into it:
Code:
File::
Folder::
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4D91-8333-CF10577473F7}\TypeLib]
DDS::
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
Driver::Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it will produce a log for you at C:\ComboFix.txt . Please attach to your next reply.
====================
Then Download the HijackThis Installer HERE and save to the desktop:
- Double-click on HJTInstall.exe to run the program.
- By default it will install to C:\Program Files\Trend Micro\HijackThis.
- Accept the license agreement by clicking the "I Accept" button.
- Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
- Click "Save log" to save the log file and then the log will open in notepad.
- Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
- Come back here to this thread and paste (Ctrl+V) the log in your next reply.
NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
The Bad Image error should be gone after the script, but if there are any entries left, I'll see them in the HJT log and have you remove them-wait until I instruct you before doing anything with this log.
Bobbye
Posts: 16,313 +36
You're welcome. I'd like to finish up with the Combofix log that was created after the script and the log from HijackThis. Sometimes a particular problem may be resolve, but that is not an indication that there is no more malware on this system.
The I will have you remove the cleaning tools and the logs they created. However, if you do not want to finish up, I can close the thread.
The I will have you remove the cleaning tools and the logs they created. However, if you do not want to finish up, I can close the thread.
Let me know if there is anything that looks bad.
Thanks
Combofix attachments:
View attachment combofix results.txt
View attachment combofix with script.txt
HIJACHTHIS LOG:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:28:14 PM, on 09/07/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wermgr.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} (FBootloaderAX) - http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1ca55e42ae09450) (gupdate1ca55e42ae09450) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
--
End of file - 6945 bytes
Thanks
Combofix attachments:
View attachment combofix results.txt
View attachment combofix with script.txt
HIJACHTHIS LOG:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:28:14 PM, on 09/07/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wermgr.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} (FBootloaderAX) - http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1ca55e42ae09450) (gupdate1ca55e42ae09450) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
--
End of file - 6945 bytes
Bobbye
Posts: 16,313 +36
Looks good! If the problems have been resolved, Removing all of the tools we used and the files and folders they created
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
Empty the Recycle Bin
Let me know if I can be of anymore help.
- Uninstall ComboFix and all Backups of the files it deleted
- Click START> then RUN
- Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
- Download OTCleanIt by OldTimer and save it to your Desktop.
- Double click OTCleanIt.exe.
- Click the CleanUp! button.
- If you are prompted to Reboot during the cleanup, select Yes.
- The tool will delete itself once it finishes.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
- You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
- Go to Start > All Programs > Accessories > System Tools
- Click "System Restore".
- Choose "Create a Restore Point" on the first screen then click "Next".
- Give the Restore Point a name> click "Create".
- Go back and follow the path to > System Tools.
[*]Choose Disc Cleanup
[*]Click "OK" to select the partition or drive you want.
[*]Click the "More Options" Tab.
[*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.
Empty the Recycle Bin
Let me know if I can be of anymore help.
- Status
Similar threads
