Inactive "Bad Image" pop up problem when opening programs and on start up

Paulo1913 · Dec 14, 2010

Hi guys,

I don't know much about computers but I have followed the instuctions to create a few logs from those programs mentioned in the 6 steps to getting rid of malware (I think this may be one) so I will post them on here so maybe someone can show me what to do to get rid of the annoying pop ups when I start programs.

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5309

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

14/12/2010 5:44:44 p.m.
mbam-log-2010-12-14 (17-44-44).txt

Scan type: Quick scan
Objects scanned: 134579
Time elapsed: 17 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-14 17:53:11
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543216L9A300 rev.FB2OC40C
Running: rxsv655l.exe; Driver: C:\Users\Paul\AppData\Local\Temp\kgtdapod.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

DDS (Ver_10-12-12.02) - NTFSx86
Run by Paul at 18:02:24.44 on Tue 14/12/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.64.1033.18.955.360 [GMT 13:00]

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Users\Paul\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Users\Paul\Documents\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.nz/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&s=2&o=vz32&d=0309&m=extensa_4230
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&s=2&o=vz32&d=0309&m=extensa_4230
uURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: RadioBar Toolbar: {5b291e6c-9a74-4034-971b-a4b007a0b315} - c:\program files\radiobar\toolbar.ni.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: RadioBar Toolbar: {5b291e6c-9a74-4034-971b-a4b007a0b315} - c:\program files\radiobar\toolbar.ni.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [eRecoveryService]
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
StartupFolder: c:\users\paul\appdata\roaming\micros~1\windows\startm~1\programs\startup\zooskm~1.lnk - c:\program files\zooskmessenger\ZooskMessenger.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_05\bin\npjpi150_05.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: toolbarchrome - {718733BC-AD64-4e5f-AC18-A85FBD75D54D} - c:\program files\radiobar\toolbar.ni.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2009-1-25 24576]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-24 144632]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-29 210432]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-1-25 93968]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-12 136176]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2009-1-25 3663360]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-24 50424]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-12-14 03:31:43 -------- d-----w- c:\program files\Clean Disk Security
2010-12-14 03:29:53 -------- d-----w- c:\program files\Disk Investigator
2010-12-13 23:06:36 -------- d-----w- c:\users\paul\appdata\roaming\Malwarebytes
2010-12-13 23:06:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-13 23:06:18 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-13 23:05:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-13 23:05:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-07 07:44:34 -------- d-----w- c:\users\paul\appdata\roaming\AVG10
2010-12-07 07:38:25 -------- d--h--w- c:\progra~2\Common Files
2010-12-07 07:35:43 -------- d-----w- c:\windows\system32\drivers\AVG
2010-12-07 07:35:43 -------- d-----w- c:\progra~2\AVG10
2010-12-07 04:38:28 -------- d-----w- c:\progra~2\MFAData
2010-11-29 02:43:22 -------- d-----w- c:\program files\vym
2010-11-23 18:54:00 7680 ----a-w- c:\program files\internet explorer\iecompat.dll

==================== Find3M ====================

============= FINISH: 18:07:27.69 ===============

Any help is much appreciated

Broni · Dec 14, 2010

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================================================

Attach.txt part of DDS is missing. Please, post it.

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Paulo1913 · Dec 14, 2010

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume2
Install Date: 24/03/2009 2:12:47 p.m.
System Uptime: 14/12/2010 6:27:27 p.m. (0 hours ago)

Motherboard: Acer | | Extensa 4230
Processor: Genuine Intel(R) CPU T1600 @ 1.66GHz | uPGA-478 | 1662/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 70 GiB total, 39.559 GiB free.
D: is FIXED (NTFS) - 70 GiB total, 69.201 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Terminal Server Device Redirector
Device ID: ROOT\RDPDR\0000
Manufacturer: (Standard system devices)
Name: Terminal Server Device Redirector
PNP Device ID: ROOT\RDPDR\0000
Service: rdpdr

==== System Restore Points ===================

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Acer Crystal Eye Webcam 2.0.8
Acer Empowering Technology
Acer ePower Management
Acer eRecovery Management
Acer GridVista
Acer Mobility Center Plug-In
Acer ScreenSaver
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9
Adobe Shockwave Player 11.5
AVG 2011
Broadcom Gigabit Integrated Controller
BufferChm
Business Contact Manager for Outlook 2007 SP2
Clean Disk Security 7.84
Compatibility Pack for the 2007 Office system
Copy
Debut Video Capture Software
Destinations
DeviceDiscovery
Disk Investigator 1.51
DJ_AIO_05_F4400_Software_Min
eSobi v2
F4400
Free Internet Eraser 3.0
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Google Earth
Google Update Helper
GPBaseService2
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet F4400 Printer Driver Software 13.0 Rel .5
HP Imaging Device Functions 13.0
HP Print Projects 1.0
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
hpWLPGInstaller
Intel(R) Graphics Media Accelerator Driver
J2SE Runtime Environment 5.0 Update 5
JMicron JMB38X Flash Media Controller
Junk Mail filter update
Launch Manager
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Small Business Connectivity Components
Microsoft Office Standard Edition 2003
Microsoft Office Suite Activation Assistant
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NTI Backup Now 5
NTI Backup Now Standard
NTI Shadow
OGA Notifier 2.0.0048.0
Power Challenge Game Plugin
RadioBar Toolbar
Realtek High Definition Audio Driver
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Skype Toolbars
Skype™ 4.2
SmartWebPrinting
SolutionCenter
Status
Synaptics Pointing Device Driver
Toolbox
TrayApp
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VYM (View Your Mind) 1.12.7 for Windows
WebLab ViewerPro
WebReg
WIDCOMM Bluetooth Software 6.0.1.6400
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer

==== End Of File ===========================

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Business Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Acer
System Manufacturer: Acer
System Product Name: Extensa 4230
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 153):
0x81E06000 \SystemRoot\system32\ntkrnlpa.exe
0x821BF000 \SystemRoot\system32\hal.dll
0x80408000 \SystemRoot\system32\kdcom.dll
0x8040F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047F000 \SystemRoot\system32\PSHED.dll
0x80490000 \SystemRoot\system32\BOOTVID.dll
0x80498000 \SystemRoot\system32\CLFS.SYS
0x804D9000 \SystemRoot\system32\CI.dll
0x8060B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80687000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80694000 \SystemRoot\system32\drivers\acpi.sys
0x806DA000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E3000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EB000 \SystemRoot\system32\drivers\pci.sys
0x80712000 \SystemRoot\System32\drivers\partmgr.sys
0x80721000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80724000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8072E000 \SystemRoot\system32\drivers\volmgr.sys
0x8073D000 \SystemRoot\System32\drivers\volmgrx.sys
0x80787000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x807B4000 \SystemRoot\System32\drivers\mountmgr.sys
0x807C4000 \SystemRoot\system32\drivers\atapi.sys
0x807CC000 \SystemRoot\system32\drivers\ataport.SYS
0x807EA000 \SystemRoot\system32\drivers\msahci.sys
0x805B9000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x805C7000 \SystemRoot\system32\drivers\fltmgr.sys
0x85E09000 \SystemRoot\system32\drivers\fileinfo.sys
0x85E19000 \SystemRoot\System32\Drivers\ksecdd.sys
0x85E8A000 \SystemRoot\system32\drivers\ndis.sys
0x85F95000 \SystemRoot\system32\drivers\msrpc.sys
0x85FC0000 \SystemRoot\system32\drivers\NETIO.SYS
0x86003000 \SystemRoot\System32\drivers\tcpip.sys
0x860ED000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x86209000 \SystemRoot\System32\Drivers\Ntfs.sys
0x86319000 \SystemRoot\system32\drivers\volsnap.sys
0x86352000 \SystemRoot\System32\Drivers\spldr.sys
0x8635A000 \SystemRoot\System32\Drivers\mup.sys
0x86369000 \SystemRoot\System32\drivers\ecache.sys
0x86390000 \SystemRoot\system32\drivers\disk.sys
0x863A1000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x863C2000 \SystemRoot\system32\drivers\crcdisk.sys
0x863CB000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x863D0000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x86108000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x86200000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x86113000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8A20C000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8A907000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8A9A8000 \SystemRoot\System32\drivers\watchdog.sys
0x8A9B4000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8A9BF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x86122000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x86131000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8AC0C000 \SystemRoot\system32\DRIVERS\athr.sys
0x8ACFB000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x8AD32000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x8AD49000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8AD6F000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8AD73000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8AD86000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8AD90000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8AD9B000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8ADCA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8ADCC000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8ADD7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8ADEF000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8ADF7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x861BE000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8AE0A000 \SystemRoot\system32\DRIVERS\storport.sys
0x8AE4B000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8AE56000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8AE6D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8AE78000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8AE9B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8AEAA000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8AEBE000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8AED3000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8AEE3000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8AEE5000 \SystemRoot\system32\DRIVERS\ks.sys
0x8AF0F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8AF19000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8AF26000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8AF5B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8B002000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8B228000 \SystemRoot\system32\drivers\portcls.sys
0x8B255000 \SystemRoot\system32\drivers\drmk.sys
0x8B27A000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8B2B8000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8B40C000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8B4C1000 \SystemRoot\system32\drivers\modem.sys
0x8B4CE000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x8B4DA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8B4E3000 \SystemRoot\System32\Drivers\Null.SYS
0x8B4EA000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B4F1000 \SystemRoot\System32\drivers\vga.sys
0x8B4FD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B51E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8B526000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B52E000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B539000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B547000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8B550000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8B566000 \SystemRoot\system32\DRIVERS\smb.sys
0x8B57A000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x8B5C2000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8AF6C000 \SystemRoot\system32\drivers\afd.sys
0x8B3BB000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8B3D1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8B3DF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8AFB4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8B5F4000 \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys
0x8B400000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8B60C000 \SystemRoot\system32\drivers\csc.sys
0x8B667000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8B67E000 \SystemRoot\System32\Drivers\dfsc.sys
0x8B695000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x8B6D1000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8B6F2000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B6FF000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8B70A000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x81620000 \SystemRoot\System32\win32k.sys
0x8B714000 \SystemRoot\System32\drivers\Dxapi.sys
0x8B71E000 \SystemRoot\system32\DRIVERS\monitor.sys
0x81840000 \SystemRoot\System32\TSDDD.dll
0x81860000 \SystemRoot\System32\cdd.dll
0x8B72D000 \SystemRoot\system32\drivers\luafv.sys
0x8B748000 \SystemRoot\system32\drivers\spsys.sys
0x8AFF0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA580C000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA5836000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA5840000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA5853000 \SystemRoot\system32\drivers\HTTP.sys
0xA58C0000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA58DD000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA58F6000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA590B000 \SystemRoot\system32\drivers\mrxdav.sys
0xA592C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA594B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA5984000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA599C000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA6607000 \SystemRoot\System32\DRIVERS\srv.sys
0xA6655000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xA6660000 \??\C:\Windows\system32\drivers\int15.sys
0xA6668000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA666C000 \SystemRoot\system32\drivers\peauth.sys
0xA674A000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA6754000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA6760000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA6768000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xA6772000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xA679A000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA67B0000 \??\C:\Users\Paul\AppData\Local\Temp\mbr.sys
0x76EB0000 \Windows\System32\ntdll.dll

Processes (total 83):
0 System Idle Process
4 System
452 C:\Windows\System32\smss.exe
484 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
700 csrss.exe
752 csrss.exe
760 C:\Windows\System32\wininit.exe
800 C:\Windows\System32\services.exe
812 C:\Windows\System32\lsass.exe
824 C:\Windows\System32\lsm.exe
892 C:\Windows\System32\winlogon.exe
1004 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\svchost.exe
1204 C:\Windows\System32\svchost.exe
1232 C:\Windows\System32\svchost.exe
1244 C:\Windows\System32\svchost.exe
1308 C:\Windows\System32\audiodg.exe
1328 C:\Windows\System32\svchost.exe
1368 C:\Windows\System32\SLsvc.exe
1412 C:\Windows\System32\svchost.exe
1552 C:\Windows\System32\svchost.exe
1724 C:\Windows\System32\spoolsv.exe
1748 C:\Windows\System32\svchost.exe
1956 C:\Program Files\AVG\AVG10\avgwdsvc.exe
1984 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
2000 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
468 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
1456 C:\Windows\System32\svchost.exe
1836 C:\ACER\Mobility Center\MobilityService.exe
1060 C:\Windows\System32\svchost.exe
2084 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2336 C:\Program Files\AVG\AVG10\avgnsx.exe
2388 C:\Program Files\AVG\AVG10\avgemcx.exe
2464 C:\Windows\System32\taskeng.exe
2472 C:\Windows\System32\svchost.exe
2552 C:\Windows\System32\svchost.exe
2572 C:\Windows\System32\taskeng.exe
2868 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2884 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2964 C:\Windows\System32\svchost.exe
3008 C:\Windows\System32\svchost.exe
3048 C:\Windows\System32\SearchIndexer.exe
3188 C:\Windows\System32\drivers\XAudio.exe
3284 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
3460 C:\Windows\System32\dwm.exe
3488 C:\Windows\explorer.exe
3800 WmiPrvSE.exe
3912 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
3980 C:\Windows\System32\hkcmd.exe
4052 C:\Windows\System32\igfxpers.exe
1000 C:\Windows\PLFSetI.exe
2440 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2312 C:\Program Files\Internet Explorer\iexplore.exe
464 C:\Program Files\Launch Manager\LManager.exe
2060 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
1968 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
912 C:\Program Files\AVG\AVG10\avgtray.exe
2044 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
3300 C:\Program Files\Internet Explorer\iexplore.exe
2372 C:\Windows\System32\igfxsrvc.exe
2820 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
2272 C:\Windows\System32\igfxext.exe
276 C:\Windows\System32\igfxsrvc.exe
3832 C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
3080 C:\Windows\System32\wbem\unsecapp.exe
2984 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
3216 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
4036 C:\Users\Paul\AppData\Local\Temp\RtkBtMnt.exe
4156 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
4516 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
4716 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5976 C:\Windows\System32\wuauclt.exe
5056 C:\Windows\System32\conime.exe
4444 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
344 C:\Program Files\AVG\AVG10\avgcsrvx.exe
5512 C:\Windows\System32\notepad.exe
4148 C:\Windows\System32\VSSVC.exe
5416 C:\Windows\System32\svchost.exe
4120 C:\Windows\System32\notepad.exe
268 C:\Program Files\Internet Explorer\iexplore.exe
5768 C:\Windows\System32\SearchProtocolHost.exe
3976 C:\Windows\System32\SearchFilterHost.exe
5140 C:\Users\Paul\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000013`e1d00000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS543216L9A300, Rev: FB2OC40C

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Acer MBR code detected
SHA1: 12ADB8D1AD8327A4A2FA5865BC87234485F25003

Done!

Is that all you need?

Broni · Dec 14, 2010

I still need Combofix log...

Paulo1913 · Dec 14, 2010

ComboFix 10-12-13.02 - Paul 14/12/2010 20:13:57.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.64.1033.18.955.141 [GMT 13:00]
Running from: c:\users\Paul\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Paul\AppData\Roaming\.#
c:\users\Paul\AppData\Roaming\.#\MBX@14C8@1AE1ED0.###
c:\users\Paul\AppData\Roaming\.#\MBX@5F8@E81ED0.###
c:\users\Paul\avira_antivir_personal_en.exe
c:\users\Paul\powersetup.exe
c:\windows\system32\system

.
((((((((((((((((((((((((( Files Created from 2010-11-14 to 2010-12-14 )))))))))))))))))))))))))))))))
.

2010-12-14 07:33 . 2010-12-14 07:34 -------- d-----w- c:\users\Paul\AppData\Local\temp
2010-12-14 07:33 . 2010-12-14 07:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-14 03:31 . 2010-12-14 03:32 -------- d-----w- c:\program files\Clean Disk Security
2010-12-14 03:29 . 2010-12-14 03:29 -------- d-----w- c:\program files\Disk Investigator
2010-12-13 23:06 . 2010-12-13 23:06 -------- d-----w- c:\users\Paul\AppData\Roaming\Malwarebytes
2010-12-13 23:06 . 2010-11-29 04:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-13 23:06 . 2010-12-13 23:06 -------- d-----w- c:\programdata\Malwarebytes
2010-12-13 23:05 . 2010-12-13 23:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-13 23:05 . 2010-11-29 04:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-07 07:44 . 2010-12-07 07:44 -------- d-----w- c:\users\Paul\AppData\Roaming\AVG10
2010-12-07 07:38 . 2010-12-07 07:38 -------- d--h--w- c:\programdata\Common Files
2010-12-07 04:38 . 2010-12-07 06:01 -------- d-----w- c:\programdata\MFAData
2010-11-29 02:43 . 2010-11-29 02:43 -------- d-----w- c:\program files\vym
2010-11-23 18:54 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5B291E6C-9A74-4034-971B-A4B007A0B315}]
2010-01-11 00:18 451808 ----a-w- c:\program files\RadioBar\toolbar.ni.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5B291E6C-9A74-4034-971B-A4B007A0B315}"= "c:\program files\RadioBar\toolbar.ni.dll" [2010-01-11 451808]

[HKEY_CLASSES_ROOT\clsid\{5b291e6c-9a74-4034-971b-a4b007a0b315}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{810FCC0F-2CA3-414a-B8C8-550910C8B664}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5B291E6C-9A74-4034-971B-A4B007A0B315}"= "c:\program files\RadioBar\toolbar.ni.dll" [2010-01-11 451808]

[HKEY_CLASSES_ROOT\clsid\{5b291e6c-9a74-4034-971b-a4b007a0b315}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{810FCC0F-2CA3-414a-B8C8-550910C8B664}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-19 6703648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-05 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-05 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-05 154136]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-02 850440]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-11-28 417792]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-12-19 1833504]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-24 727592]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 136176]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-05-20 3663360]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-11-28 24576]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-05-30 93968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 09:08]

2010-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 09:08]

2010-05-30 c:\windows\Tasks\Install.job
- c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2010-05-30 03:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.nz/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&s=2&o=vz32&d=0309&m=extensa_4230
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
Handler: toolbarchrome - {718733BC-AD64-4e5f-AC18-A85FBD75D54D} - c:\program files\RadioBar\toolbar.ni.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-eRecoveryService - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-14 20:34
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-12-14 20:37:01
ComboFix-quarantined-files.txt 2010-12-14 07:36

Pre-Run: 42,894,766,080 bytes free
Post-Run: 42,852,560,896 bytes free

- - End Of File - - 2B79C1BCC68C9D21266B90DF5F8212BF

Broni · Dec 14, 2010

Combofix log looks clean now

How are the issues?

You can reinstall your AV program now.

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Paulo1913 · Dec 14, 2010

Everything is sorted the pop ups have stopped

Thank you very much for your help

Broni · Dec 14, 2010

You're very welcome

We still need to finish cleaning process.

Please post OTL logs.

Inactive "Bad Image" pop up problem when opening programs and on start up

Paulo1913

Broni

Posts: 56,041 +516

Paulo1913

Broni

Posts: 56,041 +516

Paulo1913

Broni

Posts: 56,041 +516

Paulo1913

Broni

Posts: 56,041 +516

Similar threads

Latest posts