Inactive "Bad image" Windows box says - the application or dll is not a valid windows image

Status
Not open for further replies.

snowscreen

Posts: 19   +0
Hi,
Problem has just came on today out of nowhere...
It's an old HP desktop PC, 1gb ram, Windows XP SP 2

AVG doesn't find anything and malwarebytes only found a little adware.

It's my otherhalfs parents PC who have been away so i've been using it to check his emails/run his business. PC was fine yesterday but on turning it on today I was greeted by the dialog box saying - "the application or dll is not a valid windows image. please check this against your installation diskette"

This happens with each program I open, it happens on the windows start up screen a couple of times when selecting which user to log in as, then comes up alot when the PC has started up


I've noticed in msconfig that there is 2 odd looking entries, If I uncheck them and restart, when I go back into msconfig they are back again and checked

'Start Item' and 'Command' heading = load of oriental characters
(2 lines with 2 squares, 2 lines with 6 squares, Start + Command are the same on each line)
Under 'Location' heading;
HKCU\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\Windows:Run
HKCU\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\Windows:Load



I've followed the 8 step removal guidelines so please could someone view my logs below, be greatly appreciated





*****

MalwareBytes Log:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5214

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

03/12/2010 23:10:14
mbam-log-2010-12-03 (23-10-14).txt

Scan type: Quick scan
Objects scanned: 176282
Time elapsed: 2 hour(s), 6 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 18
Files Infected: 34

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\Nicola\application data\starware368 (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\browsersearch (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Button_6 (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Button_7 (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Button_8 (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\configurator (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Download (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\errorsearch (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Lyrics (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Manager (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\music_search (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Radio_UK (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\relatedsearch (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\toolbarlogo (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\toolbarsearch (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\travelsearch (Adware.Starware) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\Nicola\application data\starware368\browsersearch\browsersearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\browsersearch\browsersearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Button_6\button_6options.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Button_6\button_6options.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Button_7\button_7options.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Button_7\button_7options.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Button_8\button_8options.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Button_8\button_8options.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\configurator\configurator.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\configurator\configurator.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Download\downloadoptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Download\downloadoptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\errorsearch\errorsearchoptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\errorsearch\errorsearchoptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Layouts\toolbarlayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Layouts\toolbarlayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Lyrics\lyricsoptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Lyrics\lyricsoptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Manager\manageroptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Manager\manageroptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\music_search\music_searchoptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\music_search\music_searchoptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Radio_UK\radio_ukoptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Radio_UK\radio_ukoptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\relatedsearch\relatedsearchoptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\relatedsearch\relatedsearchoptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Toolbar\tbproductsoptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Toolbar\tbproductsoptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\toolbarlogo\toolbarlogooptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\toolbarlogo\toolbarlogooptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\toolbarsearch\toolbarsearchoptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\toolbarsearch\toolbarsearchoptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\travelsearch\travelsearchoptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\travelsearch\travelsearchoptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.



GMER LOG *******


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-04 00:20:19
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST380011A rev.3.08
Running: GMER.exe; Driver: C:\DOCUME~1\Keith\LOCALS~1\Temp\pwdyypob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----






****
DDS.txt

DDS (Ver_10-11-27.01) - NTFSx86
Run by Keith at 0:22:57.81 on 04/12/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1015.361 [GMT 0:00]

AV: AVG Anti-Virus Free Edition 2011 *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\C0130Mon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Keith\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = bt.yahoo.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://uk.yahoo.com/?fr=fp-yie8
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uSearchAssistant =
mSearchAssistant =
uURLSearchHooks: H - No File
uURLSearchHooks: BT Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program

files\yahoo!\companion\installs\cpn5\yt.dll
mURLSearchHooks: BT Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program

files\yahoo!\companion\installs\cpn5\yt.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program

files\avg\avg10\toolbar\IEToolbar.dll
uWindows: load=U??
?, ?
uWindows: Run=U??
?, ?
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: {96fd54c8-037e-4586-a8ff-3e71cb1e3800} - No File
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: {D3CD283D-58AA-4FD8-93C9-BDEB288398EE} - No File
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program

files\yahoo!\companion\installs\cpn5\YTSingleInstance.dll
TB: BT Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {2D51D869-C36B-42BD-AE68-0A81BC771FA5} - No File
EB: BT Yahoo! Sidebar: {51085e3d-a958-42a2-a6be-a6a9b0baf276} - c:\program files\yahoo!\browser\ysidebarIE.dll
uRun: [Creative Live! Cam Manager] "c:\program files\creative\creative live! cam\live! cam manager\CTLCMgr.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [C0130Mon.exe] c:\windows\C0130Mon.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program

files\java\jre1.6.0_01\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/haphazard/raptisoftgameloader.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} -

hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://niknak694.spaces.msn.com//PhotoUpload/MsnPUpld.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129224412609
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} -

hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} -

hxxp://msnuk.oberon-media.com/online2/MSN_INTL_UK/diner_dash/DinerDash.1.0.0.80.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: geBrppNg - geBrppNg.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: suvauk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\nnnlkIby
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe

c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet

explorer\clrtour.inf,DefaultInstall.ResetTour,,12

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-5-7 92008]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 Bonifay;Bonifay;c:\windows\system32\drivers\Bonifay.sys [2007-5-13 12160]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2008-5-20 31616]
R3 VC0130Afx;VC130 Audio FX;c:\windows\system32\drivers\C0130Afx.sys [2008-5-20 142656]
R3 VC0130Aud;VC0130 Audio;c:\windows\system32\drivers\C0130Aud.sys [2008-5-20 94976]
R3 VC0130Dev;Live! Cam Notebook Ultra;c:\windows\system32\drivers\C0130Vid.sys [2008-5-20 690528]
R3 VC0130Vfx;VC0130 Video FX;c:\windows\system32\drivers\C0130Vfx.sys [2008-5-20 6912]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-8 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-20

517448]
S3 Gonzales;Gonzales;c:\windows\system32\drivers\Gonzales.sys [2007-5-13 7040]

=============== Created Last 30 ================

2010-12-03 20:27:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\UAB
2010-12-03 20:26:50 -------- d-----w- c:\docume~1\keith\locals~1\applic~1\PC_Drivers_Headquarters
2010-12-03 20:26:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\Driver Mender
2010-12-03 20:22:12 -------- d-----w- c:\program files\Driver Mender
2010-12-03 18:08:08 20 ----a-w- c:\windows\system32\SUVAUK.DLL

==================== Find3M ====================


============= FINISH: 0:24:45.75 ===============





***
attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-27.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 09/10/2005 19:43:38
System Uptime: 12/04/2010 00:14:36 (5664 hours ago)

Motherboard: | | P4i65G
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | mPGA478 | 2999/200mhz
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | mPGA478 | 2999/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 50.298 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1308: 06/09/2010 07:23:01 - System Checkpoint
RP1309: 07/09/2010 08:37:30 - System Checkpoint
RP1310: 08/09/2010 08:39:37 - System Checkpoint
RP1311: 09/09/2010 08:56:39 - Avg Update
RP1312: 10/09/2010 10:42:43 - System Checkpoint
RP1313: 13/09/2010 11:24:29 - System Checkpoint
RP1314: 14/09/2010 12:04:46 - System Checkpoint
RP1315: 15/09/2010 12:51:18 - System Checkpoint
RP1316: 15/09/2010 20:50:14 - Software Distribution Service 3.0
RP1317: 17/09/2010 07:35:33 - System Checkpoint
RP1318: 18/09/2010 17:18:51 - System Checkpoint
RP1319: 19/09/2010 18:14:00 - System Checkpoint
RP1320: 21/09/2010 08:33:07 - System Checkpoint
RP1321: 22/09/2010 16:33:37 - System Checkpoint
RP1322: 23/09/2010 11:39:55 - Avg Update
RP1323: 23/09/2010 11:42:06 - Avg Update
RP1324: 24/09/2010 12:04:16 - System Checkpoint
RP1325: 29/09/2010 10:53:20 - System Checkpoint
RP1326: 30/09/2010 12:04:10 - System Checkpoint
RP1327: 01/10/2010 17:41:22 - System Checkpoint
RP1328: 03/10/2010 15:02:23 - System Checkpoint
RP1329: 04/10/2010 15:20:30 - System Checkpoint
RP1330: 05/10/2010 08:14:25 - Avg Update
RP1331: 06/10/2010 09:51:16 - System Checkpoint
RP1332: 07/10/2010 16:57:05 - System Checkpoint
RP1333: 08/10/2010 16:59:55 - System Checkpoint
RP1334: 10/10/2010 09:35:18 - System Checkpoint
RP1335: 11/10/2010 10:01:59 - System Checkpoint
RP1336: 12/10/2010 12:19:16 - System Checkpoint
RP1337: 13/10/2010 13:34:46 - System Checkpoint
RP1338: 14/10/2010 10:26:21 - Software Distribution Service 3.0
RP1339: 17/10/2010 13:30:21 - System Checkpoint
RP1340: 18/10/2010 18:23:48 - System Checkpoint
RP1341: 20/10/2010 08:27:23 - System Checkpoint
RP1342: 20/10/2010 09:58:10 - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP1343: 20/10/2010 09:59:33 - Installed AVG 2011
RP1344: 20/10/2010 10:04:02 - Removed AVG 2011
RP1345: 20/10/2010 10:09:32 - Removed AVG Free 9.0
RP1346: 20/10/2010 11:02:07 - Installed AVG Free 9.0
RP1347: 20/10/2010 11:29:35 - Installed AVG 2011
RP1348: 20/10/2010 11:31:30 - Installed AVG 2011
RP1349: 25/10/2010 07:51:50 - System Checkpoint
RP1350: 26/10/2010 10:47:43 - System Checkpoint
RP1351: 27/10/2010 13:16:30 - System Checkpoint
RP1352: 28/10/2010 13:39:15 - System Checkpoint
RP1353: 31/10/2010 08:53:08 - System Checkpoint
RP1354: 01/11/2010 11:38:03 - System Checkpoint
RP1355: 03/11/2010 07:36:29 - System Checkpoint
RP1356: 04/11/2010 13:07:19 - System Checkpoint
RP1357: 05/11/2010 13:39:17 - System Checkpoint
RP1358: 09/11/2010 19:04:31 - System Checkpoint
RP1359: 10/11/2010 08:40:33 - Software Distribution Service 3.0
RP1360: 12/11/2010 14:00:01 - System Checkpoint
RP1361: 17/11/2010 21:14:33 - System Checkpoint
RP1362: 19/11/2010 18:08:39 - System Checkpoint
RP1363: 21/11/2010 12:46:57 - System Checkpoint
RP1364: 23/11/2010 19:04:38 - System Checkpoint
RP1365: 24/11/2010 19:06:10 - System Checkpoint
RP1366: 28/11/2010 15:46:38 - System Checkpoint
RP1367: 29/11/2010 18:08:40 - System Checkpoint
RP1368: 30/11/2010 18:55:05 - System Checkpoint
RP1369: 01/12/2010 19:59:29 - System Checkpoint
RP1370: 03/12/2010 19:33:56 - System Checkpoint
RP1371: 03/12/2010 20:22:09 - Installed Driver Mender.

==== Installed Programs ======================

360Share Pro(remove only)
Adobe Acrobat 5.0
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe® Photoshop® Album Starter Edition 3.2
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoBase
ArcSoft PhotoImpression 5
ArcSoft PhotoStudio 2000
AVG 2011
AVG PC Tuneup 2011
Bluetooth Stack for Windows by Technika
Bonjour
BT Broadband Desktop Help
BT Yahoo! Applications
BTHomeHub
BTTotalBroadband210
C-Media 3D Audio
Canon ScanGear Toolbox 3.1
CCleaner
Creative Jukebox Driver
Creative Live! Cam Center
Creative Live! Cam Doodling
Creative Live! Cam FX Creator
Creative Live! Cam Manager
Creative Live! Cam Notebook Ultra Driver (1.03.03.00)
Creative Live! Cam Notebook Ultra User's Guide (English)
Creative MediaSource
Creative Photo Manager
Creative Removable Disk Manager
Creative Software AutoUpdate
Creative System Information
Creative Zen Micro
Critical Update for Windows Media Player 11 (KB959772)
Driver Mender
EAF
FinePix Studio
FinePixViewer Resource
FinePixViewer Ver.5.4
Freecom Backup Software 1.15
Freecom Personal Media Suite 2.24
FrostWire 4.13.5
FUJIFILM USB Driver
Google Earth
Google Update Helper
GoToAssist Corporate
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics 2 Driver
iPod for Windows 2005-09-23
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 9
Java(TM) SE Runtime Environment 6 Update 1
LaserJet 1018
LightScribe 1.4.136.1
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.2
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MobileMe Control Panel
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
muveeNow 2.0 - Creative
Nero - Burning Rom
Nero 7 Essentials
OLYMPUS CAMEDIA Master 4.1
OmniPage Pro 9.0
OutlookSpy
Picasa 2
PowerDVD
QuickTime
Safari
Sage Accounts V11.01
Sage MIS 3.01
SageAcc
Scan Manager 5.2
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
SightSpeed (remove only)
Skype™ 4.2
TomTom HOME 2.7.4.1962
TomTom HOME Visual Studio Merge Modules
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VoiceOver Kit
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinZip 14.5
Yahoo! Software Update

==== Event Viewer Messages From Past Week ========

04/12/2010 00:16:41, error: System Error [1003] - Error code 1000007f, parameter1 0000000d, parameter2

00000000, parameter3 00000000, parameter4 00000000.
04/12/2010 00:00:11, error: Service Control Manager [7034] - The Yahoo! Updater service terminated

unexpectedly. It has done this 1 time(s).
04/12/2010 00:00:11, error: Service Control Manager [7034] - The TomTomHOMEService service terminated

unexpectedly. It has done this 1 time(s).
04/12/2010 00:00:11, error: Service Control Manager [7034] - The McciCMService service terminated

unexpectedly. It has done this 1 time(s).
04/12/2010 00:00:11, error: Service Control Manager [7034] - The Creative Service for CDROM Access

service terminated unexpectedly. It has done this 1 time(s).
04/12/2010 00:00:11, error: Service Control Manager [7034] - The Bonjour Service service terminated

unexpectedly. It has done this 1 time(s).
04/12/2010 00:00:11, error: Service Control Manager [7031] - The Apple Mobile Device service

terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in

60000 milliseconds: Restart the service.
03/12/2010 23:13:21, error: Service Control Manager [7026] - The following boot-start or system-start

driver(s) failed to load: IntelIde
02/12/2010 07:38:03, error: Service Control Manager [7023] - The HID Input Service service terminated

with the following error: The specified module could not be found.
02/12/2010 07:38:03, error: Service Control Manager [7000] - The Parallel port driver service failed

to start due to the following error: The service cannot be started, either because it is disabled or

because it has no enabled devices associated with it.

==== End Of File ===========================






Thanks
 
Welcome aboard
yahooo.gif


Please, disable "word wrap" in Notepad, because your logs are hard to read.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Hi Broni
Thanks very much for giving help

word wrap now off, sorry about that, let me know if you need logs ran again and re-posted.

Having a problem getting CombiFix to run and I believe i've tried everything above...


I had AVG free 2010 installed, think that was the one. I used the AVG remover tool to get rid of this, it ran fine and removed it, I've ran it a few times now to make sure its all gone.

Tried to then run Combifix, said it cant run with AVG installed. I downloaded combifix again but named it something else when downloading, again the same problem when trying to start it.

I then downloaded rkill and ran that in safemode followed by the renamed combifix, same problems each time, cant run with avg installed.


What would you suggest?



NOTE
(also, on starting the PC this time the bad image error hasn't came up... not at start up and not when i've been opening folders/programs) strange, will restart again and see if it does it.... restarted, not had a bad image error just yet.

When I started up and came into windows I did still get the -
Could not load or run (theres two squares here)( 2nd error message has 4 squares) specified in the registry. make sure the file exists on your computer or remove the reference to it in the registry

this will be these which I'm guessing is related to my bad image problem.. which currently has stopped

Is it easy to stop this registry message, unchecking the items does not work as after start up they are checked again


'Start Item' and 'Command' heading = load of oriental characters
(2 lines with 2 squares, 2 lines with 6 squares, Start + Command are the same on each line)
Under 'Location' heading;
HKCU\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\Windows:Run
HKCU\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\Windows:Load






anyway back to AVG, can you help me on getting combifix to run


The Rkill log was
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 04/12/2010 at 6:32:33.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:



Rkill completed on 04/12/2010 at 6:32:39.
 
Let's see where AVG is hiding....

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Status
Not open for further replies.
Back