Help
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
This topic is locked
"C:\PROGRA-1\Google\GOOGLE-3\GO36F4-1.DLL is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support."
This happens anytime a new program or service is started (I see one right before I enter my login password, at least 10 of these once I have logged on). However, except for the annoying pop ups, the computer and whatever I try to run (so far, anyway) works normally. The program I am trying to open runs once the pop up is closed. AVG and sfc have found nothing (The file name being mentioned makes me suspect some form of malware that AVG can't catch), and I'm open to suggestions.
I'd like to send whatever this is packing, and a big thank you in advance to whoever can point me in the right direction.
Here are my DDS (I saw at least 50 of those "Bad Image" errors during the DDS scan, which was otherwise successfully completed) and GMER logs, in that order: (I'll gladly provide any other information that I can if needed)
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Tony at 12:52:19.49 on Sat 05/07/2011
Internet Explorer: 9.0.8112.16421
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.1398 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Tony\Desktop\dds(1).scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
AppInit_DLLs: c:\progra~1\google\google~3\GO36F4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tony\appdata\roaming\mozilla\firefox\profiles\2ttj86sc.default\
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2166.3772\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32464]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 296400]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-2-15 7421280]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-2 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-29 947528]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-20 1343400]
S4 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2011-1-24 193840]
S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-1-21 30192]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-21 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-21 136176]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-05-07 04:29:47 -------- d-----w- c:\users\tony\appdata\local\{B2DC8EBF-7C0A-4150-8C92-B97BFAFD7586}
2011-05-06 13:11:46 -------- d-----w- c:\users\tony\appdata\local\{048D475E-81EF-4E5A-94ED-BF843D134C90}
2011-05-06 00:48:36 -------- d-----w- c:\progra~2\NVIDIA Corporation
2011-05-06 00:40:05 -------- d-----w- C:\NVIDIA
2011-05-05 22:43:05 -------- d-----w- c:\users\tony\appdata\local\{7AA889AA-7DEB-4A70-8E55-95FE712F86AB}
2011-05-04 18:31:39 -------- d-----w- c:\users\tony\appdata\local\{6A369090-9D78-4823-B02F-1A5819022329}
2011-05-03 19:17:03 -------- d-----w- c:\users\tony\appdata\local\{EAC29480-31F2-4E48-A6EE-84A32723D73D}
2011-05-02 18:21:47 -------- d-----w- c:\users\tony\appdata\local\{6BBEB97F-AD81-422C-A592-F1549319DD02}
2011-05-01 18:59:43 -------- d-----w- c:\windows\system32\SPReview
2011-05-01 17:06:04 -------- d-----w- c:\users\tony\appdata\local\{721CBAFB-190E-46AE-BF52-14CAB60A9CDB}
2011-05-01 12:53:32 -------- d-----w- c:\windows\system32\wbem\lt-LT
2011-05-01 12:27:12 -------- d-----w- c:\windows\system32\wbem\ja-JP
2011-05-01 12:13:34 3072 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\ja-jp\LXKPTPRC.DLL.mui
2011-05-01 12:13:18 9728 ----a-w- c:\program files\common files\microsoft shared\ink\dicjp.dll
2011-05-01 12:13:18 377856 ----a-w- c:\program files\common files\microsoft shared\ink\mshwjpn.dll
2011-05-01 12:13:18 1179136 ----a-w- c:\program files\common files\microsoft shared\ink\imjplm.dll
2011-05-01 12:13:18 11507712 ----a-w- c:\program files\common files\microsoft shared\ink\mshwjpnr.dll
2011-05-01 12:12:52 266240 ----a-w- c:\windows\system32\lzhfldr2.dll
2011-05-01 12:09:41 -------- d-----w- c:\windows\system32\wbem\lv-LV
2011-05-01 11:54:27 -------- d-----w- c:\windows\system32\wbem\el-GR
2011-05-01 11:35:29 4096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\el-gr\LXKPTPRC.DLL.mui
2011-05-01 10:18:15 -------- d-----w- c:\windows\system32\wbem\tr-TR
2011-05-01 10:08:46 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\tr-tr\LXKPTPRC.DLL.mui
2011-05-01 10:04:04 -------- d-----w- c:\windows\system32\wbem\hu-HU
2011-05-01 09:54:12 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hu-hu\LXKPTPRC.DLL.mui
2011-05-01 09:44:29 -------- d-----w- c:\windows\system32\wbem\pt-PT
2011-05-01 09:35:31 4096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\pt-pt\LXKPTPRC.DLL.mui
2011-05-01 09:29:42 -------- d-----w- c:\windows\system32\wbem\nl-NL
2011-05-01 09:20:42 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\nl-nl\LXKPTPRC.DLL.mui
2011-05-01 09:12:29 -------- d-----w- c:\windows\system32\wbem\da-DK
2011-05-01 09:04:07 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\da-dk\LXKPTPRC.DLL.mui
2011-05-01 08:59:12 -------- d-----w- c:\windows\system32\wbem\sv-SE
2011-05-01 08:49:58 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\sv-se\LXKPTPRC.DLL.mui
2011-05-01 08:45:57 -------- d-----w- c:\windows\system32\wbem\ro-RO
2011-05-01 08:33:37 -------- d-----w- c:\windows\system32\wbem\ar-SA
2011-05-01 08:23:00 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\ar-sa\LXKPTPRC.DLL.mui
2011-05-01 08:18:43 -------- d-----w- c:\windows\system32\wbem\bg-BG
2011-05-01 08:00:03 -------- d-----w- c:\windows\system32\wbem\pl-PL
2011-05-01 07:45:59 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\pl-pl\LXKPTPRC.DLL.mui
2011-05-01 07:39:27 -------- d-----w- c:\windows\system32\wbem\pt-BR
2011-05-01 07:29:50 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\pt-br\LXKPTPRC.DLL.mui
2011-05-01 07:24:25 -------- d-----w- c:\windows\system32\wbem\ru-RU
2011-05-01 07:12:52 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\ru-ru\LXKPTPRC.DLL.mui
2011-05-01 05:05:38 -------- d-----w- c:\users\tony\appdata\local\{AEE9DD46-6016-45D8-A989-11A0ADD0FEC3}
2011-04-30 23:09:21 -------- d-----w- c:\windows\system32\wbem\es-ES
2011-04-30 23:01:17 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\es-es\LXKPTPRC.DLL.mui
2011-04-30 22:58:40 -------- d-----w- c:\windows\system32\wbem\th-TH
2011-04-30 22:50:45 -------- d-----w- c:\windows\system32\wbem\he-IL
2011-04-30 22:43:58 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\he-il\LXKPTPRC.DLL.mui
2011-04-30 22:41:12 -------- d-----w- c:\windows\system32\wbem\sr-Latn-CS
2011-04-30 22:34:30 -------- d-----w- c:\windows\system32\wbem\uk-UA
2011-04-30 22:24:48 -------- d-----w- c:\windows\system32\wbem\it-IT
2011-04-30 22:19:06 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\it-it\LXKPTPRC.DLL.mui
2011-04-30 22:16:34 -------- d-----w- c:\windows\system32\wbem\sk-SK
2011-04-30 22:08:17 -------- d-----w- c:\windows\system32\wbem\zh-TW
2011-04-30 22:08:16 -------- d-----w- c:\windows\system32\wbem\zh-HK
2011-04-30 22:02:08 3072 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\zh-tw\LXKPTPRC.DLL.mui
2011-04-30 22:01:55 424448 ----a-w- c:\program files\common files\microsoft shared\ink\mshwcht.dll
2011-04-30 22:01:55 15720448 ----a-w- c:\program files\common files\microsoft shared\ink\mshwchtr.dll
2011-04-30 21:57:05 -------- d-----w- c:\windows\system32\wbem\ko-KR
2011-04-30 21:51:07 3072 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\ko-kr\LXKPTPRC.DLL.mui
2011-04-30 21:50:51 377856 ----a-w- c:\program files\common files\microsoft shared\ink\mshwkor.dll
2011-04-30 21:50:51 13579776 ----a-w- c:\program files\common files\microsoft shared\ink\mshwkorr.dll
2011-04-30 21:46:09 -------- d-----w- c:\windows\system32\wbem\fr-FR
2011-04-30 21:40:42 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\fr-fr\LXKPTPRC.DLL.mui
2011-04-30 21:36:13 -------- d-----w- c:\windows\system32\wbem\cs-CZ
2011-04-30 21:31:01 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\cs-cz\LXKPTPRC.DLL.mui
2011-04-30 21:27:24 -------- d-----w- c:\windows\system32\wbem\fi-FI
2011-04-30 21:22:56 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\fi-fi\LXKPTPRC.DLL.mui
2011-04-30 21:18:37 -------- d-----w- c:\windows\system32\wbem\zh-CN
2011-04-30 21:12:51 3072 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\zh-cn\LXKPTPRC.DLL.mui
2011-04-30 21:12:39 27136 ----a-w- c:\program files\common files\microsoft shared\ink\imchxlm.dll
2011-04-30 21:12:38 378368 ----a-w- c:\program files\common files\microsoft shared\ink\mshwchs.dll
2011-04-30 21:12:38 12607488 ----a-w- c:\program files\common files\microsoft shared\ink\mshwchsr.dll
2011-04-30 21:09:51 -------- d-----w- c:\windows\system32\wbem\sl-SI
2011-04-30 21:04:30 -------- d-----w- c:\windows\system32\wbem\et-EE
2011-04-30 20:58:13 -------- d-----w- c:\windows\system32\wbem\hr-HR
2011-04-30 20:51:08 -------- d-----w- c:\windows\system32\wbem\nb-NO
2011-04-30 20:46:24 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\nb-no\LXKPTPRC.DLL.mui
2011-04-30 20:41:55 -------- d-----w- c:\windows\system32\wbem\de-DE
2011-04-30 20:35:41 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\de-de\LXKPTPRC.DLL.mui
2011-04-30 17:34:08 257024 ----a-w- c:\windows\system32\msv1_0.dll
2011-04-30 17:11:06 84992 ----a-w- c:\windows\system32\drivers\sdbus.sys
2011-04-30 17:11:06 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2011-04-30 17:10:52 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-04-30 17:10:51 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2011-04-30 17:10:12 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-04-30 15:40:25 -------- d-----w- c:\windows\CheckSur
2011-04-30 14:51:48 -------- d-----w- C:\e8aed6439c53c2d04a
2011-04-30 05:13:47 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-04-30 05:13:47 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-04-30 05:13:46 1686016 ----a-w- c:\windows\system32\esent.dll
2011-04-30 05:13:46 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-04-30 05:13:45 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-04-30 05:13:45 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2011-04-30 05:13:44 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-04-30 05:13:44 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-04-30 05:13:43 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-04-30 05:10:01 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-04-30 05:06:21 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-30 05:02:38 285696 ----a-w- c:\windows\system32\winlogon.exe
2011-04-30 05:01:59 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2011-04-30 05:00:58 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-30 05:00:58 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-30 05:00:57 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-30 05:00:55 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-30 05:00:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-30 05:00:48 37376 ----a-w- c:\windows\system32\rtutils.dll
2011-04-30 05:00:45 224256 ----a-w- c:\windows\system32\schannel.dll
2011-04-30 05:00:43 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-04-30 04:58:42 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-04-30 04:57:59 314368 ----a-w- c:\windows\system32\webio.dll
2011-04-30 04:57:57 738816 ----a-w- c:\windows\system32\wmpmde.dll
2011-04-30 04:57:54 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-30 04:57:53 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-30 04:57:53 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-30 04:57:52 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-30 04:57:51 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2011-04-30 04:57:48 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-30 04:57:46 34816 ----a-w- c:\windows\system32\msasn1.dll
2011-04-30 04:57:45 516096 ----a-w- c:\program files\windows mail\wab.exe
2011-04-30 04:57:43 530432 ----a-w- c:\windows\system32\comctl32.dll
2011-04-30 04:45:22 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-04-30 04:45:22 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-04-30 04:45:21 107520 ----a-w- c:\windows\system32\cdd.dll
2011-04-30 03:32:42 -------- d-----w- c:\users\tony\appdata\roaming\AVG10
2011-04-30 03:22:16 -------- d-----w- c:\windows\system32\drivers\AVG
2011-04-30 03:04:11 -------- d-----w- c:\users\tony\appdata\local\{D1300AE8-4D88-468F-917D-964D50F8FD49}
2011-04-30 01:54:36 -------- d-----w- c:\windows\Panther
2011-04-30 01:24:53 -------- d--h--w- C:\$WINDOWS.~Q
2011-04-30 01:18:15 -------- d--h--w- C:\$INPLACE.~TR
2011-04-30 00:42:02 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-04-30 00:41:38 132608 ----a-w- c:\windows\system32\cabview.dll
2011-04-30 00:40:36 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-04-30 00:40:36 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-04-30 00:40:36 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-04-30 00:40:36 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-04-30 00:40:36 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-04-30 00:39:32 -------- d-----w- c:\windows\system32\wbem\Performance
2011-04-29 23:00:07 -------- d-----w- c:\program files\Synaptics
2011-04-29 22:59:53 584296 ----a-w- c:\windows\system32\nvuninst.exe
2011-04-29 22:59:15 -------- d-----w- c:\program files\Motorola
2011-04-29 22:58:53 -------- d-----w- c:\windows\system32\RTCOM
2011-04-29 13:10:20 -------- d-----w- c:\users\tony\appdata\local\{0A50A5A6-82A9-48E6-B38A-9035B5EBF359}
2011-04-28 20:27:26 -------- d-----w- c:\users\tony\appdata\local\{1290C4C1-DB87-4F56-9F3B-BC5434CBC8DC}
2011-04-27 18:11:30 -------- d-----w- c:\users\tony\appdata\local\{CD335113-95B4-462F-B145-EEC075F233D3}
2011-04-27 03:31:26 -------- d-----w- c:\program files\BitTorrent
2011-04-26 19:48:11 -------- d-----w- c:\windows\system32\EventProviders
2011-04-26 17:59:42 -------- d-----w- c:\program files\Microsoft Easy Assist
2011-04-26 17:56:47 -------- d-----w- c:\progra~2\Applications
2011-04-26 17:09:06 -------- d-----w- c:\users\tony\appdata\local\{BC430EF4-142A-455F-B724-3E2761BD847D}
2011-04-26 04:10:14 -------- d-----w- c:\users\tony\appdata\local\{8010B076-9231-4892-A1C2-D04CC5301928}
2011-04-25 14:54:55 -------- d-----w- c:\users\tony\appdata\local\{0AEEB7F7-FB5A-402D-A21C-0D841DA1C26C}
2011-04-24 15:44:47 -------- d-----w- c:\users\tony\appdata\local\{8D985EA9-644C-4BEB-86EF-93F4946AE7F1}
2011-04-24 13:51:14 -------- d-----w- C:\MGADiagToolOutput
2011-04-23 22:18:43 -------- d-----w- c:\users\tony\appdata\local\{0822A082-FD38-4029-AEF3-C7AC73737998}
2011-04-22 13:32:26 -------- d-----w- c:\users\tony\appdata\local\{3EDC6E98-3505-438A-B3FF-276DE47FDEE2}
2011-04-21 15:28:53 -------- d-----w- c:\users\tony\appdata\local\{5A5A1B72-D2A1-43C8-A91B-0807D83DBE4B}
2011-04-20 15:14:26 -------- d-----w- c:\users\tony\appdata\local\{59D1B2E7-2CEC-4240-BBFD-619BDE9EE4A2}
2011-04-19 15:54:10 -------- d-----w- c:\users\tony\appdata\local\{F753F1C4-37F1-42B0-A03A-51B631C9F3DA}
2011-04-19 15:26:38 -------- d-----w- c:\users\tony\appdata\local\{65AD3424-60C1-483A-B41C-AD753820ED4A}
2011-04-18 18:23:57 -------- d-----w- c:\users\tony\appdata\local\{E653077A-E816-488C-817B-01BE2C7D4DCB}
2011-04-17 17:50:18 -------- d-----w- c:\users\tony\appdata\local\{0FEBA89F-17C4-4C8E-85A8-BC4EAB56007B}
2011-04-17 05:32:20 -------- d-----w- c:\users\tony\appdata\local\{DABB6838-328C-4DEE-ADA6-15BC816F463E}
2011-04-16 17:20:02 -------- d-----w- c:\users\tony\appdata\local\{33791A23-A6D5-418B-BE44-468673AA3B73}
2011-04-16 03:09:46 -------- d-----w- c:\users\tony\appdata\local\{FF78CDF7-984B-444F-88AB-526B4E3232FD}
2011-04-15 12:57:57 -------- d-----w- c:\users\tony\appdata\local\{B4542065-2F31-48FB-8FE5-591F81C52123}
2011-04-14 21:57:26 -------- d-----w- c:\users\tony\appdata\local\{686F4360-6D24-41E6-8992-3A9C596C92B1}
2011-04-13 21:11:58 -------- d-----w- c:\users\tony\appdata\local\{61F1BD8A-32A7-499C-9E77-5F5BC9327930}
2011-04-13 18:27:34 -------- d-----w- c:\users\tony\appdata\local\{A0B2BE47-0F16-41C0-B0F9-A5C312ACB3B5}
2011-04-12 19:47:20 -------- d-----w- c:\users\tony\appdata\local\{D58F78C1-F87F-45BF-9089-EEA262521202}
2011-04-12 03:04:26 -------- d-----w- c:\program files\SpeedFan
2011-04-11 15:32:11 -------- d-----w- c:\users\tony\appdata\local\{40F5F47B-DBC4-4BB0-AE74-46C54F070207}
2011-04-10 16:42:30 -------- d-----w- c:\users\tony\appdata\local\{3205F2DF-EBD6-43BA-8170-B049577345CA}
2011-04-10 06:50:26 -------- d--h--w- C:\$AVG
2011-04-10 05:15:20 -------- d-----w- c:\users\tony\appdata\local\AVG Security Toolbar
2011-04-10 04:45:28 -------- d--h--w- c:\progra~2\Common Files
2011-04-10 04:45:18 -------- d-----w- c:\progra~2\AVG Security Toolbar
2011-04-10 04:43:53 -------- d-----w- c:\progra~2\AVG10
2011-04-10 04:42:12 -------- d-----w- c:\program files\AVG
2011-04-10 04:35:14 -------- d-----w- c:\progra~2\MFAData
2011-04-10 03:53:00 -------- d-----w- c:\users\tony\appdata\local\{084175B7-2D7D-415F-8688-8238A6F5CEF3}
2011-04-09 23:55:44 15453336 ----a-w- c:\windows\system32\xlive.dll
2011-04-09 23:55:42 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2011-04-09 13:55:21 -------- d-----w- c:\users\tony\appdata\local\{3E167FEA-B055-4366-AD51-D162273424E6}
2011-04-08 18:10:25 -------- d-----w- c:\users\tony\appdata\local\{5ECDEE2C-31AD-49D1-BA24-48514EF47F13}
2011-04-08 04:00:32 -------- d-----w- c:\users\tony\appdata\local\{9824CF74-24AD-47B1-9B53-C42B47E6D507}
.
==================== Find3M ====================
.
2011-03-23 19:54:51 12580112 ----a-w- c:\users\tony\Firefox Setup 4.0.exe
2011-03-11 05:40:24 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-08 05:38:13 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 05:29:23 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:27:30 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-02-26 05:33:07 2614784 ----a-w- c:\windows\explorer.exe
2011-02-24 05:32:52 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-19 05:33:11 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32:48 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-18 05:33:29 31232 ----a-w- c:\windows\system32\prevhost.exe
.
============= FINISH: 13:04:36.74 ===============
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-08 00:51:55
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD2500BEVS-60UST0 rev.01.01A01
Running: gmer.exe; Driver: C:\Users\Tony\AppData\Local\Temp\ufldqkoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x9CBBC7A0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x9CBBC848]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x9CBBC8E4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x9CBBC980]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E4B589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E70092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 82E77AF8 4 Bytes [A0, C7, BB, 9C]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 82E77DC8 8 Bytes [48, C8, BB, 9C, E4, C8, BB, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 82C 82E77E3C 4 Bytes [80, C9, BB, 9C] {OR CL, 0xbb; PUSHF }
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[3912] ntdll.dll!LdrLoadDll 771BF5B5 5 Bytes JMP 00DF1410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
Update, for anyone keeping score at home:
I ran system restore (really should have thought of that earlier...*facepalm*) to a restore point dated a couple of weeks ago. So far, no annoying "bad image" pop-ups (*fingers crossed*). However, if anyone out there knows what causes this sort of thing, let me know.
EDIT: Posts merged ~Budapest
This post has been edited by Budapest: 12 May 2011 - 04:50 PM
Back to top
