Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Bad Image - Application or DLL is not a valid windows Image  (Read 33177 times)

0 Members and 1 Guest are viewing this topic.

EV

    Topic Starter


    Rookie

    • Experience: Experienced
    • OS: Windows XP
    Bad Image - Application or DLL is not a valid windows Image
    « on: December 02, 2012, 10:18:22 AM »
    Hi, I've been struggling with this problem for some days and it seems malwarerelated, so I'll try and post here. I've tried a couple of scans (antivirus/antimalware) but some won't install and the ones which work finds stuff but aren't fixing the problems I experience.

    After logging in, I get four error messages.
    WindowsSearch.exe - Bad Image
    The application or DLL C:\Windows\system32\TQUERY.DLL is not a valid windows Image. Please check this against your installation diskette.
    APSDaemon.exe - Bad Image
    The application or DLL C:\Programs Files\Common Files\Apple\Apple Application Support\ASL.dll is not a valid windows Image. Please check this against your installation diskette.

    The Daemon message I get three times. Also, I can't start alot of programs such as Mozilla, some games and winamp (haven't tried them all ofc, but at least 50% aren't starting in my estimate.)

    Logs:


    # AdwCleaner v2.010 - Logfile created 12/02/2012 at 15:14:07
    # Updated 29/11/2012 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Björn - EVIL
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\Björn\Desktop\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Found : C:\Documents and Settings\Björn\Application Data\OpenCandy
    Folder Found : C:\Documents and Settings\Björn\Application Data\pdfforge
    Folder Found : C:\Documents and Settings\Björn\Local Settings\Application Data\OpenCandy

    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Mozilla Firefox v16.0.2 (sv-SE)

    Profile name : default
    File : C:\Documents and Settings\Björn\Application Data\Mozilla\Firefox\Profiles\dgnx5vp1.default\prefs.js

    [OK] File is clean.

    Profile name : default
    File : C:\Documents and Settings\Håkan\Application Data\Mozilla\Firefox\Profiles\dtnmkt4d.default\prefs.js

    [OK] File is clean.

    Profile name : default
    File : C:\Documents and Settings\Lena\Application Data\Mozilla\Firefox\Profiles\jsy9je11.default\prefs.js

    [OK] File is clean.

    Profile name : default
    File : C:\Documents and Settings\Olof\Application Data\Mozilla\Firefox\Profiles\i287xu75.default\prefs.js

    [OK] File is clean.

    Profile name : default
    File : C:\Documents and Settings\Rolf\Application Data\Mozilla\Firefox\Profiles\uog1vc10.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v23.0.1271.95

    File : C:\Documents and Settings\Björn\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [1767 octets] - [02/12/2012 15:14:07]

    ########## EOF - C:\AdwCleaner[R1].txt - [1827 octets] ##########


    Malwarebytes Anti-Malware (Trial) 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.12.02.01

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Björn :: EVIL [administrator]

    Protection: Enabled

    2012-12-02 15:17:26
    mbam-log-2012-12-02 (15-17-26).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 360355
    Time elapsed: 6 minute(s), 29 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_37
    Run by Björn at 15:29:52 on 2012-12-02
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\TP-LINK\TWCU\TWCU.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Björn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\LevelOne\LevelOne Wireless LAN Utility\RtWLan.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Documents and Settings\Björn\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\Spotify\spotify.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\System32\svchost.exe -k NetworkService
    C:\WINDOWS\System32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: Länkhjälp till Adobe PDF Reader: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
    uRun: [Google Update] "c:\documents and settings\björn\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [Spotify Web Helper] "c:\program files\spotify\data\SpotifyWebHelper.exe"
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
    mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
    mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
    mRun: [TWCU] "c:\program files\tp-link\twcu\TWCU.exe" -nogui
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\bjrn~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\björn\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\docume~1\bjrn~1\startm~1\programs\startup\skrmur~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\docume~1\bjrn~1\startm~1\programs\startup\_uninst_.lnk - c:\documents and settings\björn\local settings\temp\_uninst_.bat
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\levelo~1.lnk - c:\program files\levelone\levelone wireless lan utility\RtWLan.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: E&xportera till Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
       If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215200522218
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1352044450718
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} - hxxp://74.0.208.149/program/SonySncRz25View.cab
    DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{11B52850-57D2-4E1D-A24C-8F6B64EC5912} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{8FDE6062-1BE0-4E17-AE70-192BBCE62AD5} : DHCPNameServer = 192.168.0.1
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
    Hosts: 127.0.0.1   www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\björn\application data\mozilla\firefox\profiles\dgnx5vp1.default\
    .
    ============= SERVICES / DRIVERS ===============
    .
    .
    =============== Created Last 30 ================
    .
    2012-12-02 14:15:51   40776   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
    2012-12-02 14:09:14   --------   d--h--r-   c:\documents and settings\björn\Recent
    2012-12-02 14:04:21   --------   d-----w-   c:\program files\CCleaner
    2012-12-01 23:55:43   --------   d-----w-   c:\documents and settings\björn\application data\SUPERAntiSpyware.com
    2012-12-01 23:55:19   --------   d-----w-   c:\program files\SUPERAntiSpyware
    2012-12-01 23:55:19   --------   d-----w-   c:\documents and settings\all users\application data\SUPERAntiSpyware.com
    2012-12-01 20:29:05   159608   ----a-w-   c:\windows\system32\mfevtps.exe.6e9e.deleteme
    2012-12-01 20:19:00   14664   ----a-w-   c:\windows\stinger.sys
    2012-12-01 20:18:12   159608   ----a-w-   c:\windows\system32\mfevtps.exe.c130.deleteme
    2012-12-01 20:17:57   --------   d-----w-   c:\program files\stinger
    2012-12-01 10:10:44   --------   d-----w-   c:\program files\AVAST Software
    2012-12-01 10:10:44   --------   d-----w-   c:\documents and settings\all users\application data\AVAST Software
    2012-11-30 20:18:56   --------   d-----w-   c:\documents and settings\björn\application data\Malwarebytes
    2012-11-30 20:18:40   --------   d-----w-   c:\documents and settings\all users\application data\Malwarebytes
    2012-11-30 20:18:38   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
    2012-11-30 20:18:38   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
    2012-11-30 18:24:02   --------   d-----w-   c:\documents and settings\all users\application data\DAEMON Tools Lite
    2012-11-30 18:08:35   --------   d-----w-   c:\windows\system32\wbem\repository\FS
    2012-11-30 18:08:35   --------   d-----w-   c:\windows\system32\wbem\Repository
    2012-11-29 21:56:38   58368   -c----w-   c:\windows\system32\dllcache\synceng.dll
    2012-11-29 21:34:23   --------   d-sh--w-   C:\found.000
    .
    ==================== Find3M  ====================
    .
    2012-11-17 00:00:12   697272   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
    2012-11-04 16:04:27   292700   ----a-w-   c:\windows\system32\nvdrsdb0.bin
    2012-11-04 16:04:27   1   ----a-w-   c:\windows\system32\nvdrssel.bin
    2012-11-04 16:04:17   292700   ----a-w-   c:\windows\system32\nvdrsdb1.bin
    2012-10-22 08:37:31   1866368   ----a-w-   c:\windows\system32\win32k.sys
    2012-10-02 18:04:21   58368   ----a-w-   c:\windows\system32\synceng.dll
    2012-09-24 13:32:24   477168   ----a-w-   c:\windows\system32\npdeployJava1.dll
    2012-09-24 13:32:20   473072   ----a-w-   c:\windows\system32\deployJava1.dll
    2012-09-24 11:51:47   73728   ----a-w-   c:\windows\system32\javacpl.cpl
    .
    ============= FINISH: 15:30:46,43 ===============


    Attach:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    .
    ==== Disk Partitions =========================
    .
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 Plugin
    Adobe Flash Player ActiveX
    Adobe Reader 8.3.1 - Svenska
    Amazing Slow Downer (remove only)
    Apple Application Support
    Apple Software Update
    Armageddon
    ATI Display Driver
    BankID säkerhetsprogram
    BioWare Premium Module: Neverwinter Nights(TM) Kingmaker
    BitTorrent
    BUG Mod 4.4
    CCleaner
    CDisplay 1.8
    Critical Update for Windows Media Player 11 (KB959772)
    DC++ 0.770
    Diablo
    Diablo II
    Dropbox
    Encrypted FTP
    Europa Universalis III
    Garena
    Google Chrome
    GPL Ghostscript 9.00
    GSview 4.9
    Guild Wars
    Guitar Pro 5.2
    Hellfire
    Heroes of Might And Magic IV: Equilibris
    Heroes of Might and Magic V - Collectors Edition
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Software Update
    In Nomine 3.2
    Java Auto Updater
    Java(TM) 6 Update 37
    Java(TM) 6 Update 6
    Java(TM) 6 Update 7
    LevelOne Wireless LAN Driver and Utility
    Malwarebytes Anti-Malware version 1.65.1.1000
    Master of Mana 1.40
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (Swedish) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (Swedish) 2007
    Microsoft Office PowerPoint MUI (Swedish) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (Finnish) 2007
    Microsoft Office Proof (German) 2007
    Microsoft Office Proof (Swedish) 2007
    Microsoft Office Proofing (Swedish) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (Swedish) 2007
    Microsoft Office Word MUI (Swedish) 2007
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Software Update for Web Folders  (Swedish) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mordor 2: Darkness Awakening
    Mozilla Firefox 16.0.2 (x86 sv-SE)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Neverwinter Nights
    NVIDIA Control Panel 285.58
    NVIDIA Drivers
    NVIDIA Graphics Driver 285.58
    NVIDIA Install Application
    NVIDIA nView 135.95
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.11.0621
    NVIDIA Update 1.5.20
    NVIDIA Update Components
    OpenMG Limited Patch 4.7-07-14-05-01
    OpenMG Secure Module 4.7.00
    Overland
    PDFCreator
    Power Tab Editor 1.7
    QuickTime
    Rage of Mages
    Rage of Mages 2
    Realtek High Definition Audio Driver
    Sacrifice
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Segoe UI
    Shockwave
    Sibelius 6
    Sibelius Scorch (Firefox, Opera, Netscape only)
    Sid Meier's Civilization 4
    Sid Meier's Civilization 4 - Beyond the Sword
    Sid Meier's Civilization 4 - Warlords
    Sierra Utilities
    Skype™ 5.10
    SonicStage 4.3
    SoundMAX
    Spotify
    Starcraft
    Steam
    Steinberg Cubase SX v2.2.0.35
    Sunbelt Personal Firewall
    SUPERAntiSpyware
    TeamSpeak 3 Client
    Terra Nova mod
    TP-LINK Wireless Client Utility Installation Program
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB2598845)
    Update for Windows Internet Explorer 8 (KB2632503)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2492386)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676-v2)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Warcraft II Battle.NET Edition 2.02
    WebFldrs XP
    Ventrilo Client
    Winamp
    Winamp Detector Plug-in
    Windows Desktop Search 3.01
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    VLC media player 0.9.9
    Xvid Video Codec
    .
    ==== End Of File ===========================

    SuperDave

    • Malware Removal Specialist
    • Moderator


    • Sage
    • Thanked: 855
    • Certifications: List
    • Experience: Expert
    • OS: Windows 8
    Re: Bad Image - Application or DLL is not a valid windows Image
    « Reply #1 on: December 02, 2012, 11:32:24 AM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    Remove the Adware:
    • Please close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
    *********************************************
    Download Combofix from any of the links below, and save it to your DESKTOP

    Link 1
    Link 2
    Link 3

    To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
    • Close any open windows and double click ComboFix.exe to run it.

      You will see the following image:


    Click I Agree to start the program.

    ComboFix will then extract the necessary files and you will see this:



    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

    It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

    If you did not have it installed, you will see the prompt below. Choose YES.



    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



    Click on Yes, to continue scanning for malware.

    When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

    Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
    Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

    EV

      Topic Starter


      Rookie

      • Experience: Experienced
      • OS: Windows XP
      Re: Bad Image - Application or DLL is not a valid windows Image
      « Reply #2 on: December 02, 2012, 12:33:35 PM »
      Here's the log, moving on with the next steps as we speak. Thanks for the quick reply

      # AdwCleaner v2.010 - Logfile created 12/02/2012 at 20:33:46
      # Updated 29/11/2012 by Xplode
      # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
      # User : Björn - EVIL
      # Boot Mode : Normal
      # Running from : C:\Documents and Settings\Björn\Desktop\adwcleaner.exe
      # Option [Delete]


      ***** [Services] *****


      ***** [Files / Folders] *****

      Folder Deleted : C:\Documents and Settings\Björn\Application Data\OpenCandy
      Folder Deleted : C:\Documents and Settings\Björn\Application Data\pdfforge
      Folder Deleted : C:\Documents and Settings\Björn\Local Settings\Application Data\OpenCandy

      ***** [Registry] *****


      ***** [Internet Browsers] *****

      -\\ Internet Explorer v8.0.6001.18702

      [OK] Registry is clean.

      -\\ Mozilla Firefox v16.0.2 (sv-SE)

      Profile name : default
      File : C:\Documents and Settings\Björn\Application Data\Mozilla\Firefox\Profiles\dgnx5vp1.default\prefs.js

      [OK] File is clean.

      Profile name : default
      File : C:\Documents and Settings\Håkan\Application Data\Mozilla\Firefox\Profiles\dtnmkt4d.default\prefs.js

      [OK] File is clean.

      Profile name : default
      File : C:\Documents and Settings\Lena\Application Data\Mozilla\Firefox\Profiles\jsy9je11.default\prefs.js

      [OK] File is clean.

      Profile name : default
      File : C:\Documents and Settings\Olof\Application Data\Mozilla\Firefox\Profiles\i287xu75.default\prefs.js

      [OK] File is clean.

      Profile name : default
      File : C:\Documents and Settings\Rolf\Application Data\Mozilla\Firefox\Profiles\uog1vc10.default\prefs.js

      [OK] File is clean.

      -\\ Google Chrome v23.0.1271.95

      File : C:\Documents and Settings\Björn\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

      [OK] File is clean.

      *************************

      AdwCleaner[R1].txt - [1896 octets] - [02/12/2012 15:14:07]
      AdwCleaner[S1].txt - [1833 octets] - [02/12/2012 20:33:46]

      ########## EOF - C:\AdwCleaner[S1].txt - [1893 octets] ##########

      EV

        Topic Starter


        Rookie

        • Experience: Experienced
        • OS: Windows XP
        Re: Bad Image - Application or DLL is not a valid windows Image
        « Reply #3 on: December 02, 2012, 01:12:52 PM »
        Combofix Log:

        ComboFix 12-12-01.02 - Björn 2012-12-02  20:55:40.1.2 - x86
        Running from: c:\documents and settings\Bj÷rn\Desktop\ComboFix.exe
         * Created a new restore point
        .
        .
        (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        c:\documents and settings\Håkan\Local Settings\Application Data\Identities\{2CB3186F-96BE-4D8B-A079-8147B29D4A1B}\Microsoft\Outlook Express\Offline.dbx
        c:\windows\Rtlihvs.dll
        c:\windows\system32\drivers\ch7xxnt5.dll
        c:\windows\system32\nvmccs.dll
        c:\windows\SYSTEM32\RtlGina\RtlGina.DLL
        c:\windows\system32\SET2D.tmp
        c:\windows\system32\SET38.tmp
        c:\windows\system32\SET3C.tmp
        c:\windows\system32\SET40.tmp
        c:\windows\system32\SET46.tmp
        c:\windows\system32\SET4F.tmp
        c:\windows\system32\SET51.tmp
        c:\windows\system32\SET55.tmp
        c:\windows\system32\SET5B.tmp
        c:\windows\system32\SET65.tmp
        c:\windows\system32\SET69.tmp
        c:\windows\system32\SET6D.tmp
        c:\windows\system32\SET73.tmp
        c:\windows\system32\URTTemp
        c:\windows\system32\URTTemp\regtlib.exe
        c:\windows\system32\wpdshextautoplay.exe
        .
        .
        (((((((((((((((((((((((((   Files Created from 2012-11-02 to 2012-12-02  )))))))))))))))))))))))))))))))
        .
        .
        2012-12-02 14:04 . 2012-12-02 14:04   --------   d-----w-   c:\program files\CCleaner
        2012-12-01 23:55 . 2012-12-01 23:55   --------   d-----w-   c:\documents and settings\Björn\Application Data\SUPERAntiSpyware.com
        2012-12-01 23:55 . 2012-12-01 23:57   --------   d-----w-   c:\program files\SUPERAntiSpyware
        2012-12-01 23:55 . 2012-12-01 23:55   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
        2012-12-01 20:29 . 2012-12-01 20:29   159608   ----a-w-   c:\windows\system32\mfevtps.exe.6e9e.deleteme
        2012-12-01 20:19 . 2012-12-01 20:19   14664   ----a-w-   c:\windows\stinger.sys
        2012-12-01 20:18 . 2012-12-01 20:18   159608   ----a-w-   c:\windows\system32\mfevtps.exe.c130.deleteme
        2012-12-01 20:17 . 2012-12-01 22:34   --------   d-----w-   c:\program files\stinger
        2012-12-01 10:10 . 2012-12-02 13:53   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVAST Software
        2012-12-01 10:10 . 2012-12-02 01:19   --------   d-----w-   c:\program files\AVAST Software
        2012-11-30 20:18 . 2012-11-30 20:18   --------   d-----w-   c:\documents and settings\Björn\Application Data\Malwarebytes
        2012-11-30 20:18 . 2012-11-30 20:18   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
        2012-11-30 20:18 . 2012-11-30 20:18   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
        2012-11-30 20:18 . 2012-09-29 18:54   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
        2012-11-30 18:24 . 2012-11-30 18:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
        2012-11-30 18:08 . 2012-11-30 18:08   --------   d-----w-   c:\windows\system32\wbem\Repository
        2012-11-30 17:48 . 2012-11-30 17:48   --------   d-----w-   c:\documents and settings\TEMP
        2012-11-29 21:56 . 2012-10-02 18:04   58368   -c----w-   c:\windows\system32\dllcache\synceng.dll
        2012-11-29 21:34 . 2012-11-29 21:34   --------   d-----w-   C:\found.000
        .
        .
        .
        ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2012-11-17 00:00 . 2012-04-11 09:53   697272   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
        2012-10-22 08:37 . 2003-03-31 12:00   1866368   ----a-w-   c:\windows\system32\win32k.sys
        2012-10-02 18:04 . 2003-03-31 12:00   58368   ----a-w-   c:\windows\system32\synceng.dll
        2012-09-24 13:32 . 2012-06-16 09:30   477168   ----a-w-   c:\windows\system32\npdeployJava1.dll
        2012-09-24 13:32 . 2010-04-27 17:38   473072   ----a-w-   c:\windows\system32\deployJava1.dll
        2012-09-24 11:51 . 2012-09-18 20:50   73728   ----a-w-   c:\windows\system32\javacpl.cpl
        2010-03-31 08:09 . 2012-10-27 22:04   10437264   ----a-w-   c:\program files\mozilla firefox\plugins\PDFNetC.dll
        2010-04-08 10:36 . 2012-10-27 22:04   107760   ----a-w-   c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
        2012-10-27 22:04 . 2012-10-27 22:04   261600   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
        .
        .
        ------- Sigcheck -------
        Note: Unsigned files aren't necessarily malware.
        .
        [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
        [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
        [-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
        [7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
        [7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
        [-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtServicePackUninstall$\es.dll
        [-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
        [7] 2004-08-04 07:56 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll
        .
        (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        *Note* empty entries & legit default entries are not shown
        REGEDIT4
        .
        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
        @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
        [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
        2011-12-05 19:17   94208   ----a-w-   c:\documents and settings\Björn\Application Data\Dropbox\bin\DropboxExt.14.dll
        .
        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
        @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
        [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
        2011-12-05 19:17   94208   ----a-w-   c:\documents and settings\Björn\Application Data\Dropbox\bin\DropboxExt.14.dll
        .
        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
        @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
        [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
        2011-12-05 19:17   94208   ----a-w-   c:\documents and settings\Björn\Application Data\Dropbox\bin\DropboxExt.14.dll
        .
        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
        @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
        [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
        2011-12-05 19:17   94208   ----a-w-   c:\documents and settings\Björn\Application Data\Dropbox\bin\DropboxExt.14.dll
        .
        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-17 490952]
        "Spotify Web Helper"="c:\program files\Spotify\Data\SpotifyWebHelper.exe" [2012-10-27 1199576]
        "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-12-01 4763008]
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
        "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
        "RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
        "WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-22 74752]
        "TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2006-03-15 348160]
        "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
        "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
        "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
        "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
        "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
        "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
        .
        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
        .
        c:\documents and settings\Rolf\Start Menu\Programs\Startup\
        OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [N/A]
        .
        c:\documents and settings\Björn\Start Menu\Programs\Startup\
        Dropbox.lnk - c:\documents and settings\Björn\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
        Skärmurklipp och start för OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
        _uninst_.lnk - c:\documents and settings\Björn\Local Settings\Temp\_uninst_.bat [N/A]
        .
        c:\documents and settings\All Users\Start Menu\Programs\Startup\
        BankID säkerhetsprogram.lnk - c:\program files\Personal\bin\Personal.exe [2012-10-19 1358784]
        LevelOne Wireless LAN Utility.lnk - c:\program files\LevelOne\LevelOne Wireless LAN Utility\RtWLan.exe [2012-3-5 946176]
        Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]
        .
        [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
        "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
        "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
        .
        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
        @=""
        .
        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
        "EnableFirewall"= 0 (0x0)
        .
        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
        "%windir%\\system32\\sessmgr.exe"=
        "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
        "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
        "c:\\Program Files\\Messenger\\msmsgs.exe"=
        "c:\\Spel\\civIV\\Beyond the Sword\\Civ4BeyondSword.exe"=
        "c:\\Spel\\civIV\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
        "c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
        "c:\\Program Files\\Spotify\\spotify.exe"=
        "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
        "c:\\Program Files\\Sibelius Software\\Sibelius 6\\RegTool.exe"=
        "c:\\Program Files\\Sibelius Software\\Sibelius 6\\Sibelius.exe"=
        "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
        "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
        "c:\\Documents and Settings\\Björn\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
        "c:\\Program Files\\Steam\\Steam.exe"=
        "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
        "c:\\Program Files\\LevelOne\\LevelOne Wireless LAN Utility\\RtWLan.exe"=
        "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
        "d:\\spel\\Paradox Interactive\\Europa Universalis III\\eu3.exe"=
        "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
        .
        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
        "1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
        "1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
        "53:UDP"= 53:UDP:Realtek AP UDP Prot
        .
        R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe

        R3 NETMDSHA;MDSHA031;c:\windows\system32\Drivers\MDSHA031.sys

        R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys

        R3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver;c:\windows\system32\DRIVERS\SMC1211.SYS

        S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys

        S1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys

        S1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys

        S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS

        S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS

        S1 waclient;Portwise Access Client Driver;c:\windows\system32\drivers\waclient.sys

        S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE

        S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe

        S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

        S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe

        S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

        S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys

        .
        .
        --- Other Services/Drivers In Memory ---
        .
        *NewlyCreated* - WS2IFSL
        .
        .
        ------- Supplementary Scan -------
        .
        IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
        TCP: DhcpNameServer = 192.168.1.254
        DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
        DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
        FF - ProfilePath - c:\documents and settings\Björn\Application Data\Mozilla\Firefox\Profiles\dgnx5vp1.default\
        FF - prefs.js: browser.search.selectedEngine - YouTube
        FF - prefs.js: browser.startup.homepage -
        FF - ExtSQL: 2012-10-27 23:01; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
        FF - ExtSQL: !HIDDEN! 2009-07-29 20:58; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
        .
        - - - - ORPHANS REMOVED - - - -
        .
        HKLM-Run-NVMixerTray - c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
        AddRemove-Rage of Mages 2 - c:\windows\rm2uinst.exe
        .
        .
        .
        **************************************************************************
        .
        catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2012-12-02 21:11
        Windows 5.1.2600 Service Pack 3 NTFS
        .
        scanning hidden processes ... 
        .
        scanning hidden autostart entries ...
        .
        scanning hidden files ... 
        .
        scan completed successfully
        hidden files: 0
        .
        **************************************************************************
        .
        --------------------- DLLs Loaded Under Running Processes ---------------------
        .
        - - - - - - - > 'winlogon.exe'(732)
        c:\windows\system32\Ati2evxx.dll
        .
        - - - - - - - > 'explorer.exe'(1124)
        c:\windows\system32\WININET.dll
        c:\documents and settings\Björn\Application Data\Dropbox\bin\DropboxExt.14.dll
        c:\windows\system32\ieframe.dll
        c:\windows\system32\webcheck.dll
        c:\windows\system32\WPDShServiceObj.dll
        c:\windows\system32\PortableDeviceTypes.dll
        c:\windows\system32\PortableDeviceApi.dll
        .
        ------------------------ Other Running Processes ------------------------
        .
        c:\windows\system32\acs.exe
        c:\program files\Java\jre6\bin\jqs.exe
        c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
        c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
        c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
        c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
        c:\windows\system32\wscntfy.exe
        .
        **************************************************************************
        .
        Completion time: 2012-12-02  21:17:25 - machine was rebooted
        ComboFix-quarantined-files.txt  2012-12-02 20:17
        .
        Pre-Run: 15 705 186 304 bytes free
        Post-Run: 15 668 629 504 bytes free
        .
        WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
        [boot loader]
        timeout=2
        default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
        [operating systems]
        c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
        UnsupportedDebug="do not select this" /debug
        multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
        .
        - - End Of File - - B85B5BFB54654E55E3BE4C9A2950B64A

        SuperDave

        • Malware Removal Specialist
        • Moderator


        • Sage
        • Thanked: 855
        • Certifications: List
        • Experience: Expert
        • OS: Windows 8
        Re: Bad Image - Application or DLL is not a valid windows Image
        « Reply #4 on: December 02, 2012, 06:54:16 PM »
        • Download RogueKiller on the desktop
        • Close all the running programs
        • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
        • Otherwise just double-click on RogueKiller.exe
        • Pre-scan will start. Let it finish.
        • Click on SCAN button.
        • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
        • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
        **********************************************
        SysProt Antirootkit

        Download
        SysProt Antirootkit from the link below (you will find it at the bottom
        of the page under attachments, or you can get it from one of the
        mirrors).

        http://sites.google.com/site/sysprotantirootkit/

        Unzip it into a folder on your desktop.
        • Double click Sysprot.exe to start the program.
        • Click on the Log tab.
        • In the Write to log box select the following items.
          • Process << Selected
          • Kernel Modules << Selected
          • SSDT << Selected
          • Kernel Hooks << Selected
          • IRP Hooks << NOT Selected
          • Ports << NOT Selected
          • Hidden Files << Selected
        • At the bottom of the page
          • Hidden Objects Only << Selected
        • Click on the Create Log button on the bottom right.
        • After a few seconds a new window should appear.
        • Select Scan Root Drive. Click on the Start button.
        • When it is complete a new window will appear to indicate that the scan is finished.
        • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
        *****************************************
        Download Security Check by screen317 from one of the following links and save it to your desktop.

        Link 1
        Link 2

        * Double-click Security Check.bat
        * Follow the on-screen instructions inside of the black box.
        * A Notepad document should open automatically called checkup.txt
        * Post the contents of that document in your next reply.

        Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
        Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

        EV

          Topic Starter


          Rookie

          • Experience: Experienced
          • OS: Windows XP
          Re: Bad Image - Application or DLL is not a valid windows Image
          « Reply #5 on: December 03, 2012, 07:36:29 AM »
          Hi again.

          Rougekiller went fine (I'll post the logs in order below)

          When I choose create log button in SysProt I got an error message stating:
          Windows - Drive Not Ready
          The drive is not ready for use ; its door may be open. Please check drive A: and make sure that a disk is insrted and that the drive door is closed.

          I chose continue. Then the message came again and again. I tried all the other options (try again and cancel) and when I had pressed cancel twice I came to the new window (where you select scan root drive).
          After that I heard a beep but couldn't find a message stating the scan was finished (maybe it was hidden behind the main window which I couldn't move.)
          I did however find a log in the SysProt folder which I will post here. I suppose it went OK.

          Security Check by screen 317 led to the following strange error message:
          Autolt Error
          Line -1:


          Error: The requested action with this object has failed.

          Didn't seem to affect the program's progress though, I will post that log too.

          RogueKiller V8.3.1 [Dec  2 2012] by Tigzy
          mail : tigzyRK<at>gmail<dot>com
          Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
          Website : http://tigzy.geekstogo.com/roguekiller.php
          Blog : http://tigzyrk.blogspot.com/

          Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
          Started in : Normal mode
          User : Björn [Admin rights]
          Mode : Scan -- Date : 12/03/2012 15:14:32

          ¤¤¤ Bad processes : 0 ¤¤¤

          ¤¤¤ Registry Entries : 4 ¤¤¤
          [STARTUP][SUSP PATH] _uninst_.lnk @Björn : C:\Documents and Settings\Björn\Local Settings\Temp\_uninst_.bat -> FOUND
          [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
          [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
          [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

          ¤¤¤ Particular Files / Folders: ¤¤¤

          ¤¤¤ Driver : [LOADED] ¤¤¤
          SSDT[25] : NtClose @ 0x805BC538 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB333EF80)
          SSDT[37] : NtCreateFile @ 0x805790A2 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB333E552)
          SSDT[41] : NtCreateKey @ 0x806240F6 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB333A882)
          SSDT[47] : NtCreateProcess @ 0x805D1250 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB333DA1A)
          SSDT[48] : NtCreateProcessEx @ 0x805D119A -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB333D910)
          SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB333DF2A)
          SSDT[62] : NtDeleteFile @ 0x80576C4A -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB333F034)
          SSDT[63] : NtDeleteKey @ 0x80624592 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB333AD54)
          SSDT[65] : NtDeleteValueKey @ 0x80624762 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB333AE70)
          SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (\SystemRoot\system32\drivers\khips.sys @ 0xB313DF64)
          SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (\SystemRoot\system32\drivers\khips.sys @ 0xB313E24A)
          SSDT[116] : NtOpenFile @ 0x8057A1A0 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB333E906)
          SSDT[119] : NtOpenKey @ 0x806254D4 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB333AB78)
          SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB333E0DC)
          SSDT[224] : NtSetInformationFile @ 0x8057B02E -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB333ECE0)
          SSDT[247] : NtSetValueKey @ 0x80622668 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB333B038)
          SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS @ 0xB31F1640)
          SSDT[274] : NtWriteFile @ 0x8057CF10 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB333EBB2)

          ¤¤¤ Extern Hives: ¤¤¤
          -> D:\windows\system32\config\SOFTWARE
          -> D:\Documents and Settings\Administrator\NTUSER.DAT
          -> D:\Documents and Settings\Default User\NTUSER.DAT
          -> D:\Documents and Settings\Default User.WINDOWS\NTUSER.DAT
          -> D:\Documents and Settings\LocalService\NTUSER.DAT
          -> D:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
          -> D:\Documents and Settings\NetworkService\NTUSER.DAT
          -> D:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
          -> D:\Documents and Settings\steffe\NTUSER.DAT

          ¤¤¤ HOSTS File: ¤¤¤
          --> C:\WINDOWS\system32\drivers\etc\hosts

          127.0.0.1       localhost


          ¤¤¤ MBR Check: ¤¤¤

          +++++ PhysicalDrive0: WDC WD800JB-22JJC0 +++++
          --- User ---
          [MBR] 531762e1b38d01a335e2d8255ca05e12
          [BSP] 04b3a15b4034b4b8ab2b63bbc6b22baa : Windows XP MBR Code
          Partition table:
          0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
          User = LL1 ... OK!
          User = LL2 ... OK!

          +++++ PhysicalDrive1: Maxtor 6Y120P0 +++++
          --- User ---
          [MBR] 7cc98d6b603d25bdf6101b1a6eca0f46
          [BSP] 131dd291dd5ffa75d5e0bf72fffe510b : Windows XP MBR Code
          Partition table:
          0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 117232 Mo
          User = LL1 ... OK!
          User = LL2 ... OK!

          Finished : << RKreport[1]_S_12032012_02d1514.txt >>
          RKreport[1]_S_12032012_02d1514.txt




          SysProt AntiRootkit v1.0.1.0
          by swatkat

          ******************************************************************************************
          ******************************************************************************************

          No Hidden Processes found

          ******************************************************************************************
          ******************************************************************************************
          Kernel Modules:
          Module Name: spak.sys
          Service Name: ---
          Module Base: B7EA7000
          Module End: B7FA7000
          Hidden: Yes

          Module Name: \SystemRoot\System32\Drivers\a37w1lfk.SYS
          Service Name: ---
          Module Base: B62F4000
          Module End: B632D000
          Hidden: Yes

          Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
          Service Name: ---
          Module Base: B2FC8000
          Module End: B2FE0000
          Hidden: Yes

          Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
          Service Name: ---
          Module Base: B860A000
          Module End: B860C000
          Hidden: Yes

          ******************************************************************************************
          ******************************************************************************************
          SSDT:
          Function Name: ZwClose
          Address: B333EF80
          Driver Base: B3323000
          Driver End: B336C000
          Driver Name: \SystemRoot\system32\drivers\fwdrv.sys

          Function Name: ZwCreateFile
          Address: B333E552
          Driver Base: B3323000
          Driver End: B336C000
          Driver Name: \SystemRoot\system32\drivers\fwdrv.sys

          Function Name: ZwCreateKey
          Address: B333A882
          Driver Base: B3323000
          Driver End: B336C000
          Driver Name: \SystemRoot\system32\drivers\fwdrv.sys

          Function Name: ZwCreateProcess
          Address: B333DA1A
          Driver Base: B3323000
          Driver End: B336C000
          Driver Name: \SystemRoot\system32\drivers\fwdrv.sys

          Function Name: ZwCreateProcessEx
          Address: B333D910
          Driver Base: B3323000
          Driver End: B336C000
          Driver Name: \SystemRoot\system32\drivers\fwdrv.sys

          Function Name: ZwCreateThread
          Address: B333DF2A
          Driver Base: B3323000
          Driver End: B336C000
          Driver Name: \SystemRoot\system32\drivers\fwdrv.sys

          Function Name: ZwDeleteFile
          Address: B333F034
          Driver Base: B3323000
          Driver End: B336C000
          Driver Name: \SystemRoot\system32\drivers\fwdrv.sys

          Function Name: ZwDeleteKey
          Address: B333AD54
          Driver Base: B3323000
          Driver End: B336C000
          Driver Name: \SystemRoot\system32\drivers\fwdrv.sys

          Function Name: ZwDeleteValueKey
          Address: B333AE70
          Driver Base: B3323000
          Driver End: B336C000
          Driver Name: \SystemRoot\system32\drivers\fwdrv.sys

          Function Name: ZwEnumerateKey
          Address: B7EC6CA2
          Driver Base: B7EA7000
          Driver End: B7FA7000
          Driver Name: spak.sys

          Function Name: ZwEnumerateValueKey
          Address: B7EC7030
          Driver Base: B7EA7000
          Driver End: B7FA7000
          Driver Name: spak.sys

          Function Name: ZwLoadDriver
          Address: B313DF64
          Driver Base: B313B000
          Driver End: B314C000
          Driver Name: \SystemRoot\system32\drivers\khips.sys

          Function Name: ZwMapViewOfSection
          Address: B313E24A
          Driver Base: B313B000
          Driver End: B314C000
          Driver Name: \SystemRoot\system32\drivers\khips.sys

          Function Name: ZwOpenFile
          Address: B333E906
          Driver Base: B3323000
          Driver End: B336C000
          Driver Name: \SystemRoot\system32\drivers\fwdrv.sys

          Function Name: ZwOpenKey
          Address: B333AB78
          Driver Base: B3323000
          Driver End: B336C000
          Driver Name: \SystemRoot\system32\drivers\fwdrv.sys

          Function Name: ZwQueryKey
          Address: B7EC7108
          Driver Base: B7EA7000
          Driver End: B7FA7000
          Driver Name: spak.sys

          Function Name: ZwQueryValueKey
          Address: B7EC6F88
          Driver Base: B7EA7000
          Driver End: B7FA7000
          Driver Name: spak.sys

          Function Name: ZwResumeThread
          Address: B333E0DC
          Driver Base: B3323000
          Driver End: B336C000
          Driver Name: \SystemRoot\system32\drivers\fwdrv.sys

          Function Name: ZwSetInformationFile
          Address: B333ECE0
          Driver Base: B3323000
          Driver End: B336C000
          Driver Name: \SystemRoot\system32\drivers\fwdrv.sys

          Function Name: ZwSetValueKey
          Address: B333B038
          Driver Base: B3323000
          Driver End: B336C000
          Driver Name: \SystemRoot\system32\drivers\fwdrv.sys

          Function Name: ZwTerminateProcess
          Address: B31F1640
          Driver Base: B31E7000
          Driver End: B3209000
          Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

          Function Name: ZwWriteFile
          Address: B333EBB2
          Driver Base: B3323000
          Driver End: B336C000
          Driver Name: \SystemRoot\system32\drivers\fwdrv.sys

          ******************************************************************************************
          ******************************************************************************************
          No Kernel Hooks found

          ******************************************************************************************
          ******************************************************************************************
          Hidden files/folders:
          Object: C:\Documents and Settings\Björn\Desktop\Rep.lista tom mall 180
          Status: Hidden

          Object: C:\Qoobox\BackEnv\AppData.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\Cache.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\Cookies.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\Desktop.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\Favorites.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\History.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\Music.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\NetHood.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\Personal.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\Pictures.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\Programs.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\Recent.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\SendTo.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\SetPath.bat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\StartUp.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\SysPath.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\Templates.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\VikPev00
          Status: Access denied


           Results of screen317's Security Check version 0.99.56 
           Windows XP Service Pack 3 x86   
           Internet Explorer 8 
          ``````````````Antivirus/Firewall Check:``````````````[/u]
           Windows Firewall Disabled! 
           Sunbelt Personal Firewall   
          `````````Anti-malware/Other Utilities Check:`````````[/u]
           SUPERAntiSpyware     
           Malwarebytes Anti-Malware version 1.65.1.1000 
           CCleaner     
           Java(TM) 6 Update 37 
           Java(TM) 6 Update 6 
           Java(TM) 6 Update 7 
           Java version out of Date!
           Adobe Flash Player    11.5.502.110 
           Adobe Reader 8 Adobe Reader out of Date!
           Mozilla Firefox (Firefox,. Firefox out of Date! 
          ````````Process Check: objlist.exe by Laurent````````[/u] 
          `````````````````System Health check`````````````````[/u]
           Total Fragmentation on Drive C:: 17% Defragment your hard drive soon! (Do NOT defrag if SSD!)
          ````````````````````End of Log``````````````````````[/u]

          EV

            Topic Starter


            Rookie

            • Experience: Experienced
            • OS: Windows XP
            Re: Bad Image - Application or DLL is not a valid windows Image
            « Reply #6 on: December 03, 2012, 07:37:34 AM »
            And oh, since you didn't instruct me to delete the problems found by Roguekiller, I didn't. Should I do that?

            SuperDave

            • Malware Removal Specialist
            • Moderator


            • Sage
            • Thanked: 855
            • Certifications: List
            • Experience: Expert
            • OS: Windows 8
            Re: Bad Image - Application or DLL is not a valid windows Image
            « Reply #7 on: December 03, 2012, 04:29:23 PM »
            • Download TDSSKiller and save it to your Desktop.
            • Extract its contents to your desktop.
            • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.



            • If an infected file is detected, the default action will be Cure, click on Continue.



            • If a suspicious file is detected, the default action will be Skip, click on Continue.



            • It may ask you to reboot the computer to complete the process. Click on Reboot Now.



            • Click the Report button and copy/paste the contents of it into your next reply
            Note:It will also create a log in the C:\ directory..
            *************************************************
            Please download 7-Zip and install it. If you already have it, no need to reinstall.

            Then, download RootkitUnhooker and save the setup to your Desktop.

            • Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
            • Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
            • Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
            • It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
            • Once inside the interface, do not fix anything. Click on the Report tab.
            • Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
            • It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
            • When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.
            Note: You may get this warning while running Rootkit Unhooker. It is OK so just ignore it:

            Code: [Select]
            "Rootkit Unhooker has detected a parasite inside itself!
            Code: [Select]
            It is recommended to remove parasite, okay?"*****************************************************
            Update Your Java (JRE)

            Old versions of Java have vulnerabilities that malware can use to infect your system.


            First Verify your Java Version

            If there are any other version(s) installed then update now.

            Get the new version (if needed)

            If your version is out of date install the newest version of the Sun Java Runtime Environment.

            Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

            Be sure to close ALL open web browsers before starting the installation.

            Remove any old versions

            1. Download JavaRa and unzip the file to your Desktop.
            2. Open JavaRA.exe and choose Remove Older Versions
            3. Once complete exit JavaRA.

            Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
            Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

            EV

              Topic Starter


              Rookie

              • Experience: Experienced
              • OS: Windows XP
              Re: Bad Image - Application or DLL is not a valid windows Image
              « Reply #8 on: December 04, 2012, 01:07:11 AM »
              The rootkitunhooker-link didn't work. Did you want me to do something about the problems found by Roguekiller?

              Here's the TDSSKiller-report though.

              08:59:34.0921 3804  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
              08:59:36.0375 3804  ============================================================
              08:59:36.0375 3804  Current date / time: 2012/12/04 08:59:36.0375
              08:59:36.0375 3804  SystemInfo:
              08:59:36.0375 3804 
              08:59:36.0375 3804  OS Version: 5.1.2600 ServicePack: 3.0
              08:59:36.0375 3804  Product type: Workstation
              08:59:36.0375 3804  ComputerName: EVIL
              08:59:36.0375 3804  UserName: Björn
              08:59:36.0375 3804  Windows directory: C:\WINDOWS
              08:59:36.0375 3804  System windows directory: C:\WINDOWS
              08:59:36.0375 3804  Processor architecture: Intel x86
              08:59:36.0375 3804  Number of processors: 2
              08:59:36.0375 3804  Page size: 0x1000
              08:59:36.0375 3804  Boot type: Normal boot
              08:59:36.0375 3804  ============================================================
              08:59:37.0515 3804  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
              08:59:37.0531 3804  Drive \Device\Harddisk1\DR1 - Size: 0x1C9FEF0000 (114.50 Gb), SectorSize: 0x200, Cylinders: 0x3A62, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
              08:59:37.0531 3804  ============================================================
              08:59:37.0531 3804  \Device\Harddisk0\DR0:
              08:59:37.0531 3804  MBR partitions:
              08:59:37.0531 3804  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
              08:59:37.0531 3804  \Device\Harddisk1\DR1:
              08:59:37.0531 3804  MBR partitions:
              08:59:37.0531 3804  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE4F80E2
              08:59:37.0531 3804  ============================================================
              08:59:37.0562 3804  D: <-> \Device\Harddisk1\DR1\Partition1
              08:59:37.0593 3804  C: <-> \Device\Harddisk0\DR0\Partition1
              08:59:37.0625 3804  ============================================================
              08:59:37.0625 3804  Initialize success
              08:59:37.0625 3804  ============================================================
              08:59:48.0312 3664  ============================================================
              08:59:48.0312 3664  Scan started
              08:59:48.0312 3664  Mode: Manual;
              08:59:48.0312 3664  ============================================================
              08:59:49.0015 3664  ================ Scan system memory ========================
              08:59:49.0015 3664  System memory - ok
              08:59:49.0015 3664  ================ Scan services =============================
              08:59:49.0109 3664  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
              08:59:49.0109 3664  !SASCORE - ok
              08:59:49.0203 3664  Abiosdsk - ok
              08:59:49.0203 3664  abp480n5 - ok
              08:59:49.0250 3664  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
              08:59:49.0250 3664  ACPI - ok
              08:59:49.0281 3664  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
              08:59:49.0281 3664  ACPIEC - ok
              08:59:49.0343 3664  [ A9F02264C4A52CC667E7B8799514C877 ] ACS             C:\WINDOWS\system32\acs.exe
              08:59:49.0343 3664  ACS - ok
              08:59:49.0390 3664  [ EE97365199D656DDF3197FFDB091EADF ] ADIDTSFiltService C:\WINDOWS\system32\drivers\adidts.sys
              08:59:49.0406 3664  ADIDTSFiltService - ok
              08:59:49.0453 3664  [ 0158F4027C0808FF65ED3B3D683339C9 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
              08:59:49.0453 3664  ADIHdAudAddService - ok
              08:59:49.0531 3664  [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
              08:59:49.0531 3664  AdobeFlashPlayerUpdateSvc - ok
              08:59:49.0531 3664  adpu160m - ok
              08:59:49.0546 3664  [ 358063AB6C1C4173B735525CDFA65F94 ] AEAudio         C:\WINDOWS\system32\drivers\AEAudio.sys
              08:59:49.0546 3664  AEAudio - ok
              08:59:49.0578 3664  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
              08:59:49.0593 3664  aec - ok
              08:59:49.0625 3664  [ 023867B6606FBABCDD52E089C4A507DA ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
              08:59:49.0625 3664  AegisP - ok
              08:59:49.0703 3664  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
              08:59:49.0703 3664  AFD - ok
              08:59:49.0703 3664  Aha154x - ok
              08:59:49.0703 3664  aic78u2 - ok
              08:59:49.0703 3664  aic78xx - ok
              08:59:49.0734 3664  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
              08:59:49.0734 3664  Alerter - ok
              08:59:49.0750 3664  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
              08:59:49.0750 3664  ALG - ok
              08:59:49.0750 3664  AliIde - ok
              08:59:49.0781 3664  [ 8FCE268CDBDD83B23419D1F35F42C7B1 ] AmdK7           C:\WINDOWS\system32\DRIVERS\amdk7.sys
              08:59:49.0781 3664  AmdK7 - ok
              08:59:49.0781 3664  amsint - ok
              08:59:49.0781 3664  AppMgmt - ok
              08:59:49.0859 3664  [ 7F5F32BF855BF25D8645C375DFD95255 ] AR5416          C:\WINDOWS\system32\DRIVERS\ar5416.sys
              08:59:49.0906 3664  AR5416 - ok
              08:59:49.0968 3664  [ 5AF581BB431FB7A952216AD01795EF4E ] AR5523          C:\WINDOWS\system32\DRIVERS\ar5523.sys
              08:59:49.0984 3664  AR5523 - ok
              08:59:50.0015 3664  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
              08:59:50.0015 3664  Arp1394 - ok
              08:59:50.0015 3664  asc - ok
              08:59:50.0015 3664  asc3350p - ok
              08:59:50.0015 3664  asc3550 - ok
              08:59:50.0093 3664  [ 688D7319F0BDB489DECC72E5CDCF42E0 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
              08:59:50.0109 3664  aspnet_state - ok
              08:59:50.0125 3664  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
              08:59:50.0125 3664  AsyncMac - ok
              08:59:50.0171 3664  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
              08:59:50.0171 3664  atapi - ok
              08:59:50.0171 3664  Atdisk - ok
              08:59:50.0218 3664  [ BBA22521D24625C7A7B8D57FB20A812E ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
              08:59:50.0218 3664  Ati HotKey Poller - ok
              08:59:50.0312 3664  [ 07AC9A98EA70B5A6655A5797174BD282 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
              08:59:50.0406 3664  ati2mtag - ok
              08:59:50.0421 3664  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
              08:59:50.0421 3664  Atmarpc - ok
              08:59:50.0453 3664  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
              08:59:50.0453 3664  AudioSrv - ok
              08:59:50.0468 3664  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
              08:59:50.0468 3664  audstub - ok
              08:59:50.0468 3664  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
              08:59:50.0468 3664  Beep - ok
              08:59:50.0500 3664  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
              08:59:50.0640 3664  BITS - ok
              08:59:50.0703 3664  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
              08:59:50.0734 3664  Browser - ok
              08:59:50.0734 3664  catchme - ok
              08:59:50.0765 3664  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
              08:59:50.0765 3664  cbidf2k - ok
              08:59:50.0765 3664  cd20xrnt - ok
              08:59:50.0781 3664  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
              08:59:50.0781 3664  Cdaudio - ok
              08:59:50.0796 3664  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
              08:59:50.0796 3664  Cdfs - ok
              08:59:50.0812 3664  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
              08:59:50.0812 3664  Cdrom - ok
              08:59:50.0812 3664  Changer - ok
              08:59:50.0843 3664  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
              08:59:50.0843 3664  CiSvc - ok
              08:59:50.0875 3664  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
              08:59:50.0875 3664  ClipSrv - ok
              08:59:50.0890 3664  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
              08:59:50.0953 3664  clr_optimization_v2.0.50727_32 - ok
              08:59:51.0015 3664  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
              08:59:51.0015 3664  clr_optimization_v4.0.30319_32 - ok
              08:59:51.0015 3664  CmdIde - ok
              08:59:51.0015 3664  COMSysApp - ok
              08:59:51.0031 3664  Cpqarray - ok
              08:59:51.0046 3664  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
              08:59:51.0046 3664  CryptSvc - ok
              08:59:51.0078 3664  [ 71007BD2E1E26927FE3E4EB00C0BEEDF ] ctljystk        C:\WINDOWS\system32\DRIVERS\ctljystk.sys
              08:59:51.0078 3664  ctljystk - ok
              08:59:51.0078 3664  dac2w2k - ok
              08:59:51.0078 3664  dac960nt - ok
              08:59:51.0140 3664  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
              08:59:51.0140 3664  DcomLaunch - ok
              08:59:51.0156 3664  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
              08:59:51.0156 3664  Dhcp - ok
              08:59:51.0187 3664  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
              08:59:51.0203 3664  Disk - ok
              08:59:51.0203 3664  dmadmin - ok
              08:59:51.0265 3664  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
              08:59:51.0312 3664  dmboot - ok
              08:59:51.0328 3664  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
              08:59:51.0328 3664  dmio - ok
              08:59:51.0375 3664  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
              08:59:51.0375 3664  dmload - ok
              08:59:51.0390 3664  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
              08:59:51.0390 3664  dmserver - ok
              08:59:51.0437 3664  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
              08:59:51.0437 3664  DMusic - ok
              08:59:51.0468 3664  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
              08:59:51.0468 3664  Dnscache - ok
              08:59:51.0500 3664  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
              08:59:51.0515 3664  Dot3svc - ok
              08:59:51.0515 3664  dpti2o - ok
              08:59:51.0531 3664  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
              08:59:51.0531 3664  drmkaud - ok
              08:59:51.0578 3664  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
              08:59:51.0578 3664  EapHost - ok
              08:59:51.0625 3664  [ 88B5B982D702CD81874731CECF6BA4DB ] EIO_XP          C:\WINDOWS\system32\drivers\EIO_XP.sys
              08:59:51.0625 3664  EIO_XP - ok
              08:59:51.0687 3664  [ 01F83E1B5DCE05F5CB7D99113CA9E890 ] emu10k          C:\WINDOWS\system32\drivers\emu10k1m.sys
              08:59:51.0703 3664  emu10k - ok
              08:59:51.0718 3664  [ 7FFA171CCE6A8BFC774862A578BA39A2 ] emu10k1         C:\WINDOWS\system32\drivers\ctlfacem.sys
              08:59:51.0718 3664  emu10k1 - ok
              08:59:51.0765 3664  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
              08:59:51.0765 3664  ERSvc - ok
              08:59:51.0796 3664  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
              08:59:51.0812 3664  Eventlog - ok
              08:59:51.0875 3664  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\System32\es.dll
              08:59:51.0906 3664  EventSystem - ok
              08:59:51.0921 3664  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
              08:59:51.0921 3664  Fastfat - ok
              08:59:51.0953 3664  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
              08:59:51.0953 3664  FastUserSwitchingCompatibility - ok
              08:59:51.0984 3664  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
              08:59:51.0984 3664  Fdc - ok
              08:59:52.0000 3664  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
              08:59:52.0000 3664  Fips - ok
              08:59:52.0000 3664  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
              08:59:52.0000 3664  Flpydisk - ok
              08:59:52.0015 3664  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
              08:59:52.0031 3664  FltMgr - ok
              08:59:52.0109 3664  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
              08:59:52.0109 3664  FontCache3.0.0.0 - ok
              08:59:52.0109 3664  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
              08:59:52.0109 3664  Fs_Rec - ok
              08:59:52.0125 3664  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
              08:59:52.0125 3664  Ftdisk - ok
              08:59:52.0187 3664  [ 3A3929B7A0EEEF83DF3A6C81E43A1FA9 ] fwdrv           C:\WINDOWS\system32\drivers\fwdrv.sys
              08:59:52.0187 3664  fwdrv - ok
              08:59:52.0218 3664  [ 065639773D8B03F33577F6CDAEA21063 ] gameenum        C:\WINDOWS\system32\DRIVERS\gameenum.sys
              08:59:52.0218 3664  gameenum - ok
              08:59:52.0250 3664  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
              08:59:52.0265 3664  Gpc - ok
              08:59:52.0296 3664  [ 833051C6C6C42117191935F734CFBD97 ] hamachi         C:\WINDOWS\system32\DRIVERS\hamachi.sys
              08:59:52.0296 3664  hamachi - ok
              08:59:52.0312 3664  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
              08:59:52.0312 3664  HDAudBus - ok
              08:59:52.0359 3664  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
              08:59:52.0359 3664  helpsvc - ok
              08:59:52.0375 3664  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
              08:59:52.0390 3664  HidServ - ok
              08:59:52.0406 3664  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
              08:59:52.0406 3664  hidusb - ok
              08:59:52.0437 3664  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
              08:59:52.0437 3664  hkmsvc - ok
              08:59:52.0437 3664  hpn - ok
              08:59:52.0468 3664  [ 5FABA4775D4C61E55EC669D643FFC71F ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
              08:59:52.0468 3664  HPZid412 - ok
              08:59:52.0515 3664  [ A3C43980EE1F1BEAC778B44EA65DBDD4 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
              08:59:52.0515 3664  HPZipr12 - ok
              08:59:52.0531 3664  [ 2906949BD4E206F2BB0DD1896CE9F66F ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
              08:59:52.0531 3664  HPZius12 - ok
              08:59:52.0593 3664  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
              08:59:52.0593 3664  HTTP - ok
              08:59:52.0625 3664  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
              08:59:52.0625 3664  HTTPFilter - ok
              08:59:52.0625 3664  i2omgmt - ok
              08:59:52.0625 3664  i2omp - ok
              08:59:52.0687 3664  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
              08:59:52.0687 3664  i8042prt - ok
              08:59:52.0796 3664  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
              08:59:52.0796 3664  IDriverT - ok
              08:59:52.0859 3664  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
              08:59:52.0906 3664  idsvc - ok
              08:59:52.0906 3664  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
              08:59:52.0906 3664  Imapi - ok
              08:59:52.0953 3664  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
              08:59:52.0953 3664  ImapiService - ok
              08:59:52.0953 3664  ini910u - ok
              08:59:53.0156 3664  [ A30685283F90AE02F1CD50972C6065E3 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
              08:59:53.0390 3664  IntcAzAudAddService - ok
              08:59:53.0406 3664  IntelIde - ok
              08:59:53.0437 3664  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
              08:59:53.0437 3664  intelppm - ok
              08:59:53.0468 3664  [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
              08:59:53.0468 3664  ip6fw - ok
              08:59:53.0515 3664  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
              08:59:53.0515 3664  IpFilterDriver - ok
              08:59:53.0515 3664  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
              08:59:53.0515 3664  IpInIp - ok
              08:59:53.0546 3664  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
              08:59:53.0546 3664  IpNat - ok
              08:59:53.0562 3664  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
              08:59:53.0562 3664  IPSec - ok
              08:59:53.0562 3664  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
              08:59:53.0562 3664  IRENUM - ok
              08:59:53.0609 3664  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
              08:59:53.0609 3664  isapnp - ok
              08:59:53.0609 3664  [ E62B53385BB6EAAC67ABDB83D9DABE2A ] iteatapi        C:\WINDOWS\system32\DRIVERS\iteatapi.sys
              08:59:53.0625 3664  iteatapi - ok
              08:59:53.0718 3664  [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
              08:59:53.0718 3664  JavaQuickStarterService - ok
              08:59:53.0750 3664  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
              08:59:53.0750 3664  Kbdclass - ok
              08:59:53.0765 3664  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
              08:59:53.0765 3664  kbdhid - ok
              08:59:53.0765 3664  [ D44C0F4FC254344BAD74581632339963 ] khips           C:\WINDOWS\system32\drivers\khips.sys
              08:59:53.0765 3664  khips - ok
              08:59:53.0796 3664  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
              08:59:53.0796 3664  kmixer - ok
              08:59:53.0812 3664  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
              08:59:53.0812 3664  KSecDD - ok
              08:59:53.0828 3664  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
              08:59:53.0843 3664  lanmanserver - ok
              08:59:53.0875 3664  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
              08:59:53.0890 3664  lanmanworkstation - ok
              08:59:53.0890 3664  lbrtfdc - ok
              08:59:53.0921 3664  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
              08:59:53.0921 3664  LmHosts - ok
              08:59:53.0953 3664  [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
              08:59:53.0953 3664  MBAMProtector - ok
              08:59:54.0000 3664  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
              08:59:54.0015 3664  MBAMScheduler - ok
              08:59:54.0046 3664  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
              08:59:54.0046 3664  MBAMService - ok
              08:59:54.0078 3664  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
              08:59:54.0078 3664  Messenger - ok
              08:59:54.0109 3664  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
              08:59:54.0109 3664  mnmdd - ok
              08:59:54.0140 3664  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
              08:59:54.0140 3664  mnmsrvc - ok
              08:59:54.0171 3664  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
              08:59:54.0171 3664  Modem - ok
              08:59:54.0187 3664  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
              08:59:54.0187 3664  Mouclass - ok
              08:59:54.0187 3664  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
              08:59:54.0187 3664  mouhid - ok
              08:59:54.0218 3664  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
              08:59:54.0218 3664  MountMgr - ok
              08:59:54.0312 3664  [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
              08:59:54.0312 3664  MozillaMaintenance - ok
              08:59:54.0312 3664  mraid35x - ok
              08:59:54.0328 3664  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
              08:59:54.0328 3664  MRxDAV - ok
              08:59:54.0375 3664  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
              08:59:54.0390 3664  MRxSmb - ok
              08:59:54.0453 3664  [ 8E46A7BAC823DD82D4FB2A34C3DF4C1D ] MSCSPTISRV      C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
              08:59:54.0453 3664  MSCSPTISRV - ok
              08:59:54.0484 3664  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
              08:59:54.0484 3664  MSDTC - ok
              08:59:54.0500 3664  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
              08:59:54.0500 3664  Msfs - ok
              08:59:54.0500 3664  MSIServer - ok
              08:59:54.0531 3664  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
              08:59:54.0531 3664  MSKSSRV - ok
              08:59:54.0546 3664  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
              08:59:54.0546 3664  MSPCLOCK - ok
              08:59:54.0546 3664  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
              08:59:54.0546 3664  MSPQM - ok
              08:59:54.0562 3664  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
              08:59:54.0562 3664  mssmbios - ok
              08:59:54.0593 3664  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
              08:59:54.0593 3664  Mup - ok
              08:59:54.0671 3664  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
              08:59:54.0687 3664  napagent - ok
              08:59:54.0687 3664  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
              08:59:54.0703 3664  NDIS - ok
              08:59:54.0718 3664  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
              08:59:54.0718 3664  NdisTapi - ok
              08:59:54.0750 3664  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
              08:59:54.0750 3664  Ndisuio - ok
              08:59:54.0750 3664  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
              08:59:54.0750 3664  NdisWan - ok
              08:59:54.0796 3664  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
              08:59:54.0796 3664  NDProxy - ok
              08:59:54.0796 3664  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
              08:59:54.0796 3664  NetBIOS - ok
              08:59:54.0843 3664  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
              08:59:54.0843 3664  NetBT - ok
              08:59:54.0875 3664  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
              08:59:54.0890 3664  NetDDE - ok
              08:59:54.0890 3664  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
              08:59:54.0890 3664  NetDDEdsdm - ok
              08:59:54.0921 3664  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
              08:59:54.0921 3664  Netlogon - ok
              08:59:54.0953 3664  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
              08:59:54.0953 3664  Netman - ok
              08:59:55.0000 3664  [ F1B8B6ACEB55C84508174715AF37BD9B ] NETMDSHA        C:\WINDOWS\system32\Drivers\MDSHA031.sys
              08:59:55.0000 3664  NETMDSHA - ok
              08:59:55.0031 3664  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
              08:59:55.0046 3664  NetTcpPortSharing - ok
              08:59:55.0062 3664  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
              08:59:55.0062 3664  NIC1394 - ok
              08:59:55.0093 3664  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
              08:59:55.0109 3664  Nla - ok
              08:59:55.0109 3664  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
              08:59:55.0109 3664  Npfs - ok
              08:59:55.0156 3664  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
              08:59:55.0187 3664  Ntfs - ok
              08:59:55.0187 3664  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
              08:59:55.0187 3664  NtLmSsp - ok
              08:59:55.0234 3664  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
              08:59:55.0265 3664  NtmsSvc - ok
              08:59:55.0281 3664  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
              08:59:55.0281 3664  Null - ok
              08:59:55.0968 3664  [ 0DC79B60CEDC3A8854C27B3C6E4B3414 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
              08:59:56.0515 3664  nv - ok
              08:59:56.0562 3664  [ 46DEED4C6C5FA765F9A2C723BE60348D ] nvatabus        C:\WINDOWS\system32\DRIVERS\nvatabus.sys
              08:59:56.0578 3664  nvatabus - ok
              08:59:56.0609 3664  [ 47B3852808DD579A463FCE7085B77413 ] nvax            C:\WINDOWS\system32\drivers\nvax.sys
              08:59:56.0609 3664  nvax - ok
              08:59:56.0687 3664  [ 7D275ECDA4628318912F6C945D5CF963 ] NVENETFD        C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
              08:59:56.0687 3664  NVENETFD - ok
              08:59:56.0718 3664  [ B64AACEFAD2BE5BFF5353FE681253C67 ] nvnetbus        C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
              08:59:56.0718 3664  nvnetbus - ok
              08:59:56.0750 3664  [ ADBCBA116496229A163193BBE0BB28CE ] nvnforce        C:\WINDOWS\system32\drivers\nvapu.sys
              08:59:56.0765 3664  nvnforce - ok
              08:59:56.0796 3664  [ 0573C75A2895D973EA6EF2495620BA49 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
              08:59:56.0796 3664  NVSvc - ok
              08:59:56.0953 3664  [ 9C84945FEEE40EA42D3BCA5C22250D47 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
              08:59:56.0968 3664  nvUpdatusService - ok
              08:59:57.0000 3664  [ 3194E2F6C9000C39DCF9D0580754F714 ] nv_agp          C:\WINDOWS\system32\DRIVERS\nv_agp.sys
              08:59:57.0000 3664  nv_agp - ok
              08:59:57.0031 3664  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
              08:59:57.0031 3664  NwlnkFlt - ok
              08:59:57.0046 3664  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
              08:59:57.0046 3664  NwlnkFwd - ok
              08:59:57.0156 3664  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
              08:59:57.0171 3664  odserv - ok
              08:59:57.0203 3664  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
              08:59:57.0203 3664  ohci1394 - ok
              08:59:57.0234 3664  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
              08:59:57.0250 3664  ose - ok
              08:59:57.0281 3664  [ 753A8F339F231D2B857E2CCD51A6E6CA ] PACSPTISVR      C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
              08:59:57.0296 3664  PACSPTISVR - ok
              08:59:57.0312 3664  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
              08:59:57.0312 3664  Parport - ok
              08:59:57.0328 3664  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
              08:59:57.0328 3664  PartMgr - ok
              08:59:57.0343 3664  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
              08:59:57.0343 3664  ParVdm - ok
              08:59:57.0359 3664  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
              08:59:57.0359 3664  PCI - ok
              08:59:57.0375 3664  PCIDump - ok
              08:59:57.0375 3664  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
              08:59:57.0375 3664  PCIIde - ok
              08:59:57.0390 3664  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
              08:59:57.0406 3664  Pcmcia - ok
              08:59:57.0406 3664  PDCOMP - ok
              08:59:57.0406 3664  PDFRAME - ok
              08:59:57.0406 3664  PDRELI - ok
              08:59:57.0406 3664  PDRFRAME - ok
              08:59:57.0406 3664  perc2 - ok
              08:59:57.0406 3664  perc2hib - ok
              08:59:57.0437 3664  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
              08:59:57.0437 3664  PlugPlay - ok
              08:59:57.0468 3664  [ 901C43516504CBE582E4C4193E00876A ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
              08:59:57.0468 3664  Pml Driver HPZ12 - ok
              08:59:57.0468 3664  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
              08:59:57.0484 3664  PolicyAgent - ok
              08:59:57.0515 3664  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
              08:59:57.0515 3664  PptpMiniport - ok
              08:59:57.0515 3664  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
              08:59:57.0515 3664  Processor - ok
              08:59:57.0515 3664  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
              08:59:57.0515 3664  ProtectedStorage - ok
              08:59:57.0531 3664  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
              08:59:57.0531 3664  PSched - ok
              08:59:57.0562 3664  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
              08:59:57.0562 3664  Ptilink - ok
              08:59:57.0593 3664  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
              08:59:57.0593 3664  PxHelp20 - ok
              08:59:57.0593 3664  ql1080 - ok
              08:59:57.0593 3664  Ql10wnt - ok
              08:59:57.0593 3664  ql12160 - ok
              08:59:57.0593 3664  ql1240 - ok
              08:59:57.0593 3664  ql1280 - ok
              08:59:57.0609 3664  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
              08:59:57.0609 3664  RasAcd - ok
              08:59:57.0640 3664  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
              08:59:57.0687 3664  RasAuto - ok
              08:59:57.0703 3664  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
              08:59:57.0703 3664  Rasl2tp - ok
              08:59:57.0734 3664  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
              08:59:57.0734 3664  RasMan - ok
              08:59:57.0750 3664  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
              08:59:57.0750 3664  RasPppoe - ok
              08:59:57.0750 3664  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
              08:59:57.0750 3664  Raspti - ok
              08:59:57.0765 3664  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
              08:59:57.0765 3664  Rdbss - ok
              08:59:57.0781 3664  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
              08:59:57.0781 3664  RDPCDD - ok
              08:59:57.0796 3664  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
              08:59:57.0796 3664  RDPWD - ok
              08:59:57.0843 3664  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
              08:59:57.0843 3664  RDSessMgr - ok
              08:59:57.0875 3664  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
              08:59:57.0875 3664  redbook - ok
              08:59:57.0906 3664  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
              08:59:57.0906 3664  RemoteAccess - ok
              08:59:57.0921 3664  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\System32\locator.exe
              08:59:57.0921 3664  RpcLocator - ok
              08:59:57.0953 3664  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
              08:59:57.0953 3664  RpcSs - ok
              08:59:58.0000 3664  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\System32\rsvp.exe
              08:59:58.0000 3664  RSVP - ok
              08:59:58.0015 3664  [ D507C1400284176573224903819FFDA3 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
              08:59:58.0031 3664  rtl8139 - ok
              08:59:58.0031 3664  RTL8187B - ok
              08:59:58.0093 3664  [ BA11D5F61A74E156BF6F33DDDD1AD1CE ] RTL8192su       C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
              08:59:58.0093 3664  RTL8192su - ok
              08:59:58.0109 3664  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
              08:59:58.0109 3664  SamSs - ok
              08:59:58.0140 3664  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
              08:59:58.0140 3664  SASDIFSV - ok
              08:59:58.0140 3664  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
              08:59:58.0140 3664  SASKUTIL - ok
              08:59:58.0156 3664  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
              08:59:58.0171 3664  SCardSvr - ok
              08:59:58.0203 3664  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
              08:59:58.0203 3664  Schedule - ok
              08:59:58.0234 3664  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
              08:59:58.0234 3664  Secdrv - ok
              08:59:58.0265 3664  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
              08:59:58.0265 3664  seclogon - ok
              08:59:58.0296 3664  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
              08:59:58.0296 3664  SENS - ok
              08:59:58.0328 3664  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
              08:59:58.0343 3664  serenum - ok
              08:59:58.0359 3664  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
              08:59:58.0359 3664  Serial - ok
              08:59:58.0375 3664  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
              08:59:58.0375 3664  Sfloppy - ok
              08:59:58.0406 3664  [ 0B1A5E9CACB5CDD54A2815107BD7C772 ] sfman           C:\WINDOWS\system32\drivers\sfmanm.sys
              08:59:58.0406 3664  sfman - ok
              08:59:58.0468 3664  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
              08:59:58.0484 3664  SharedAccess - ok
              08:59:58.0500 3664  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
              08:59:58.0500 3664  ShellHWDetection - ok
              08:59:58.0546 3664  [ 0B9B5C6DF6226497EF4819B6E1B2EFD5 ] SI3132          C:\WINDOWS\system32\DRIVERS\SI3132.sys
              08:59:58.0546 3664  SI3132 - ok
              08:59:58.0578 3664  [ 227E56633D6423E1F7D869618AC8404F ] Si3132r5        C:\WINDOWS\system32\DRIVERS\Si3132r5.sys
              08:59:58.0593 3664  Si3132r5 - ok
              08:59:58.0609 3664  [ DBDEE2A96F2F616726817373516CB0BD ] SiFilter        C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
              08:59:58.0609 3664  SiFilter - ok
              08:59:58.0609 3664  Simbad - ok
              08:59:58.0609 3664  [ 3E6B438E5CB674A1382B2955AA98F637 ] SiRemFil        C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
              08:59:58.0609 3664  SiRemFil - ok
              08:59:58.0671 3664  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
              08:59:58.0671 3664  SkypeUpdate - ok
              08:59:58.0703 3664  [ A5C6FEC0A50D81715A2DF0E119D635CE ] SMC1211         C:\WINDOWS\system32\DRIVERS\SMC1211.SYS
              08:59:58.0703 3664  SMC1211 - ok
              08:59:58.0734 3664  [ 977AAA4398D7D6FA65D973F5B3F54E40 ] SonicStage Back-End Service C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
              08:59:58.0734 3664  SonicStage Back-End Service - ok
              08:59:58.0734 3664  Sparrow - ok
              08:59:58.0812 3664  [ 7234E4B852F8FA0C48FF0E4FD7394490 ] SPF4            C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
              08:59:58.0828 3664  SPF4 - ok
              08:59:58.0859 3664  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
              08:59:58.0859 3664  splitter - ok
              08:59:58.0890 3664  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
              08:59:58.0890 3664  Spooler - ok
              08:59:58.0937 3664  [ 71E276F6D189413266EA22171806597B ] sptd            C:\WINDOWS\system32\Drivers\sptd.sys
              08:59:58.0937 3664  Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71E276F6D189413266EA22171806597B
              08:59:58.0937 3664  sptd ( LockedFile.Multi.Generic ) - warning
              08:59:58.0937 3664  sptd - detected LockedFile.Multi.Generic (1)
              08:59:58.0968 3664  [ E3E6C96B0EF4492C3C8FD0DEEF4E35A1 ] SPTISRV         C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
              08:59:58.0984 3664  SPTISRV - ok
              08:59:59.0000 3664  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
              08:59:59.0000 3664  sr - ok
              08:59:59.0031 3664  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
              08:59:59.0031 3664  srservice - ok
              08:59:59.0093 3664  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
              08:59:59.0093 3664  Srv - ok
              08:59:59.0109 3664  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
              08:59:59.0109 3664  SSDPSRV - ok
              08:59:59.0140 3664  [ 756E371B3B86A3D3039926D32EAC0E8D ] SSScsiSV        C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
              08:59:59.0140 3664  SSScsiSV - ok
              08:59:59.0156 3664  Steam Client Service - ok
              08:59:59.0187 3664  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
              08:59:59.0218 3664  stisvc - ok
              08:59:59.0234 3664  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
              08:59:59.0234 3664  swenum - ok
              08:59:59.0234 3664  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
              08:59:59.0250 3664  swmidi - ok
              08:59:59.0250 3664  SwPrv - ok
              08:59:59.0250 3664  symc810 - ok
              08:59:59.0250 3664  symc8xx - ok
              08:59:59.0250 3664  sym_hi - ok
              08:59:59.0250 3664  sym_u3 - ok
              08:59:59.0281 3664  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
              08:59:59.0296 3664  sysaudio - ok
              08:59:59.0312 3664  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
              08:59:59.0312 3664  SysmonLog - ok
              08:59:59.0343 3664  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
              08:59:59.0343 3664  TapiSrv - ok
              08:59:59.0390 3664  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
              08:59:59.0406 3664  Tcpip - ok
              08:59:59.0421 3664  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
              08:59:59.0421 3664  TDPIPE - ok
              08:59:59.0437 3664  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
              08:59:59.0437 3664  TDTCP - ok
              08:59:59.0453 3664  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
              08:59:59.0453 3664  TermDD - ok
              08:59:59.0484 3664  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
              08:59:59.0500 3664  TermService - ok
              08:59:59.0515 3664  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
              08:59:59.0515 3664  Themes - ok
              08:59:59.0515 3664  TosIde - ok
              08:59:59.0562 3664  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
              08:59:59.0562 3664  TrkWks - ok
              08:59:59.0593 3664  [ 2AA8F32C3DA1E7BC11669E3E72BFF1A5 ] TrueSight       C:\WINDOWS\system32\drivers\TrueSight.sys
              08:59:59.0593 3664  TrueSight - ok
              08:59:59.0609 3664  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
              08:59:59.0609 3664  Udfs - ok
              08:59:59.0609 3664  ultra - ok
              08:59:59.0703 3664  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
              08:59:59.0718 3664  Update - ok
              08:59:59.0750 3664  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
              08:59:59.0750 3664  upnphost - ok
              08:59:59.0765 3664  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
              08:59:59.0765 3664  UPS - ok
              08:59:59.0796 3664  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
              08:59:59.0796 3664  usbaudio - ok
              08:59:59.0828 3664  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
              08:59:59.0828 3664  usbccgp - ok
              08:59:59.0859 3664  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
              08:59:59.0859 3664  usbehci - ok
              08:59:59.0859 3664  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
              08:59:59.0859 3664  usbhub - ok
              08:59:59.0875 3664  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
              08:59:59.0875 3664  usbohci - ok
              08:59:59.0906 3664  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
              08:59:59.0906 3664  usbprint - ok
              08:59:59.0937 3664  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
              08:59:59.0968 3664  usbscan - ok
              09:00:00.0000 3664  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
              09:00:00.0000 3664  USBSTOR - ok
              09:00:00.0031 3664  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
              09:00:00.0031 3664  usbuhci - ok
              09:00:00.0046 3664  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
              09:00:00.0046 3664  VgaSave - ok
              09:00:00.0046 3664  ViaIde - ok
              09:00:00.0062 3664  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
              09:00:00.0062 3664  VolSnap - ok
              09:00:00.0093 3664  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
              09:00:00.0125 3664  VSS - ok
              09:00:00.0156 3664  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
              09:00:00.0156 3664  W32Time - ok
              09:00:00.0171 3664  [ D4FBEE66EF861279D09C33CB1F7BB24E ] waclient        C:\WINDOWS\system32\drivers\waclient.sys
              09:00:00.0187 3664  waclient - ok
              09:00:00.0187 3664  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
              09:00:00.0187 3664  Wanarp - ok
              09:00:00.0187 3664  WDICA - ok
              09:00:00.0218 3664  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
              09:00:00.0218 3664  wdmaud - ok
              09:00:00.0250 3664  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
              09:00:00.0250 3664  WebClient - ok
              09:00:00.0328 3664  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
              09:00:00.0328 3664  winmgmt - ok
              09:00:00.0375 3664  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
              09:00:00.0375 3664  WmdmPmSN - ok
              09:00:00.0406 3664  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
              09:00:00.0406 3664  WmiApSrv - ok
              09:00:00.0515 3664  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
              09:00:00.0546 3664  WMPNetworkSvc - ok
              09:00:00.0750 3664  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
              09:00:00.0765 3664  WPFFontCache_v0400 - ok
              09:00:00.0796 3664  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
              09:00:00.0796 3664  WS2IFSL - ok
              09:00:00.0828 3664  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
              09:00:00.0828 3664  wscsvc - ok
              09:00:00.0828 3664  WSearch - ok
              09:00:00.0875 3664  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
              09:00:00.0906 3664  wuauserv - ok
              09:00:00.0968 3664  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
              09:00:00.0968 3664  WudfPf - ok
              09:00:01.0000 3664  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
              09:00:01.0015 3664  WudfRd - ok
              09:00:01.0015 3664  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
              09:00:01.0031 3664  WudfSvc - ok
              09:00:01.0078 3664  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
              09:00:01.0078 3664  WZCSVC - ok
              09:00:01.0109 3664  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
              09:00:01.0265 3664  xmlprov - ok
              09:00:01.0328 3664  [ 4322C32CED8C4772E039616DCBF01D3F ] yukonwxp        C:\WINDOWS\system32\DRIVERS\yk51x86.sys
              09:00:01.0343 3664  yukonwxp - ok
              09:00:01.0359 3664  ================ Scan global ===============================
              09:00:01.0406 3664  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
              09:00:01.0421 3664  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
              09:00:01.0437 3664  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
              09:00:01.0437 3664  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
              09:00:01.0437 3664  [Global] - ok
              09:00:01.0437 3664  ================ Scan MBR ==================================
              09:00:01.0453 3664  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
              09:00:01.0578 3664  \Device\Harddisk0\DR0 - ok
              09:00:01.0578 3664  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
              09:00:01.0734 3664  \Device\Harddisk1\DR1 - ok
              09:00:01.0734 3664  ================ Scan VBR ==================================
              09:00:01.0734 3664  [ E6F61F3E552E17EEC63705698487AE13 ] \Device\Harddisk0\DR0\Partition1
              09:00:01.0734 3664  \Device\Harddisk0\DR0\Partition1 - ok
              09:00:01.0734 3664  [ EC2ADD1E40154A9C1B48583CF830971A ] \Device\Harddisk1\DR1\Partition1
              09:00:01.0734 3664  \Device\Harddisk1\DR1\Partition1 - ok
              09:00:01.0734 3664  ============================================================
              09:00:01.0734 3664  Scan finished
              09:00:01.0734 3664  ============================================================
              09:00:01.0734 1952  Detected object count: 1
              09:00:01.0734 1952  Actual detected object count: 1
              09:00:34.0796 1952  sptd ( LockedFile.Multi.Generic ) - skipped by user
              09:00:34.0796 1952  sptd ( LockedFile.Multi.Generic ) - User select action: Skip

              SuperDave

              • Malware Removal Specialist
              • Moderator


              • Sage
              • Thanked: 855
              • Certifications: List
              • Experience: Expert
              • OS: Windows 8
              Re: Bad Image - Application or DLL is not a valid windows Image
              « Reply #9 on: December 04, 2012, 12:37:11 PM »
              Quote
              The rootkitunhooker-link didn't work.
              Sorry, I haven't used that program in such a long while.
              Quote
              Did you want me to do something about the problems found by Roguekiller?
              Yes, please.
              Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

              EV

                Topic Starter


                Rookie

                • Experience: Experienced
                • OS: Windows XP
                Re: Bad Image - Application or DLL is not a valid windows Image
                « Reply #10 on: December 06, 2012, 02:05:04 PM »
                Should I look for it myself or are you posting a new link or should I skip that step for now?

                SuperDave

                • Malware Removal Specialist
                • Moderator


                • Sage
                • Thanked: 855
                • Certifications: List
                • Experience: Expert
                • OS: Windows 8
                Re: Bad Image - Application or DLL is not a valid windows Image
                « Reply #11 on: December 06, 2012, 03:59:39 PM »
                Should I look for it myself or are you posting a new link or should I skip that step for now?
                Please run RogueKiller again and fix the problems.
                Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

                EV

                  Topic Starter


                  Rookie

                  • Experience: Experienced
                  • OS: Windows XP
                  Re: Bad Image - Application or DLL is not a valid windows Image
                  « Reply #12 on: December 07, 2012, 10:09:46 AM »
                  Ah, I was referring to RootkitUnhooker. I fixed the roguekiller problems (registry tab) with the delete button.

                  SuperDave

                  • Malware Removal Specialist
                  • Moderator


                  • Sage
                  • Thanked: 855
                  • Certifications: List
                  • Experience: Expert
                  • OS: Windows 8
                  Re: Bad Image - Application or DLL is not a valid windows Image
                  « Reply #13 on: December 07, 2012, 12:55:03 PM »
                  Good. How's your computer running now?

                  I'd like to scan your machine with ESET OnlineScan

                  •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
                  ESET OnlineScan
                  •Click the button.
                  •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
                  • Click on to download the ESET Smart Installer. Save it to your desktop.
                  • Double click on the icon on your desktop.
                  •Check
                  •Click the button.
                  •Accept any security warnings from your browser.
                  •Check
                  •Push the Start button.
                  •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
                  •When the scan completes, push
                  •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
                  •Push the button.
                  •Push
                  A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
                  Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

                  EV

                    Topic Starter


                    Rookie

                    • Experience: Experienced
                    • OS: Windows XP
                    Re: Bad Image - Application or DLL is not a valid windows Image
                    « Reply #14 on: December 07, 2012, 04:40:04 PM »
                    Here's the log. And should I update my java as you instructed earlier? I'm uncertain since I didn't do the rootkitunhooker-step.

                    D:\Documents and Settings\steffe\Application Data\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-360df493   multiple threats   deleted - quarantined
                    D:\Documents and Settings\steffe\Application Data\Sun\Java\Deployment\cache\6.0\20\7bb99554-44cbcb84   probably a variant of Win32/Agent.DYXWUMY trojan   deleted - quarantined
                    D:\Documents and Settings\steffe\Application Data\Sun\Java\Deployment\cache\6.0\29\7adbb65d-79c8342d   multiple threats   deleted - quarantined
                    D:\Documents and Settings\steffe\Application Data\Sun\Java\Deployment\cache\6.0\33\30feb821-3fcd2aea   multiple threats   deleted - quarantined
                    D:\Documents and Settings\steffe\Application Data\Sun\Java\Deployment\cache\6.0\43\556445eb-45e011af   probably a variant of Win32/Agent.DYXWUMY trojan   deleted - quarantined
                    D:\Documents and Settings\steffe\Application Data\Sun\Java\Deployment\cache\6.0\44\5473416c-7791513b   multiple threats   deleted - quarantined
                    D:\Documents and Settings\steffe\Application Data\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-5ac71513   probably a variant of Win32/Agent.DYXWUMY trojan   deleted - quarantined
                    D:\Documents and Settings\steffe\Application Data\Sun\Java\Deployment\cache\6.0\52\31bba1f4-3dcce526   probably a variant of Win32/Agent.DYXWUMY trojan   deleted - quarantined
                    D:\Documents and Settings\steffe\Application Data\Sun\Java\Deployment\cache\6.0\52\e649f74-6e04bd79   multiple threats   deleted - quarantined
                    D:\Documents and Settings\steffe\Application Data\Sun\Java\Deployment\cache\6.0\58\fa8f07a-6b075a8a   probably a variant of Win32/Agent.DYXWUMY trojan   deleted - quarantined