Jump to content

"XXXX" is not a valid win32 application

thegodfather
 Share

Recommended Posts

thegodfather

thegodfather

Posted
Posted

Hi everyone,

I'm really desperate for help so please help me out if you can, I'd greatly appreciate anything.

I recently downloaded a free to play game called "HunterBlade" and I'd like to install it but when I click on the exe file it tells me the program is "not a valid win32 application."

This game works on other computers, so it is not an issue with the file itself. The file is extremely large and I cannot easily download it again. I've attached a HJT log to this message. Please help me.

log.txt

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hello,

You have to do some preliminary steps.

Step 1

Disable CD-ROM Emulation Software:

Please download the following tool DeFogger to your desktop.

Double click DeFogger to run the tool.

The application window will appear

Click the Disable button to disable your CD Emulation drivers.

Click Yes to continue

A 'Finished!' message will appear

Click OK

DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Step 2

Start Spybot-S&D, switch to the Advanced mode via the menu bar item Mode

then select Advanced Mode

On the left hand side, slect Tools

Then click on the Resident icon in the list

Uncheck Resident TeaTimer and OK any prompts.

Now Logoff & Restart your computer fresh.

You have to keep Tea Timer turned off for the duration of this case, others it will interfere with diagnosis or fixes.

Step 3

Download Dr.Web CureIt to the desktop.

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow drweb.jpg at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Re-Enable your antivirus program when all done.

After it completes, save the log file and make a copy of it into a reply.

Step 4

  • Please download CKScanner from >>Here<<
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe & select Run as administrator to start.
  • then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please Run the program only once.
  • Copy/paste the contents of CKFiles.txt into a reply.

Step 5

Download DDS and save it to your desktop from http://www.techsupportforum.com/sectools/sUBs/dds here

or http://download.bleepingcomputer.com/sUBs/dds.scr or

http://www.forospyware.com/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

Then double click dds.scr to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop.

Please Copy & Paste contents of the following logs in your next reply:

DDS.txt

Attach.txt

Link to post
Share on other sites
thegodfather

thegodfather

Posted
  • Author
Posted

Thank you very much for your help, Maurice. Please see below for the requested logs:

Dr. Web

f_001701;C:\Documents and Settings\Aaron\AppData\Local\Application Data\Google\Chrome\User Data\Default\Cache;Probably SCRIPT.Virus;Moved.; f_001701;C:\Documents and Settings\Aaron\AppData\Local\Google\Chrome\User Data\Default\Cache;Probably SCRIPT.Virus;Invalid path to file ; 7zipap_718.exe;C:\Documents and Settings\Aaron\Downloads;Adware.W3i.4;Invalid path to file ; RegUBP2b-Aaron.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.; screenhooks.dll;C:\Program Files\TightVNC;Program.VNCRemote.1 - read error;Invalid path to file ; f_001701;C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Cache;Probably SCRIPT.Virus;Invalid path to file ;

7zipap_718.exe;C:\Users\Aaron\Downloads;Adware.W3i.9 - read error;Invalid path to file ;

ckfiles

CKScanner - Additional Security Risks - These are not necessarily bad

c:\windows.old\program files\steam\steamapps\tom_k_cdis@yahoo.com\counter-strike source\cstrike\maps\cs_crackhouse.bsp

c:\windows.old\program files\steam\steamapps\tom_k_cdis@yahoo.com\counter-strike source\cstrike\maps\cs_crackhouse.nav

c:\windows.old\program files\steam\steamapps\tom_k_cdis@yahoo.com\counter-strike source\cstrike\maps\soundcache\cs_crackhouse.cache

c:\windows.old\users\sir aaron\videos\divx movies\halo\install crack.exe

c:\windows.old\users\sir aaron\videos\divx movies\halo\crack\halo.exe

scanner sequence 3.EM.11.LPNASM

----- EOF -----

DDS

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30

Run by Aaron at 7:35:33 on 2012-07-25

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3582.2125 [GMT -7:00]

.

AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_24288096a5cd99f6\aestsrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2012\avgfws.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\lxebcoms.exe

C:\Windows\system32\PnkBstrA.exe

C:\Windows\system32\PnkBstrB.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\Steam\Steam.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_24288096a5cd99f6\STacSV.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files\AVG\AVG2012\avgui.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://isearch.avg.com/?cid={DE117B56-FC1F-4AC5-A29A-98B3051CF0EA}&mid=8debea5e07e54b2bbb0ada111ed19818-99a20ebe4eff3aecad3c69dc9238eb2e6222244a〈=en&ds=st011&pr=sa&d=2012-05-27 00:07:45&v=11.1.0.7&sap=hp

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

BHO: Facetheme: {04eb382a-4b48-4de7-a570-b0307b9b13c7} - c:\program files\object\bho_project.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll

uRun: [Google Update] "c:\users\aaron\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [steam] "c:\program files\steam\Steam.exe" -silent

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10l_Plugin.exe -update plugin

mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe

mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE -startup

StartupFolder: c:\users\aaron\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: SoftwareSASGeneration = 1 (0x1)

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{5C505946-F711-4E45-85B4-CB2F43B182DC} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{5C505946-F711-4E45-85B4-CB2F43B182DC}\64F485D284F455E444 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{5C505946-F711-4E45-85B4-CB2F43B182DC}\779627565676 : DhcpNameServer = 68.87.76.182 68.87.78.134 192.168.1.1 68.87.76.182 68.87.78.134

TCP: Interfaces\{5C505946-F711-4E45-85B4-CB2F43B182DC}\8416374796E6763713 : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1

TCP: Interfaces\{5C505946-F711-4E45-85B4-CB2F43B182DC}\A6F63796567343 : DhcpNameServer = 68.87.76.182 68.87.78.134

TCP: Interfaces\{5C505946-F711-4E45-85B4-CB2F43B182DC}\E4544574541425 : DhcpNameServer = 68.87.76.182 68.87.78.134

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\aaron\appdata\roaming\mozilla\firefox\profiles\luvuhmf3.default\

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B6613faa3-7d37-4847-a390-1dca03986aeb%7D&mid=8debea5e07e54b2bbb0ada111ed19818-99a20ebe4eff3aecad3c69dc9238eb2e6222244a&ds=st011&v=11.1.0.12〈=en&pr=sa&d=2012-05-27%2000%3A07%3A45&sap=ku&q=

FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff10.dll

FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll

FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll

FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll

FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll

FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll

FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff9.dll

FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.2.0\npsitesafety.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll

FF - plugin: c:\program files\sony\playstation network downloader\nppsndl.dll

FF - plugin: c:\users\aaron\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\users\aaron\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]

R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-7-12 47968]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_24288096a5cd99f6\AEstSrv.exe [2010-10-4 73728]

R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2011-11-23 2391832]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe -service --> c:\windows\system32\lxebcoms.exe -service [?]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-10-20 1153368]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]

R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-7-14 935008]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-24 136176]

S2 RelevantKnowledge;RelevantKnowledge;c:\program files\relevantknowledge\rlservice.exe /service --> c:\program files\relevantknowledge\rlservice.exe [?]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-24 136176]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-12 129976]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-5 1343400]

.

=============== Created Last 30 ================

.

2012-07-25 01:30:16 -------- d-----w- c:\users\aaron\DoctorWeb

2012-07-23 21:42:29 388096 ----a-r- c:\users\aaron\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2012-07-23 21:42:29 -------- d-----w- c:\program files\Trend Micro

2012-07-23 21:30:11 -------- d-----w- c:\programdata\Malwarebytes

2012-07-23 21:30:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-23 19:46:41 2344448 ----a-w- c:\windows\system32\win32k.sys

2012-07-23 19:35:47 -------- d-sh--w- C:\found.012

2012-07-15 20:47:58 0 ----a-w- C:\HunterBlade0.050426_EN.exe

2012-07-14 17:45:35 987136 ----a-w- c:\program files\common files\system\ado\msado15.dll

2012-07-14 17:38:07 369336 ----a-w- c:\windows\system32\drivers\cng.sys

2012-07-14 17:38:07 219136 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-14 17:38:07 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-07-14 17:38:06 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-14 17:38:06 225280 ----a-w- c:\windows\system32\schannel.dll

2012-07-14 17:37:59 1389568 ----a-w- c:\windows\system32\msxml6.dll

2012-07-14 17:37:58 1236992 ----a-w- c:\windows\system32\msxml3.dll

2012-07-04 19:36:23 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-07-04 19:35:55 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-07-04 19:35:26 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-07-04 19:35:26 171904 ----a-w- c:\windows\system32\wuwebv.dll

.

==================== Find3M ====================

.

2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-05-12 18:47:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-02 04:52:09 163328 ----a-w- c:\windows\system32\profsvc.dll

2012-04-28 03:19:47 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-07-23 17:50:36 1110476 ----a-w- c:\program files\7-Zip.exe

.

============= FINISH: 7:38:36.98 ===============

Attach

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 10/3/2010 1:59:59 AM

System Uptime: 7/25/2012 7:29:06 AM (0 hours ago)

.

Motherboard: Dell Inc. | | 0D501F

Processor: Intel® Core2 Duo CPU T8300 @ 2.40GHz | Microprocessor | 2401/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 220 GiB total, 31.305 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 2.74 GiB free.

E: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP126: 5/27/2012 12:36:01 PM - Removed Google Earth.

RP127: 7/4/2012 12:34:46 PM - Windows Update

RP128: 7/15/2012 4:55:43 PM - Scheduled Checkpoint

RP129: 7/23/2012 12:43:33 PM - Windows Update

RP130: 7/23/2012 2:42:11 PM - Installed HiJackThis

.

==== Installed Programs ======================

.

7-Zip

7-Zip 9.20

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader X

Amazon Kindle

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Auslogics Disk Defrag

AVG 2012

AVG PC Tuneup 2011

AVG Security Toolbar

Bonjour

CCleaner

Day of Defeat: Source

Dell Driver Download Manager

Dell Resource CD

EA Download Manager

Fable - The Lost Chapters

Facetheme

Google Chrome

Google Update Helper

HiJackThis

iTunes

Java Auto Updater

Java 6 Update 30

Laptop Integrated Webcam Driver (1.04.01.1011)

League of Legends

Left 4 Dead 2

Microsoft .NET Framework 4 Client Profile

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Primary Interoperability Assemblies 2005

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ Run Time Lib Setup

MobileMe Control Panel

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

NVIDIA 3D Vision Driver 260.99

NVIDIA Control Panel 260.99

NVIDIA Graphics Driver 260.99

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 260.99

NVIDIA Stereoscopic 3D Driver

OpenOffice.org 3.2

PlayStation®Network Downloader

PlayStation®Store

PowerISO

PunkBuster Services

QuickTime

RESIDENT EVIL 5

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.06

Rosetta Stone Version 3

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

SigmaTel Audio

Skype Toolbars

Skype™ 5.5

Spybot - Search & Destroy

Star Wars: Knights of the Old Republic

Steam

Team Fortress 2

TightVNC 2.0.2

Tom Clancy's Rainbow Six: Vegas 2

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VLC media player 2.0.1

Windows Live ID Sign-in Assistant

Windows Media Player Firefox Plugin

WinSCP 4.0.4

WinZip 15.0

Wise Registry Cleaner 5.8.5

Yahoo! BrowserPlus 2.9.8

Yahoo! Install Manager

.

==== Event Viewer Messages From Past Week ========

.

7/25/2012 7:13:44 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the fdPHost service.

7/24/2012 6:56:50 PM, Error: Service Control Manager [7005] - The ScRegQueryInfoKeyW call failed with the following error: The handle is invalid.

7/24/2012 6:56:48 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The system cannot find the path specified.

7/24/2012 6:55:39 PM, Error: Service Control Manager [7000] - The TightVNC Server service failed to start due to the following error: The system cannot find the path specified.

7/24/2012 6:55:34 PM, Error: Service Control Manager [7031] - The TightVNC Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

7/24/2012 5:53:11 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer NATESLAPPY that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5C505946-F711-4E45-85B4-CB2F43B. The master browser is stopping or an election is being forced.

7/24/2012 5:52:10 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.

7/24/2012 5:42:23 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.

.

==== End Of File ===========================

I tried opening the file and it still tells me it is not a valid win32 application.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member thegodfather only. If you are a casual viewer, do NOT try this on your system!

If you are not and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :!:

Reply & copy/paste the C:\Combofix.txt log and tell me, How is the system now :?

Re-enable your antivirus program.

Link to post
Share on other sites
thegodfather

thegodfather

Posted
  • Author
Posted

I am still receiving the error message. Here is the log:

ComboFix 12-07-26.04 - Aaron 07/25/2012 17:52:20.1.2 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3582.2617 [GMT -7:00]

Running from: c:\users\Aaron\Downloads\ComboFix.exe

AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Object

c:\program files\Object\config.ini

c:\program files\Object\enable.txt

c:\program files\Object\status.txt

c:\program files\Object\status2.txt

c:\program files\RelevantKnowledge

c:\program files\RelevantKnowledge\chrome.manifest

c:\program files\RelevantKnowledge\install.rdf

c:\program files\RelevantKnowledge\MSVCP71.DLL

c:\program files\RelevantKnowledge\MSVCR71.DLL

c:\program files\RelevantKnowledge\ncncf.dat

c:\program files\RelevantKnowledge\nscf.dat

c:\program files\RelevantKnowledge\rloci.bin

c:\program files\RelevantKnowledge\shfscp.dat

c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge

c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk

c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk

c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk

c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk

c:\windows\system32\ReadMe.txt

c:\windows\WindowsUpdate.log

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_RelevantKnowledge

.

.

((((((((((((((((((((((((( Files Created from 2012-06-26 to 2012-07-26 )))))))))))))))))))))))))))))))

.

.

2012-07-26 01:02 . 2012-07-26 01:02 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-26 00:44 . 2012-07-26 00:44 -------- d-----w- c:\program files\ERUNT

2012-07-25 14:52 . 2012-07-25 14:52 -------- d-----w- c:\users\Aaron\AppData\Roaming\Auslogics

2012-07-25 01:30 . 2012-07-25 01:54 -------- d-----w- c:\users\Aaron\DoctorWeb

2012-07-23 21:42 . 2012-07-23 21:42 388096 ----a-r- c:\users\Aaron\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-07-23 21:42 . 2012-07-23 21:42 -------- d-----w- c:\program files\Trend Micro

2012-07-23 21:30 . 2012-07-23 21:30 -------- d-----w- c:\programdata\Malwarebytes

2012-07-23 21:30 . 2012-07-23 21:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-23 19:46 . 2012-06-12 02:44 2344448 ----a-w- c:\windows\system32\win32k.sys

2012-07-23 19:35 . 2012-07-23 19:35 -------- d-----w- C:\found.012

2012-07-15 20:47 . 2012-07-16 02:39 0 ----a-w- C:\HunterBlade0.050426_EN.exe

2012-07-14 17:45 . 2012-06-06 05:09 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-07-14 17:38 . 2012-06-02 04:51 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-07-14 17:38 . 2012-06-02 04:50 369336 ----a-w- c:\windows\system32\drivers\cng.sys

2012-07-14 17:38 . 2012-06-02 04:47 219136 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-14 17:38 . 2012-06-02 04:51 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-14 17:38 . 2012-06-02 04:48 225280 ----a-w- c:\windows\system32\schannel.dll

2012-07-14 17:37 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\system32\msxml6.dll

2012-07-14 17:37 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\system32\msxml3.dll

2012-07-04 19:36 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-07-04 19:36 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-07-04 19:36 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-07-04 19:36 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-07-04 19:35 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-07-04 19:35 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-07-04 19:35 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-07-04 19:35 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-07-04 19:35 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-12 18:47 . 2012-05-12 18:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-02 04:52 . 2012-06-14 01:12 163328 ----a-w- c:\windows\system32\profsvc.dll

2012-04-28 03:19 . 2012-06-14 01:12 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-07-23 17:50 . 2011-07-23 17:50 1110476 ----a-w- c:\program files\7-Zip.exe

2012-04-21 01:19 . 2012-05-12 18:28 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-07-14 17:17 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-14 2074208]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files\Steam\Steam.exe" [2011-08-02 1242448]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-02-16 405504]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-10-16 279144]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-20 421736]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-14 1107552]

.

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"SoftwareSASGeneration"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [x]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [x]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_24288096a5cd99f6\aestsrv.exe [x]

S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [x]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]

S2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe [x]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]

S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [x]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-24 22:55]

.

2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-24 22:55]

.

2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4173790440-4098617474-2764497581-1000Core.job

- c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-04 04:11]

.

2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4173790440-4098617474-2764497581-1000UA.job

- c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-04 04:11]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://isearch.avg.com/?cid={DE117B56-FC1F-4AC5-A29A-98B3051CF0EA}&mid=8debea5e07e54b2bbb0ada111ed19818-99a20ebe4eff3aecad3c69dc9238eb2e6222244a〈=en&ds=st011&pr=sa&d=2012-05-27 00:07&v=11.1.0.7&sap=hp

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.1.254

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll

FF - ProfilePath - c:\users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\luvuhmf3.default\

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B6613faa3-7d37-4847-a390-1dca03986aeb%7D&mid=8debea5e07e54b2bbb0ada111ed19818-99a20ebe4eff3aecad3c69dc9238eb2e6222244a&ds=st011&v=11.1.0.12〈=en&pr=sa&d=2012-05-27%2000%3A07%3A45&sap=ku&q=

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(4144)

c:\program files\WinSCP\DragExt.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\NVIDIA Corporation\Display\NvXDSync.exe

c:\windows\system32\nvvsvc.exe

c:\windows\system32\WUDFHost.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_24288096a5cd99f6\STacSV.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\AVG\AVG2012\avgemcx.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\taskhost.exe

c:\program files\AVG\AVG2012\avgrsx.exe

c:\windows\system32\conhost.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\sppsvc.exe

c:\windows\system32\taskhost.exe

.

**************************************************************************

.

Completion time: 2012-07-25 18:14:31 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-26 01:14

ComboFix2.txt 2008-12-23 16:11

ComboFix3.txt 2008-12-23 05:42

.

Pre-Run: 52,072,128,512 bytes free

Post-Run: 51,965,050,880 bytes free

.

- - End Of File - - D266C90ADA656D7192CB4596B04EA5DE

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

My help is free. Appreciate the thought though. :D

So all is well?

I do need another tool run.

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document for my review.

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Post the MBAM log, too, in your reply.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.