Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

***.exe is not a valid win32 application [Closed]


  • This topic is locked This topic is locked

#1
shodwb

shodwb

    Member

  • Member
  • PipPip
  • 15 posts
The computer that is affected is a laptop of my girlfriends brother, he cant tell me when it started as he is 11 and cant remember, it might have been up to 4 weeks ago.

you cant open any of the applications normally however if you right click on them and click on 'run as' then take of the tick box which says 'protect my computer from unautherized program activity' and then click ok the program will open up fine.

however this doesnt work with things like add remove programs or anything in control panel as they dont have this option.

the computer is running XP

i have been through the removal guide and run everything in there and malware bytes found some stuff but didnt fix the problem,

i have also run a few other antiviruses, avast and bit defender total security. and neither fixed the issue

here are the logs

malware bytes

Malwarebytes' Anti-Malware 1.36
Database version: 2096
Windows 5.1.2600 Service Pack 3

9/05/2009 10:01:07 AM
mbam-log-2009-05-09 (10-01-07).txt

Scan type: Quick Scan
Objects scanned: 83856
Time elapsed: 6 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{04c8a5dd-6081-d104-96f7-f765c20b22f1} (Adware.PromotionsTool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04c8a5dd-6081-d104-96f7-f765c20b22f1} (Adware.PromotionsTool) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PromotionsTool (Adware.PromotionsTool) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PromotionsTool (Adware.PromotionsTool) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\Program Files\PromotionsTool (Adware.PromotionsTool) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\Program Files\PromotionsTool\uninstall.exe (Adware.PromotionsTool) -> Quarantined and deleted successfully.



Rooter Log

Microsoft Windows XP Professional (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:149409 Mo/Free:3121 Mo)
D:\ [CD-Rom] (Total:666 Mo/Free:0 Mo)

Sat 09/05/2009|10:16

----------------------\\ Processes..

--Locked-- [System Process]
---------- ???#??
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
--Locked-- ???#?#???
--Locked-- ???#?#???
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
---------- C:\Program Files\Alwil Software\Avast4\ashServ.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\system32\acs.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\agrsmsvc.exe
---------- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
---------- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
---------- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
---------- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
---------- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
---------- C:\WINDOWS\system32\TODDSrv.exe
---------- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
---------- C:\WINDOWS\system32\wdfmgr.exe
---------- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\internet explorer\iexplore.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Windows Live\Toolbar\wltuser.exe
---------- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Sat 09/05/2009|10:17

----------------------\\ Scan completed at 10:17


OTListit Log

OTListIt logfile created on: 9/05/2009 AM 10:22:48 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.4 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.72% Memory free
3.33 Gb Paging File | 2.84 Gb Available in Paging File | 85.40% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.91 Gb Total Space | 103.05 Gb Free Space | 70.63% Space Free | Partition Type: NTFS
Drive D: | 667.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC7654678
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL)
PRC - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe (BitDefender S. R. L.)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\WINDOWS\system32\acs.exe (Atheros)
PRC - C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
PRC - C:\WINDOWS\system32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Documents and Settings\User\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (ACS [Auto | Running]) -- C:\WINDOWS\system32\acs.exe (Atheros)
SRV - (AgereModemAudio [Auto | Running]) -- C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)
SRV - (Arrakis3 [On_Demand | Stopped]) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe ()
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Start_Pending]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Stopped]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (avg8wd [Auto | Stopped]) -- File not found
SRV - (CFSvcs [Auto | Running]) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (fsssvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (IJPLMSVC [Auto | Running]) -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (iPodService [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (LIVESRV [Auto | Running]) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (NMIndexingService [Disabled | Stopped]) -- File not found
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (scan [On_Demand | Stopped]) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (TAPPSRV [Auto | Running]) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
SRV - (TODDSrv [Auto | Running]) -- C:\WINDOWS\system32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA Bluetooth Service [Auto | Running]) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (VSSERV [Auto | Running]) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe (BitDefender S. R. L.)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (AR5211 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ar5211.sys (Atheros Communications, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (bdfm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (Bdfndisf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bdfndisf.sys (BitDefender LLC)
DRV - (bdfsfltr [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (bdftdif [System | Running]) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)
DRV - (BDSelfPr [On_Demand | Running]) -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender S.R.L.)
DRV - (BDVEDISK [Auto | Running]) -- C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys (BitDefender S.R.L.)
DRV - (cis1284 [Auto | Running]) -- C:\WINDOWS\system32\drivers\cis1284.sys (Canon Information Systems)
DRV - (fssfltr [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (FwLnk [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\FwLnk.sys (TOSHIBA Corporation)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\igxpmp32.sys (Intel Corporation)
DRV - (iaStor [Boot | Running]) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Netdevio [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\netdevio.sys (TOSHIBA Corporation.)
DRV - (PCASp50 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (Profos [On_Demand | Stopped]) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys ()
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SWNC8U52 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\swnc8u52.sys (Sierra Wireless Inc.)
DRV - (SWNC8U55 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\swnc8u55.sys (Sierra Wireless Inc.)
DRV - (SWUMX52 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\swumx52.sys (Sierra Wireless Inc.)
DRV - (SWUMX55 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\swumx55.sys (Sierra Wireless Inc.)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tdcmdpst [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (tdudf [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\tdudf.sys (TOSHIBA Corporation)
DRV - (tifm21 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (trudf [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\trudf.sys (TOSHIBA Corporation)
DRV - (Trufos [On_Demand | Stopped]) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys (BitDefender S.R.L.)
DRV - (UVCFTR [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (WSIMD [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wsimd.sys (Atheros Communications, Inc.)
DRV - (yukonwxp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\yk51x86.sys (Marvell)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2009\TBEXTENSION\ [2009/05/08 16:38:45 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog1.dll (Conduit Ltd.)
O2 - BHO: (P2P Energy Toolbar) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (BigPond Wireless Broadband 2.0 Auto Dial) - {DB92EC3F-697D-4C3B-9A3B-3ABBD23D4A85} - C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\bpwbb2ad.dll (Telstra)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (P2P Energy Toolbar) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - C:\Program Files\ToggleEN\tbTog1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2BAE58C2-79F9-45D1-A286-81F911301C3A} - C:\Program Files\P2P_Energy\tbP2P_.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui (Atheros Communications, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe File not found
O4 - HKLM..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" (BitDefender S.R.L.)
O4 - HKLM..\Run: [BDWizReg] "C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe" /complete (BitDefender S.R.L.)
O4 - HKLM..\Run: [BigPondWirelessBroadbandCM] "C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe" -tsr (Telstra)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" (BitDefender)
O4 - HKLM..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" (Chicony)
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [MpsOnn] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\MpsOnn.exe (CANON INC.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] TPSMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (Hewlett-Packard Company)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html ()
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html ()
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: CabBuilder http://kiw.imgag.com...llerControl.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/11 07:34:16 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/10/24 09:29:59 | 00,703,552 | R--- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/24 09:29:59 | 00,703,552 | R--- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/24 09:30:00 | 00,662,592 | R--- | M] (Electronic Arts Inc.) - D:\AutoRunGUI.dll -- [ UDF ]
O32 - AutoRun File - [2008/10/24 09:29:55 | 00,000,166 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{0d74f82c-232f-11dd-b7d8-00a0d5ffffa0}\Shell - "" = AutoRun
O33 - MountPoints2\{0d74f82c-232f-11dd-b7d8-00a0d5ffffa0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0d74f82c-232f-11dd-b7d8-00a0d5ffffa0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/05/09 10:10:47 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/09 10:10:36 | 00,502,272 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\User\Desktop\OTListIt2.exe
[2009/05/09 10:09:36 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\User\Desktop\Rooter.exe
[2009/05/09 10:05:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2009/05/09 10:02:31 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/05/09 09:54:23 | 00,000,264 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job
[2009/05/09 09:54:23 | 00,000,264 | ---- | C] () -- C:\WINDOWS\tasks\OGADaily.job
[2009/05/09 09:52:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2009/05/09 09:52:53 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/09 09:52:53 | 00,000,707 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/09 09:52:50 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/09 09:52:48 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/09 09:52:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/09 09:52:04 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\DOCUME~1\User\Desktop\mbam-setup.exe
[2009/05/09 09:50:25 | 00,000,622 | ---- | C] () -- C:\DOCUME~1\User\Desktop\NTREGOPT.lnk
[2009/05/09 09:50:25 | 00,000,603 | ---- | C] () -- C:\DOCUME~1\User\Desktop\ERUNT.lnk
[2009/05/09 09:50:23 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/09 09:49:37 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\DOCUME~1\User\Desktop\erunt_setup.exe
[2009/05/09 09:48:44 | 00,021,504 | ---- | C] (Doug Knox) -- C:\DOCUME~1\User\Desktop\SysRestorePoint.exe
[2009/05/09 09:20:54 | 00,000,674 | ---- | C] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2009/05/08 21:15:37 | 00,000,241 | ---- | C] () -- C:\DOCUME~1\User\Desktop\Shortcut to Add or Remove Programs.lnk
[2009/05/08 16:48:34 | 00,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2009/05/08 16:43:11 | 00,000,850 | ---- | C] () -- C:\WINDOWS\System32\ProductTweaks.xml
[2009/05/08 16:43:10 | 00,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
[2009/05/08 16:39:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\logs
[2009/05/08 16:39:29 | 00,001,874 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\BitDefender Total Security 2009.lnk
[2009/05/08 16:39:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\BitDefender
[2009/05/08 16:39:24 | 00,000,000 | ---D | C] -- C:\Binaries
[2009/05/08 16:38:27 | 00,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2009/05/08 16:38:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2009/05/08 16:36:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2009/05/08 16:26:44 | 00,156,000 | ---- | C] (Microsoft Corporation) -- C:\DOCUME~1\ALLUSE~1\Documents\bitdefender_tsecurity.exe
[2009/05/08 16:22:49 | 00,176,768 | ---- | C] (Symantec Corporation) -- C:\DOCUME~1\ALLUSE~1\Documents\FxBeagle.exe
[2009/05/07 19:10:58 | 00,001,547 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2009/05/07 19:10:46 | 00,000,000 | ---D | C] -- C:\DOCUME~1\User\My Documents\LimeWire
[2009/05/07 19:10:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Mozilla
[2009/05/07 19:10:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\LimeWire
[2009/05/07 19:09:57 | 00,001,589 | ---- | C] () -- C:\DOCUME~1\User\Desktop\LimeWire 5.1.2.lnk
[2009/05/07 19:09:21 | 00,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2009/05/07 18:25:02 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/05/07 18:25:02 | 00,001,720 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\avast! Antivirus.lnk
[2009/05/07 18:25:01 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/05/07 18:25:01 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/05/07 18:24:58 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/05/07 18:24:58 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/05/07 18:24:58 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/05/07 18:24:58 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/05/07 18:24:58 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/05/07 18:24:44 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/05/07 18:24:44 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/05/07 18:24:41 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/05/07 18:12:59 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\DOCUME~1\User\Desktop\avast.exe
[2009/05/03 20:14:09 | 00,024,576 | ---- | C] () -- C:\DOCUME~1\User\My Documents\anzac.doc
[2009/05/02 19:08:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\uTorrent
[2009/05/02 19:07:59 | 00,274,224 | ---- | C] (BitTorrent, Inc.) -- C:\DOCUME~1\User\Desktop\utorrent.exe
[2009/04/27 22:26:41 | 00,000,512 | ---- | C] () -- C:\DOCUME~1\User\My Documents\131BF000
[2009/04/27 21:27:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2009/04/27 21:26:00 | 00,000,000 | ---D | C] -- C:\DOCUME~1\User\My Documents\New Folder
[2009/04/27 19:39:01 | 00,025,600 | ---- | C] () -- C:\DOCUME~1\User\Desktop\school timetable.doc
[2009/04/27 18:58:26 | 00,035,840 | ---- | C] () -- C:\DOCUME~1\User\Desktop\timetable for stuff.doc
[2009/04/27 18:45:37 | 00,035,840 | ---- | C] () -- C:\DOCUME~1\User\Desktop\timetable.doc
[2009/04/24 19:23:58 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/04/24 19:23:58 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/04/23 20:41:07 | 00,000,000 | ---D | C] -- C:\DOCUME~1\User\Desktop\L.W MUSIC
[2009/04/21 19:03:02 | 00,000,188 | ---- | C] () -- C:\DOCUME~1\User\Desktop\Shortcut to CD Drive.lnk
[2009/04/20 19:22:36 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/20 19:22:36 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/20 19:22:36 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/20 19:22:36 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/20 19:22:36 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/04/20 19:22:35 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/20 19:22:35 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/20 19:22:35 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/20 19:22:35 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/20 19:22:35 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/16 19:52:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/04/16 19:19:16 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/16 19:19:16 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/16 19:19:15 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/13 12:15:07 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/04/12 14:51:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/04/12 14:50:56 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/04/06 08:59:25 | 00,000,220 | ---- | C] () -- C:\WINDOWS\MCDB.ini
[2009/04/06 08:59:22 | 00,000,031 | ---- | C] () -- C:\WINDOWS\System32\dvdwincd20.dll
[2009/04/06 08:58:46 | 00,000,045 | ---- | C] () -- C:\WINDOWS\System32\DVDCD.dll
[2008/12/31 17:04:42 | 00,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/10/09 16:31:54 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/08/25 12:22:41 | 00,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2008/08/25 12:22:25 | 00,009,391 | ---- | C] () -- C:\WINDOWS\System32\dymourl.ini
[2008/08/25 12:21:51 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\DYMOCFG.DLL
[2008/07/05 16:12:21 | 00,000,663 | ---- | C] () -- C:\WINDOWS\openrda.ini
[2008/03/12 07:02:47 | 00,000,208 | ---- | C] () -- C:\WINDOWS\MPASS.INI
[2008/03/08 03:04:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\drvxl32.INI
[2008/03/08 03:04:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\drvwd32.INI
[2008/03/08 01:59:26 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/08 01:46:51 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2008/03/08 01:46:51 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2008/03/08 01:46:51 | 00,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2008/03/08 01:46:51 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2008/03/07 18:28:57 | 00,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/03/07 17:29:10 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7N.DLL
[2008/03/07 13:49:44 | 00,000,424 | ---- | C] () -- C:\WINDOWS\MYOBP.INI
[2008/03/07 13:49:44 | 00,000,119 | ---- | C] () -- C:\WINDOWS\SwDrvs.ini
[2008/03/07 13:49:44 | 00,000,039 | ---- | C] () -- C:\WINDOWS\MYOB.INI
[2007/07/13 09:29:40 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/07/12 08:14:34 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2007/07/12 08:14:34 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[2007/07/11 09:01:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2007/07/11 08:57:15 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/07/11 08:57:15 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/07/11 08:57:15 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/07/11 08:57:15 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/07/11 08:57:15 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/07/11 08:57:15 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/07/11 08:50:07 | 00,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/07/11 08:50:07 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4833.dll
[2007/07/11 07:37:07 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2007/07/11 07:25:05 | 00,002,392 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/07/11 07:24:57 | 00,000,604 | ---- | C] () -- C:\WINDOWS\win.ini
[2007/07/11 07:24:56 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2007/01/31 14:50:32 | 00,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2006/12/06 06:05:06 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2006/05/05 18:26:00 | 00,335,872 | ---- | C] () -- C:\WINDOWS\System32\ctreestd.dll
[2005/07/23 14:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/01/31 07:02:00 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll
[1997/06/14 12:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/05/09 10:10:37 | 00,502,272 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\User\Desktop\OTListIt2.exe
[2009/05/09 10:09:37 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\User\Desktop\Rooter.exe
[2009/05/09 10:05:51 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/09 10:05:49 | 00,000,264 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2009/05/09 10:04:48 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/05/09 10:03:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/09 10:03:03 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\User\Local Settings\desktop.ini
[2009/05/09 10:02:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/09 10:02:08 | 00,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2009/05/09 09:54:23 | 00,000,264 | ---- | M] () -- C:\WINDOWS\tasks\OGADaily.job
[2009/05/09 09:52:53 | 00,000,707 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/09 09:52:08 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\DOCUME~1\User\Desktop\mbam-setup.exe
[2009/05/09 09:50:25 | 00,000,622 | ---- | M] () -- C:\DOCUME~1\User\Desktop\NTREGOPT.lnk
[2009/05/09 09:50:25 | 00,000,603 | ---- | M] () -- C:\DOCUME~1\User\Desktop\ERUNT.lnk
[2009/05/09 09:49:54 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\DOCUME~1\User\Desktop\erunt_setup.exe
[2009/05/09 09:48:44 | 00,021,504 | ---- | M] (Doug Knox) -- C:\DOCUME~1\User\Desktop\SysRestorePoint.exe
[2009/05/09 09:21:39 | 00,000,674 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2009/05/08 21:15:37 | 00,000,241 | ---- | M] () -- C:\DOCUME~1\User\Desktop\Shortcut to Add or Remove Programs.lnk
[2009/05/08 21:11:55 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/05/08 21:11:55 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/05/08 21:11:55 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/05/08 21:11:55 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/05/08 21:11:55 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/05/08 21:11:55 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/05/08 16:44:19 | 35,889,236 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/05/08 16:43:11 | 00,000,850 | ---- | M] () -- C:\WINDOWS\System32\ProductTweaks.xml
[2009/05/08 16:43:10 | 00,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
[2009/05/08 16:39:29 | 00,001,874 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\BitDefender Total Security 2009.lnk
[2009/05/08 16:26:07 | 00,156,000 | ---- | M] (Microsoft Corporation) -- C:\DOCUME~1\ALLUSE~1\Documents\bitdefender_tsecurity.exe
[2009/05/08 16:18:08 | 00,176,768 | ---- | M] (Symantec Corporation) -- C:\DOCUME~1\ALLUSE~1\Documents\FxBeagle.exe
[2009/05/07 19:25:48 | 00,051,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/05/07 19:10:58 | 00,001,547 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2009/05/07 19:09:57 | 00,001,589 | ---- | M] () -- C:\DOCUME~1\User\Desktop\LimeWire 5.1.2.lnk
[2009/05/07 18:58:53 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/05/07 18:25:02 | 00,001,720 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\avast! Antivirus.lnk
[2009/05/07 18:24:58 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/05/07 18:13:14 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\DOCUME~1\User\Desktop\avast.exe
[2009/05/03 20:14:09 | 00,024,576 | ---- | M] () -- C:\DOCUME~1\User\My Documents\anzac.doc
[2009/05/03 14:06:45 | 00,106,464 | ---- | M] () -- C:\DOCUME~1\User\Desktop\Nokia Ringtones - Fire Truck Alarm.mp3
[2009/05/02 19:08:09 | 00,274,224 | ---- | M] (BitTorrent, Inc.) -- C:\DOCUME~1\User\Desktop\utorrent.exe
[2009/04/27 22:26:41 | 00,000,512 | ---- | M] () -- C:\DOCUME~1\User\My Documents\131BF000
[2009/04/27 19:39:01 | 00,025,600 | ---- | M] () -- C:\DOCUME~1\User\Desktop\school timetable.doc
[2009/04/27 18:58:26 | 00,035,840 | ---- | M] () -- C:\DOCUME~1\User\Desktop\timetable for stuff.doc
[2009/04/27 18:58:06 | 00,035,840 | ---- | M] () -- C:\DOCUME~1\User\Desktop\timetable.doc
[2009/04/27 17:58:45 | 00,000,036 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2009/04/27 17:54:24 | 00,002,483 | ---- | M] () -- C:\DOCUME~1\User\Desktop\Microsoft Office PowerPoint 2003.lnk
[2009/04/27 17:53:57 | 00,002,497 | ---- | M] () -- C:\DOCUME~1\User\Desktop\Microsoft Office Word 2003.lnk
[2009/04/24 19:23:58 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/04/21 19:03:02 | 00,000,188 | ---- | M] () -- C:\DOCUME~1\User\Desktop\Shortcut to CD Drive.lnk
[2009/04/21 18:34:59 | 00,481,674 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/21 18:34:59 | 00,410,132 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/21 18:34:59 | 00,065,122 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/21 18:34:57 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/21 18:33:28 | 00,000,604 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/20 19:43:24 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\DOCUME~1\User\Desktop\Farm 06 07 08.MYO:SummaryInformation
< End of report >

:) :) Please HELP


Shodwb
  • 0

Advertisements


#2
handhfan

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Hello, shodwb, and welcome to GeeksToGo! Sorry for the delay, the forums have been pretty busy.

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#3
shodwb

shodwb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Cheers
Thanks for getting back to me:D

When i ran combo fix it came up with

C:\WINDOWS\system32\grpconv.exe is not a valid win32 application, then

32788R22FWJFW\hidec.exe is not a valid win32 application <= when i clicked ok on the box on this one it reapeared straght away another 2 times

It then said i had Bit Defender, and avg Running, however i couldnt stop them, and couldnt uninstall them so i have deleted all of the files out of there respective folders that i could

Here is the log

ComboFix 09-05-14.03 - User 15/05/2009 11:11.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1679 [GMT 10:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\dvdwincd20.dll
.
---- Previous Run -------
.
c:\windows\IE4 Error Log.txt

.
((((((((((((((((((((((((( Files Created from 2009-04-14 to 2009-05-14 )))))))))))))))))))))))))))))))
.

2009-05-09 00:10 . 2009-05-09 00:17 -------- d-----w C:\Rooter$
2009-05-09 00:05 . 2009-05-09 00:05 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-05-08 23:52 . 2009-05-08 23:52 -------- d-----w c:\documents and settings\User\Application Data\Malwarebytes
2009-05-08 23:52 . 2009-04-06 05:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-08 23:52 . 2009-04-06 05:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-08 23:52 . 2009-05-08 23:52 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-08 23:52 . 2009-05-08 23:52 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-08 23:50 . 2009-05-08 23:50 -------- d-----w c:\program files\ERUNT
2009-05-08 12:30 . 2009-05-08 12:30 -------- d-----w c:\documents and settings\Administrator\Application Data\BitDefender
2009-05-08 06:48 . 2009-05-14 21:51 81984 ----a-w c:\windows\system32\bdod.bin
2009-05-08 06:39 . 2009-05-08 06:39 -------- d-----w c:\windows\system32\logs
2009-05-08 06:39 . 2009-05-08 06:39 -------- d-----w c:\documents and settings\User\Application Data\BitDefender
2009-05-08 06:39 . 2009-05-08 06:39 -------- d-----w C:\Binaries
2009-05-08 06:38 . 2009-05-08 06:42 -------- d-----w c:\documents and settings\All Users\Application Data\BitDefender
2009-05-08 06:38 . 2009-05-14 21:55 -------- d-----w c:\program files\BitDefender
2009-05-08 06:36 . 2009-05-08 06:38 -------- d-----w c:\program files\Common Files\BitDefender
2009-05-07 09:10 . 2009-05-07 09:20 -------- d-----w c:\documents and settings\User\Application Data\LimeWire
2009-05-07 09:09 . 2009-05-07 09:10 -------- d-----w c:\program files\LimeWire
2009-05-07 08:24 . 2009-05-07 08:24 -------- d-----w c:\program files\Alwil Software
2009-05-02 09:08 . 2009-05-02 12:47 -------- d-----w c:\documents and settings\User\Application Data\uTorrent
2009-04-27 11:27 . 2009-04-27 11:27 -------- d-----w c:\documents and settings\All Users\Application Data\iWin Games
2009-04-20 09:22 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-20 09:22 . 2009-02-06 10:39 35328 -c----w c:\windows\system32\dllcache\sc.exe
2009-04-20 09:22 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-20 09:22 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-20 09:22 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-20 09:22 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-20 09:22 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-20 09:22 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-20 09:22 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-20 09:22 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 09:52 . 2009-04-16 09:52 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-04-16 09:19 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-16 09:19 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-07 11:55 . 2009-04-01 06:24 34 ----a-w c:\documents and settings\User\jagex_runescape_preferences.dat
2009-04-27 07:58 . 2008-08-25 02:21 -------- d-----w c:\program files\DYMO Label
2009-04-16 10:12 . 2009-04-12 04:50 -------- d-----w c:\program files\iPod
2009-04-12 04:51 . 2009-04-07 11:18 -------- d-----w c:\program files\Apple Software Update
2009-04-07 09:23 . 2007-07-10 22:52 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-07 00:26 . 2009-04-07 00:26 481 ----a-w c:\windows\eReg.dat
2009-04-05 23:26 . 2009-03-28 09:32 -------- d-----w c:\program files\Microsoft
2009-04-05 23:26 . 2009-04-05 23:26 -------- d-----w c:\program files\Microsoft Office Outlook Connector
2009-04-05 23:25 . 2009-03-28 09:31 -------- d-----w c:\program files\Windows Live
2009-04-05 22:58 . 2009-04-05 22:58 -------- d-----w c:\program files\MicroAdobe
2009-04-03 21:55 . 2009-04-02 09:07 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-03 08:06 . 2009-04-03 08:06 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-03-31 07:46 . 2009-03-31 07:46 -------- d-----w c:\program files\Microsoft Sync Framework
2009-03-31 07:21 . 2008-03-23 02:49 90384 ----a-w c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-30 10:43 . 2008-03-07 17:21 -------- d-----w c:\program files\Microsoft Works
2009-03-30 10:08 . 2009-03-30 10:02 -------- d-----w c:\program files\ToggleEN
2009-03-30 10:08 . 2009-03-30 10:08 -------- d-----w c:\program files\P2P_Energy
2009-03-30 10:08 . 2009-03-30 10:08 -------- d-----w c:\program files\LimeWire Music
2009-03-30 10:02 . 2009-03-30 10:02 -------- d-----w c:\program files\Conduit
2009-03-28 09:59 . 2009-03-28 09:59 -------- d-----w c:\program files\AGI
2009-03-28 09:32 . 2009-03-28 09:32 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-28 07:36 . 2009-03-28 07:34 -------- d-----w c:\program files\Microsoft Games
2009-03-25 09:29 . 2009-03-25 09:29 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-25 09:12 . 2009-03-25 06:57 -------- d-----w c:\program files\EA GAMES
2009-03-25 08:03 . 2009-03-25 08:03 108144 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-25 03:38 . 2009-03-25 03:38 -------- d-----w c:\program files\DYMO LabelWriter Drivers
2009-03-11 05:12 . 2009-03-11 05:12 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-03-06 14:22 . 2007-07-10 21:24 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2007-07-10 21:24 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2007-07-10 21:24 78336 ----a-w c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTog1.dll" [2009-04-24 1883672]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P_.dll" [2009-03-10 2079256]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2009-04-24 08:40 1883672 ----a-w c:\program files\ToggleEN\tbTog1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2009-03-10 00:47 2079256 ----a-w c:\program files\P2P_Energy\tbP2P_.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTog1.dll" [2009-04-24 1883672]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P_.dll" [2009-03-10 2079256]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\tbTog1.dll" [2009-04-24 1883672]
"{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "c:\program files\P2P_Energy\tbP2P_.dll" [2009-03-10 2079256]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-10 68856]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2005-10-20 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"ACU"="c:\program files\Atheros\ACU.exe" [2007-04-16 372825]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-14 311296]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-21 413696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-07 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-07 162584]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2007-07-11 356352]
"BigPondWirelessBroadbandCM"="c:\program files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe" [2008-05-07 2162688]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MpsOnn"="c:\windows\System32\spool\DRIVERS\W32X86\3\MpsOnn.exe" [2001-11-19 22528]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-10 159744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-29 888832]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-07 138008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-05-31 282624]
"NDSTray.exe"="NDSTray.exe" [BU]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416]

c:\documents and settings\User\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-3-11 139776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-11 05:12 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Java\\jre1.6.0\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\User\\Desktop\\utorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [6/04/2009 9:25 AM 55152]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [14/01/2009 4:53 PM 226656]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [27/03/2007 5:22 AM 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [20/02/2007 5:15 AM 134016]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [12/02/2009 4:52 PM 104328]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [12/07/2007 8:14 AM 5888]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [8/03/2008 1:47 AM 57024]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys --> c:\windows\system32\Drivers\avgldx86.sys [?]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S2 BDVEDISK;BDVEDISK;\??\c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys --> c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [?]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [20/01/2009 7:16 PM 172032]
S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [18/09/2008 12:09 PM 111112]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6/02/2009 6:08 PM 533360]
S3 SWNC8U52;Sierra Wireless MUX NDIS Driver (UMTS52);c:\windows\system32\drivers\swnc8u52.sys [19/11/2007 5:06 PM 164480]
S3 SWNC8U55;Sierra Wireless MUX NDIS Driver (UMTS55);c:\windows\system32\drivers\swnc8u55.sys [19/11/2007 5:06 PM 164480]
S3 SWUMX52;Sierra Wireless USB MUX Driver (UMTS52);c:\windows\system32\drivers\swumx52.sys [19/11/2007 5:06 PM 140672]
S3 SWUMX55;Sierra Wireless USB MUX Driver (UMTS55);c:\windows\system32\drivers\swumx55.sys [19/11/2007 5:06 PM 140672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d74f82c-232f-11dd-b7d8-00a0d5ffffa0}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-05-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-10 21:29]

2009-05-13 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 07:04]

2009-05-14 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 07:04]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
HKLM-Run-BDWizReg - c:\program files\BitDefender\BitDefender 2009\bdwizreg.exe
HKLM-Run-BDAgent - c:\program files\BitDefender\BitDefender 2009\bdagent.exe
HKLM-Run-BitDefender Antiphishing Helper - c:\program files\BitDefender\BitDefender 2009\IEShow.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-15 11:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
IJNetworkScanUtility = c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE????1?2?,?@??w??96@?????H6@???@?????????????????????????????( ??????Service Pack 3?????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-05-15 11:14
ComboFix-quarantined-files.txt 2009-05-15 01:14

Pre-Run: 110,811,516,928 bytes free
Post-Run: 110,841,999,360 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

230 --- E O F --- 2009-05-14 17:01


Cheers
Shodwb

Edited by shodwb, 14 May 2009 - 11:15 PM.

  • 0

#4
shodwb

shodwb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I just managed to delete some more of the bit defender files, and now when i try to open any .exe file, it seems as though they have lost there extensions, it doesnt come up with the same message any more,

***.exe is not a valid win32 application

just trys to make me choose which program to use to open it, when i choose the correct program, from the list or browsing, it opens fine without any problems, i have read something about this before about doing something quick to fix it but i cant remember,
also when i try to open anything in Control Panel i get an error message of

C:\WINDOWS\system32\rundll32.exe Application not Found

, however the file is there, i went and found it, well at least i think i did


Cheers
Shodwb
  • 0

#5
handhfan

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
I think first before we continue, we should address this .exe issue. I'm not convinced it's malware related, as I'm not seeing much in your logs, and a lot of programs are not working properly due to it.

For now, I would start a new topic in the Windows forum and address this issue, let them know you started here, and that this issue isn't related to malware. They will best be able to help you resolve that. When that's cleared up, just let me know either in this topic or through PM that you have it all fixed, and we'll continue to see if we can make sure you are completely clean and all your issues have been resolved.
  • 0

#6
handhfan

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP