Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

is not a valid win32 application

Started by purpleLover , Jun 29 2012 09:22 AM

  • Please log in to reply

#1
purpleLover
Posted 29 June 2012 - 09:22 AM

purpleLover

    New Member

  • Member
  • Pip
  • 1 posts
Hi guys,
Please help me out, I am not able to use any application, on each and every click it say "is not a valid win32 application"
With the previous discussion on this topic, I got to know that we can fix this by 1st disabling the anti-virus , then by installing Combo-fix, I did the same, and have log file also with me<atachedAttached File  ComboFix.txt   27.63KB   145 downloads>, please help whats next ?? :(

ComboFix 12-06-28.03 - Administrator 06/29/2012 11:05:35.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2935.1880 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\chrome\content\background.html
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\chrome\content\browser.xul
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\chrome\content\crossrider.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\chrome\content\crossriderapi.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\chrome\content\dialog.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\chrome\content\options.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\chrome\content\options.xul
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\chrome\content\search_dialog.xul
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\chrome\content\update.html
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\defaults\preferences\prefs.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\locale\en-US\translations.dtd
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\skin\button1.png
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\skin\button2.png
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\skin\button3.png
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\skin\button4.png
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\skin\button5.png
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\skin\crossrider_statusbar.png
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\skin\icon128.png
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\skin\icon16.png
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\skin\icon24.png
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\skin\icon48.png
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\skin\panelarrow-up.png
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\skin\popup.css
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\skin\popup.html
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\skin\popup_binding.xml
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\skin\skin.css
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\skin\update.css
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgfinst.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\crt_x64.msi
c:\documents and settings\All Users\Application Data\TEMP\AVG\files.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredis1.cab
c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredist.msi
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\windows\system32\autorun.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-29 )))))))))))))))))))))))))))))))
.
.
2012-06-28 20:02 . 2008-05-03 07:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-06-28 20:00 . 2012-06-28 20:00 -------- d-----w- c:\documents and settings\Swat
2012-06-28 19:31 . 2012-06-29 01:37 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2012-06-28 13:28 . 2012-06-28 13:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-06-28 13:28 . 2012-06-28 13:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-06-28 13:23 . 2012-06-28 13:23 -------- d-----w- c:\program files\CCleaner
2012-06-26 01:13 . 2012-06-26 01:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\QuickScan
2012-06-25 13:59 . 2012-06-25 13:59 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Optimizer Pro
2012-06-25 13:49 . 2012-06-25 13:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\SavingsApp
2012-06-25 13:49 . 2012-06-25 13:49 -------- d-----w- c:\documents and settings\All Users\Application Data\WeCareReminder
2012-06-19 21:35 . 2012-06-19 21:35 4967624 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-13 19:42 . 2012-06-13 19:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\Scooter Software
2012-06-13 19:42 . 2012-06-13 19:42 -------- d-----w- c:\program files\Beyond Compare 3
2012-06-06 19:55 . 2012-06-06 19:55 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-06 19:55 . 2012-06-06 19:55 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-05 02:25 . 2012-06-05 02:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia Suite
2012-06-03 19:07 . 2012-06-03 19:07 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Google
2012-05-30 20:06 . 2012-05-30 20:06 -------- d-----w- c:\program files\Common Files\Nokia
2012-05-30 20:05 . 2012-05-30 20:05 -------- d-----w- c:\program files\PC Connectivity Solution
2012-05-30 20:05 . 2012-01-09 21:28 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2012-05-30 20:05 . 2012-01-09 21:28 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2012-05-30 20:05 . 2012-01-09 21:28 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2012-05-30 20:05 . 2012-01-09 21:28 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 22:03 . 2012-05-04 19:39 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 22:03 . 2011-12-08 15:44 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-22 17:51 . 2012-04-29 11:47 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-04-18 19:56 . 2012-04-18 19:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 19:56 . 2012-04-18 19:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-06-18 01:34 . 2011-11-20 14:28 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-05-03 . 37D8387CBD4437C55F454209BE10EF11 . 361344 . . [5.1.2600.5508] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-06-13 20:30 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-06-13 20:30 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-06-13 20:30 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-06-13 20:30 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-04-13 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-22 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-22 170008]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-22 145432]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-05-03 110592]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2010-04-27 389120]
"TPSMain"="TPSMain.exe" [2009-12-09 289344]
"TPSODDCtl"="TPSODDCtl.exe" [2009-12-09 129600]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-18 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-08-13 123904]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - [N/A]
WordWeb.lnk - [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"StartMenuFavorites"= 0 (0x0)
"Start_ShowMyComputer"= 1 (0x1)
"Start_ShowMyDocs"= 1 (0x1)
"Start_ShowMyMusic"= 0 (0x0)
"Start_ShowRun"= 1 (0x1)
"Start_ShowSearch"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2012-01-06 15:30 1446760 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 -c--a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 04:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-11-04 21:04 6174008 -c--a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinUpdate]
2008-05-03 07:00 155648 -c--a-w- c:\windows\system32\wscript.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"f:\\ATG\\ATG10.0.2\\DAS\\solid\\i486-unknown-win32\\solfe.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_31\\bin\\java.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/10/2011 8:14 PM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7/10/2011 8:13 PM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/10/2011 8:13 PM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/10/2011 8:14 PM 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 1:09 AM 192776]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/14/2011 6:19 PM 136176]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/10/2011 8:14 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/10/2011 8:14 PM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [7/10/2011 8:14 PM 16720]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [1/9/2011 10:20 AM 5888]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2/8/2012 12:26 PM 73216]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [7/8/2010 6:28 PM 132480]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 2:25 AM 4433248]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe -/service --> c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe -/service [?]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [6/19/2012 5:32 PM 3048136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/5/2012 3:17 PM 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/4/2012 3:39 PM 250056]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 6:58 AM 11336]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2/8/2012 12:26 PM 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys --> c:\windows\system32\DRIVERS\ewusbnet.sys [?]
S3 FGUARD32;FGUARD32;c:\program files\Folder Guard Pro\FGUARD32.SYS [7/17/2010 5:51 AM 54008]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/14/2011 6:19 PM 136176]
S3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/4/2010 12:53 PM 60456]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/6/2012 3:19 AM 113120]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [7/7/2010 5:31 PM 191008]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys --> c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 22:03]
.
2012-05-17 c:\windows\Tasks\AdobeAAMUpdater-1.0-SWATI-COMPUTER-Administrator.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-05-14 05:09]
.
2012-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-06-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1060284298-1972579041-1177238915-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-04-13 15:15]
.
2012-06-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1060284298-1972579041-1177238915-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-04-13 15:15]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-14 22:19]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-14 22:19]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1972579041-1177238915-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-21 21:05]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1972579041-1177238915-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-21 21:05]
.
.
------- Supplementary Scan -------
.
uStart Page = https://search.blekk...85&tbp=homepage
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
MSConfigStartUp-AdobeCS6ServiceManager - c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-29 11:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1060284298-1972579041-1177238915-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{9D717F81-9148-4F12-8568-69135F087DB0}"=hex:51,66,7a,6c,4c,1d,3b,1b,91,60,63,
82,7f,c0,75,06,9b,6a,23,53,5e,42,3f,ae
.
Completion time: 2012-06-29 11:09:31
ComboFix-quarantined-files.txt 2012-06-29 15:09
.
Pre-Run: 11,928,829,952 bytes free
Post-Run: 12,127,465,472 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A473152B32BF021A5A17EE71519E6AE8
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP