Please help me out, I am not able to use any application, on each and every click it say "is not a valid win32 application"
With the previous discussion on this topic, I got to know that we can fix this by 1st disabling the anti-virus , then by installing Combo-fix, I did the same, and have log file also with me<atached ComboFix.txt 27.63KB 152 downloads>, please help whats next ??
ComboFix 12-06-28.03 - Administrator 06/29/2012 11:05:35.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2935.1880 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\chrome\content\background.html
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\chrome\content\browser.xul
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\chrome\content\crossrider.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\chrome\content\crossriderapi.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\chrome\content\dialog.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\chrome\content\options.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\chrome\content\options.xul
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\chrome\content\search_dialog.xul
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\chrome\content\update.html
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\defaults\preferences\prefs.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\locale\en-US\translations.dtd
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\skin\button1.png
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\skin\button2.png
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\skin\button3.png
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\skin\button4.png
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\skin\button5.png
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\skin\crossrider_statusbar.png
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\skin\icon128.png
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\skin\icon16.png
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\skin\icon24.png
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\skin\icon48.png
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\skin\panelarrow-up.png
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\skin\popup.css
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\skin\popup.html
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\skin\popup_binding.xml
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\skin\skin.css
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\[email protected]\skin\update.css
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgfinst.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\crt_x64.msi
c:\documents and settings\All Users\Application Data\TEMP\AVG\files.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredis1.cab
c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredist.msi
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\windows\system32\autorun.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-29 )))))))))))))))))))))))))))))))
.
.
2012-06-28 20:02 . 2008-05-03 07:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-06-28 20:00 . 2012-06-28 20:00 -------- d-----w- c:\documents and settings\Swat
2012-06-28 19:31 . 2012-06-29 01:37 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2012-06-28 13:28 . 2012-06-28 13:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-06-28 13:28 . 2012-06-28 13:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-06-28 13:23 . 2012-06-28 13:23 -------- d-----w- c:\program files\CCleaner
2012-06-26 01:13 . 2012-06-26 01:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\QuickScan
2012-06-25 13:59 . 2012-06-25 13:59 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Optimizer Pro
2012-06-25 13:49 . 2012-06-25 13:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\SavingsApp
2012-06-25 13:49 . 2012-06-25 13:49 -------- d-----w- c:\documents and settings\All Users\Application Data\WeCareReminder
2012-06-19 21:35 . 2012-06-19 21:35 4967624 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-13 19:42 . 2012-06-13 19:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\Scooter Software
2012-06-13 19:42 . 2012-06-13 19:42 -------- d-----w- c:\program files\Beyond Compare 3
2012-06-06 19:55 . 2012-06-06 19:55 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-06 19:55 . 2012-06-06 19:55 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-05 02:25 . 2012-06-05 02:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia Suite
2012-06-03 19:07 . 2012-06-03 19:07 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Google
2012-05-30 20:06 . 2012-05-30 20:06 -------- d-----w- c:\program files\Common Files\Nokia
2012-05-30 20:05 . 2012-05-30 20:05 -------- d-----w- c:\program files\PC Connectivity Solution
2012-05-30 20:05 . 2012-01-09 21:28 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2012-05-30 20:05 . 2012-01-09 21:28 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2012-05-30 20:05 . 2012-01-09 21:28 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2012-05-30 20:05 . 2012-01-09 21:28 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 22:03 . 2012-05-04 19:39 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 22:03 . 2011-12-08 15:44 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-22 17:51 . 2012-04-29 11:47 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-04-18 19:56 . 2012-04-18 19:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 19:56 . 2012-04-18 19:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-06-18 01:34 . 2011-11-20 14:28 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-05-03 . 37D8387CBD4437C55F454209BE10EF11 . 361344 . . [5.1.2600.5508] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-06-13 20:30 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-06-13 20:30 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-06-13 20:30 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-06-13 20:30 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-04-13 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-22 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-22 170008]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-22 145432]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-05-03 110592]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2010-04-27 389120]
"TPSMain"="TPSMain.exe" [2009-12-09 289344]
"TPSODDCtl"="TPSODDCtl.exe" [2009-12-09 129600]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-18 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-08-13 123904]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - [N/A]
WordWeb.lnk - [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"StartMenuFavorites"= 0 (0x0)
"Start_ShowMyComputer"= 1 (0x1)
"Start_ShowMyDocs"= 1 (0x1)
"Start_ShowMyMusic"= 0 (0x0)
"Start_ShowRun"= 1 (0x1)
"Start_ShowSearch"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2012-01-06 15:30 1446760 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 -c--a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 04:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-11-04 21:04 6174008 -c--a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinUpdate]
2008-05-03 07:00 155648 -c--a-w- c:\windows\system32\wscript.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"f:\\ATG\\ATG10.0.2\\DAS\\solid\\i486-unknown-win32\\solfe.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_31\\bin\\java.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/10/2011 8:14 PM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7/10/2011 8:13 PM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/10/2011 8:13 PM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/10/2011 8:14 PM 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 1:09 AM 192776]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/14/2011 6:19 PM 136176]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/10/2011 8:14 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/10/2011 8:14 PM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [7/10/2011 8:14 PM 16720]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [1/9/2011 10:20 AM 5888]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2/8/2012 12:26 PM 73216]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [7/8/2010 6:28 PM 132480]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 2:25 AM 4433248]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe -/service --> c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe -/service [?]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [6/19/2012 5:32 PM 3048136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/5/2012 3:17 PM 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/4/2012 3:39 PM 250056]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 6:58 AM 11336]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2/8/2012 12:26 PM 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys --> c:\windows\system32\DRIVERS\ewusbnet.sys [?]
S3 FGUARD32;FGUARD32;c:\program files\Folder Guard Pro\FGUARD32.SYS [7/17/2010 5:51 AM 54008]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/14/2011 6:19 PM 136176]
S3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/4/2010 12:53 PM 60456]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/6/2012 3:19 AM 113120]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [7/7/2010 5:31 PM 191008]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys --> c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 22:03]
.
2012-05-17 c:\windows\Tasks\AdobeAAMUpdater-1.0-SWATI-COMPUTER-Administrator.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-05-14 05:09]
.
2012-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-06-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1060284298-1972579041-1177238915-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-04-13 15:15]
.
2012-06-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1060284298-1972579041-1177238915-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-04-13 15:15]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-14 22:19]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-14 22:19]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1972579041-1177238915-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-21 21:05]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1972579041-1177238915-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-21 21:05]
.
.
------- Supplementary Scan -------
.
uStart Page = https://search.blekk...85&tbp=homepage
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
MSConfigStartUp-AdobeCS6ServiceManager - c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-29 11:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1060284298-1972579041-1177238915-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{9D717F81-9148-4F12-8568-69135F087DB0}"=hex:51,66,7a,6c,4c,1d,3b,1b,91,60,63,
82,7f,c0,75,06,9b,6a,23,53,5e,42,3f,ae
.
Completion time: 2012-06-29 11:09:31
ComboFix-quarantined-files.txt 2012-06-29 15:09
.
Pre-Run: 11,928,829,952 bytes free
Post-Run: 12,127,465,472 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A473152B32BF021A5A17EE71519E6AE8