Hello, I'm trying to download Adobe Flash Player as well as ADSLtv (with Neuf) and VLC. No software download is possible. The application starts to download each time, but it cannot be executed and I always get the same message: ..... is not a valid Win 32 application. Yet, I had already installed ADSLTV before. The only change I've made recently is activating Microsoft Office Outlook (I used to use Incredimail, but too much spam...) could this have an influence? Maybe it's a virus. Can I repair it to be able to download software again? What procedure? Thank you in advance for your responses. Configuration: Windows XP Internet Explorer 7.0 DELL Inspiron 510 m laptop

.exe is not a valid WIN32 application : CCM

Answer 1 / 15

crapoulou Posted messages 28002 Registration date Status Moderator, Security Contributor Last intervention 8 046

Hi,
Download FindyKill (Thanks to Chiquitine29!!)

Right-click on the link, save as.....on the desktop
=> http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

Unzip it on the desktop

Enter the FindyKill folder
Double click on FindyKill.exe
Choose option 1 (search)
A report will open, please post it in your next response

Note: the FindyKill.txt report is saved at the root of the drive (C:\FindyKill.txt)

--
Got a problem? Head over to CCM!
There is no problem without a solution.

GLOCQ Posted messages 50 Status Member 3

Hello crapoulou. Thank you for your help. I followed what you told me, so I have a WinRAR Archive file on my desktop. When I click on it, I open the FindyKill.rar - WinRAR folder which contains FindyKill.exe
but when I double-click on FindyKill.exe I get this message: "this file contains invalid data"

Answer 2 / 15

crapoulou Posted messages 28002 Registration date Status Moderator, Security Contributor Last intervention 8 046

You need to extract the content of the archive to the desktop: unzip it by clicking on Extract to > Desktop.
--
Got a problem? Visit CCM!
There’s no problem without a solution.

Answer 3 / 15

crapoulou Posted messages 28002 Registration date Status Moderator, Security Contributor Last intervention 8 046

But I just realized that the file is not a .rar but a findykill .exe!
So no decompression to do!
Sorry, it has changed, it's no longer zipped!
--
Got a problem? Head over to CCM!
There is no problem without a solution.

GLOCQ Posted messages 50 Status Member 3

Okay, but my problem remains unsolved. Apparently, I cannot run any software downloaded from the internet.
I'm afraid I'll have to format it. What do you think?

Answer 4 / 15

GLOCQ Posted messages 50 Status Member 3

I attempted the online scan with Kaspersky.
The initialization was very long and ultimately failed.
Note: I had disabled the Windows firewall, but I could not find how to disable my AVG antivirus.
Security level set to medium.
Here is the message received:
-------------------------------------------------------------------------------------------------------------------------------------------------------------
Initializing Kaspersky On-line Scanner
(Downloading and installing the Kaspersky On-line Scanner ActiveX control from the server to your computer)

Updating antivirus databases
(Downloading and installing the latest Kaspersky antivirus databases)

Failed to load Kaspersky On-line Scanner ActiveX control!

You must have administrator privileges on this workstation;
furthermore, you need to set the IE security level to Medium.
-----------------------------------------------------------------------------------------------------------------------------------------------------------

Answer 5 / 15

crapoulou Posted messages 28002 Registration date Status Moderator, Security Contributor Last intervention 8 046

I edited (changed) message 7: do what is said.
--
Got a problem? Head over to CCM!
There is no problem without a solution.

Answer 6 / 15

GLOCQ Posted messages 50 Status Member 3

alas, like the other applications, combo fix has downloaded and saved to the desktop, but nothing works to execute it: the usual message: "... exe is not a valid WIN32 application"
I cannot download any software.

Answer 7 / 15

crapoulou Posted messages 28002 Registration date Status Moderator, Security Contributor Last intervention 8 046

Try to re-download Findykill.
--
Got a problem? Visit CCM!
There's no problem without a solution.

GLOCQ Posted messages 50 Status Member 3

I tried Combo-fix and Findykill in safe mode. Same result: message... "not a valid win 32 application," and "A device attached to the system is not functioning properly."
Should I proceed with formatting?

Answer 8 / 15

crapoulou Posted messages 28002 Registration date Status Moderator, Security Contributor Last intervention 8 046

Try renaming them when downloading.
Example:
my-tool.exe

--
Got a problem? Head over to CCM!
There's no problem without a solution.

GLOCQ Posted messages 50 Status Member 3

Hello, I found a scan while browsing the forum that was able to execute: Hijackthis. I don't know if it can be helpful for diagnosing the problem.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:07:03, on 28/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\SigmaTel\Audio Drivers SigmaTel AC97\stacmon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\tsnp2std.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/en-us/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/en-us/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: WormRadar.com IESiteBlocker - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\Audio Drivers SigmaTel AC97\stacmon.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\E_S5E.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{14E274A3-5A7F-4FA0-BBCD-9E281F2B1B68}: NameServer = 84.103.237.141 86.64.145.141
O17 - HKLM\System\CS1\Services\Tcpip\..\{14E274A3-5A7F-4FA0-BBCD-9E281F2B1B68}: NameServer = 84.103.237.141 86.64.145.141
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: fwwazxqq - fwwazxqq.dll (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/PROPRI~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg

--
End of file - 8895 bytes

Answer 9 / 15

GLOCQ Posted messages 50 Status Member 3

The file is unzipped correctly. I double-click on findykill.exe, but I get the response: This file contains invalid data.

Answer 10 / 15

crapoulou Posted messages 28002 Registration date Status Moderator, Security Contributor Last intervention 8 046

Right-click here:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* In the dropdown menu, choose "Save Link Target As" (if you're using Firefox) and "Save Target As" (if you're using Internet Explorer)
* A window will open: in the File Name field (at the bottom), type this > combo-fix -- the dash is important. --
* We will save this file on the Desktop: to do this, on the left panel, click on Desktop.
* Finally, click on the Save button at the bottom right of the page.
* Make sure all programs are closed before running the fix!
* Double-click on combofix.exe.
* Click Yes on the Warranty Limitation message that appears.
* Your firewall may ask if you allow nircmd.cfexe access to the safe zone: accept!
* Note: Do not close the window that just opened, or you'll end up with an empty desktop!
* When the scan is finished, a report will be generated: post its contents in your next message.

If you lose the connection after running ComboFix, here's how to repair it:
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix#restore
--
Got a problem? Come to CCM!
There is no problem without a solution.

Answer 11 / 15

crapoulou Posted messages 28002 Registration date Status Moderator, Security Contributor Last intervention 8 046

Right-click here:
= = = = >>> By clicking here <<< = = = =

* In the dropdown menu, choose "Save Link Target As" (if you are using Firefox) and "Save Target As" (if you are using Internet Explorer)
* A window will open: in the File Name field (at the bottom), type this > combo-fix --> the dash is important. <--
* We will save this file on the Desktop: for that, in the left panel, click on Desktop.
* Finally, click on the Save button at the bottom right of the page.
* Make sure that all programs are closed before running the fix!
* Double-click on combofix.exe.
* Click Yes to the Warranty Limitation message that appears.
* Your firewall may ask if you accept or deny access to nircmd.cfexe in the trusted zone: accept!
* Note: Do not close the window that just opened, you would end up with an empty desktop!
* When the scan is complete, a report will be generated: post its content in your next message.
* Note: The report can also be found here: C:\ComboFix.txt

--
Do you have a problem? Visit CCM!
There is no problem without a solution.

GLOCQ Posted messages 50 Status Member 3

My problem is solved, thanks to Malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe.
This software found the Rootkik.agent virus and removed it.

Thank you very much for your help and advice.

Answer 12 / 15

crapoulou Posted messages 28002 Registration date Status Moderator, Security Contributor Last intervention 8 046

Are you sure it's really resolved??!
Please post the MBAM report and a new hijackthis.
--
Got a problem? Come over to CCM!
There is no problem without a solution.

GLOCQ Posted messages 50 Status Member 3

I think it’s resolved, as I was able to download Adobe Flash Player and ADSL TV without any problems. There’s still a small issue: IE doesn’t always connect on the first click. Sometimes it takes 2 or 3 tries, but I don’t know if that’s related. Here are the results of the scans.

MBAM report:

Malwarebytes' Anti-Malware 1.30
Database version: 1433
Windows 5.1.2600 Service Pack 3

29/11/2008 07:16:56
mbam-log-2008-11-29 (07-16-56).txt

Scan type: Full scan (C:\|)
Items examined: 105007
Elapsed time: 2 hour(s), 2 minute(s), 15 second(s)

Infected memory processes: 0
Infected memory modules: 0
Infected registry keys: 1
Infected registry values: 0
Infected registry data items: 0
Infected folders: 0
Infected files: 0

Infected memory processes:
(No malicious items detected)

Infected memory modules:
(No malicious items detected)

Infected registry keys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.

Infected registry values:
(No malicious items detected)

Infected registry data items:
(No malicious items detected)

Infected folders:
(No malicious items detected)

Infected files:
(No malicious items detected)

HIJACKTHIS LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:39:06, on 29/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\tsnp2std.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: WormRadar.com IESiteBlocker - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\E_S5E.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Java Console (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic[...]b?1218582753702
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic[...]b?1218582735907
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{14E274A3-5A7F-4FA0-BBCD-9E281F2B1B68}: NameServer = 86.64.145.147 84.103.237.147
O17 - HKLM\System\CS1\Services\Tcpip\..\{14E274A3-5A7F-4FA0-BBCD-9E281F2B1B68}: NameServer = 86.64.145.147 84.103.237.147
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: fwwazxqq - fwwazxqq.dll (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/PROPRI~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg

--
End of file - 8949 bytes

Answer 13 / 15

crapoulou Posted messages 28002 Registration date Status Moderator, Security Contributor Last intervention 8 046

Follow the procedure in message 15!
--
Got a problem? Head over to CCM!
There is no problem without a solution.

GLOCQ Posted messages 50 Status Member 3

Everything seems fine now, I think the issue is resolved. Thank you.

Answer 14 / 15

crapoulou Posted messages 28002 Registration date Status Moderator, Security Contributor Last intervention 8 046

It's up to you.
Good luck.
Still uninstall the installed software.
--
Got a problem? Come to CCM!
There is no problem without a solution.

Answer 15 / 15

Sup

############################## [ FindyKill V4.718 ]

# User : Germany (Administrators) # XPSP2-417311FF6
# Update on 01/03/09
# Start at: 17:54:42 | 2009-03-05

# Intel(R) Pentium(R) 4 CPU 3.00GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2, v.2149
# Internet Explorer 6.0.2900.2149
# Windows Firewall Status : Enabled

# A:\ # 3.5-inch Floppy Drive
# C:\ # Local Hard Disk # 18.64 Go (4.6 Go free) # NTFS
# D:\ # Local Hard Disk # 18.44 Go (12.29 Go free) # FAT32
# E:\ # Local Hard Disk # 18.44 Go (11.47 Go free) # FAT32
# F:\ # Local Hard Disk # 18.99 Go (8.32 Go free) # FAT32
# G:\ # CD-ROM Drive

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\Domino.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Infectious Files / Folders C:\ ]

################## [ C:\WINDOWS ]

################## [ C:\WINDOWS\system32 ]

################## [ C:\WINDOWS\system32\drivers ]

################## [ C:\.. Application Data ... ]

################## [ Registry / Infectious Keys ]

################## [ Search on Removable Media]

# Presence of files :

################## [ Registry / Mountpoint2 ]

Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa9a6346-4376-11dc-9379-00142ab48a2b}\Shell\AutoRun\command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8ef85e6-adb0-11dd-80aa-00142ab48a2b}\Shell\AutoRun\command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8ef85e6-adb0-11dd-80aa-00142ab48a2b}\Shell\explore\Command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8ef85e6-adb0-11dd-80aa-00142ab48a2b}\Shell\open\Command

################## [ ! End of Report # FindyKill V4.718 ! ]

crapoulou Posted messages 28002 Registration date Status Moderator, Security Contributor Last intervention 8 046

Sup,
Please post your own message on the forum.
Thanks.
Crapoulou.
--
Do you have a problem? Come to CCM!
There's no problem without a solution.

.exe is not a valid WIN32 application

15 answers

Unable to download

Uninstall totaladblock

Sony wh-1000xm5 not turning on after getting wet

Google photos transfer

Surface pro 4 tablet fully stuck, what to do ??

Broken black screen with talkback enabled and other issues help

Bounced emailsblocked emails

Canon mg6450 printer driver

Texture issues in enshrouded

What to buy for summer 2026