f5snj

Hello all,

Today, after I fiddled with a file downloaded via eMule, my computer suddenly rebooted.

Since then, my Antivirus (Avast) and Firewall (Comodo) have been shut down and of I try to run them I get a "Not a valid win32 application" error message.

I get the same error message when trying to run certain other programs as well (e.g. CCleaner).

I believe that I have been infected by what's known as Bagle or Beagle.

My wireless internet connection also went down after the sudden reboot, but after a bot of googling I managed to restore it by changing a registry key.

I have created the reports requested (see below and attached), but since then the computer crashed again, reporting a serious error, the details which are as follows:

BCCode : fe BCP1 : 00000002 BCP2 : 86675250 BCP3 : FD1C8A50
BCP4 : 85CA03B0 OSVer : 5_1_2600 SP : 3_0 Product : 768_1

C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\WERed29.dir00\Mini061309-01.dmp
C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\WERed29.dir00\sysdata.xml

Could someone PLEASE help me to get rid of this ? It's driving me nuts ! Thanks.


DDS (Ver_09-05-14.01) - NTFSx86
Run by Utilisateur at 16:52:45,21 on 13/06/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1022.466 [GMT 2:00]

AV: avast! antivirus 4.8.1335 [VPS 090612-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\xampplite\apache\bin\apache.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\xampplite\apache\bin\apache.exe
C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\SONICS~1\SsAAD.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Companion Photo\AzAgent.exe
C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Utilisateur\Bureau\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.fr/webhp?hl=fr
uInternet Connection Wizard,ShellNext = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
BHO: Aide pour le lien d'Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No File
TB: QT TabBar: {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll
TB: QT Tab Standard Buttons: {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - mscoree.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: {E7A829CC-671F-4C3D-B590-8C0AEA72E6B2} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [VisualTaskTips] c:\program files\visualtasktips\VisualTaskTips.exe
uRun: [Google Update] "c:\documents and settings\utilisateur\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /installquiet /nodetect
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [SystemTray] SysTray.Exe
mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [avast!] c:\progra~1\avast4\ashDisp.exe
mRun: [SsAAD.exe] c:\progra~1\sonics~1\SsAAD.exe
mRun: [COMODO Firewall Pro] "c:\program files\comodo\firewall\cfp.exe" -h
mRun: [snpstd] c:\windows\vsnpstd.exe
mRun: [AzAgent] "c:\program files\companion photo\AzAgent.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [TkBellExe] "c:\program files\fichiers communs\real\update_ob\realsched.exe" -osboot
mRun: [COMODO Internet Security] "c:\program files\comodo\firewall\cfp.exe" -h
mRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\utilis~1\menudm~1\progra~1\dmarra~1\adobeg~1.lnk - c:\program files\fichiers communs\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\utilis~1\menudm~1\progra~1\dmarra~1\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\bttray.lnk - c:\program files\widcomm\logiciel bluetooth\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\lancem~1.lnk - c:\windows\installer\{ac76ba86-1033-f400-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Ajouter au fichier PDF existant - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Envoyer à &Bluetooth - c:\program files\widcomm\logiciel bluetooth\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\logiciel bluetooth\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {FDD6CEF8-3C6E-42E0-BC7B-D730085CFABC} - hxxp://www.jaxtr.com/user/activex/JaxtrOutlookImporter.CAB
Notify: LBTWlgn - c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: lfstbwvd - {BFAC5915-69A9-4E0D-A018-117D874CAD1C} - No File
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\utilis~1\applic~1\mozilla\firefox\profiles\bcbsqwv2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - plugin: c:\documents and settings\utilisateur\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\utilisateur\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

============= SERVICES / DRIVERS ===============

R2 Apache2.2;Apache2.2;c:\xampplite\apache\bin\apache.exe [2009-1-8 24636]
R2 CyberLink Media Library Service(HP TVPlay);CyberLink Media Library Service(HP TVPlay);c:\program files\hp\tvplay\kernel\clml_ntservice\CLMLServer.exe [2006-7-26 1073152]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\hotspot shield\hsswpr\hsssrv.exe [2009-2-5 117208]
R2 TVPCapSvc;CyberLink Background Capture Service (CBCS HP TVPlay);c:\program files\hp\tvplay\kernel\tv\TVPCapSvc.exe [2006-7-26 258147]
R2 TVPSched;CyberLink Task Scheduler (CTS HP TVPlay);c:\program files\hp\tvplay\kernel\tv\TVPSched.exe [2006-7-26 114785]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [2009-2-25 31704]
S1 aswSP;avast! Self Protection; [x]
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys --> c:\windows\system32\drivers\cmdguard.sys [?]
S1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys --> c:\windows\system32\drivers\cmdhlp.sys [?]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswfsblk.sys --> c:\windows\system32\drivers\aswFsBlk.sys [?]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2006-10-11 450400]
S3 MODBDA2;DiBcom MOD3000 TV receiver;c:\windows\system32\drivers\modbda2.sys [2005-6-4 30464]
S3 PEEK5;PEEK5 Protocol Driver;\??\c:\docume~1\utilis~1\bureau\winair~1\peek5.sys --> c:\docume~1\utilis~1\bureau\winair~1\PEEK5.SYS [?]
S4 avast! Antivirus;avast! Antivirus;c:\program files\avast4\ashServ.exe [2006-11-3 138680]
S4 avast! Mail Scanner;avast! Mail Scanner;c:\program files\avast4\ashMaiSv.exe [2006-11-3 254040]
S4 avast! Web Scanner;avast! Web Scanner;c:\program files\avast4\ashWebSv.exe [2006-11-3 352920]
S4 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\firewall\cmdagent.exe [2007-12-28 692496]

=============== Created Last 30 ================

2009-06-13 16:32 61,963 a------- C:\mdelk.exe
2009-06-13 15:56 <DIR> --d----- c:\docume~1\utilis~1\applic~1\Malwarebytes
2009-06-13 15:55 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-13 15:55 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-13 15:55 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-13 15:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-13 14:34 <DIR> --d----- C:\FindyKill
2009-06-13 13:29 <DIR> --d----- C:\Muestras

==================== Find3M ====================

2009-06-13 16:28 514,296 a------- c:\windows\system32\perfh00C.dat
2009-06-13 16:28 86,100 a------- c:\windows\system32\perfc00C.dat
2009-05-16 08:10 168,208 a------- c:\windows\system32\guard32.dll
2009-05-07 17:33 348,672 a------- c:\windows\system32\localspl.dll
2009-05-07 17:33 348,672 -------- c:\windows\system32\dllcache\localspl.dll
2009-05-01 20:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-04-28 11:06 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 11:06 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-25 07:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe
2009-04-25 07:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-04-19 21:50 1,847,296 a------- c:\windows\system32\win32k.sys
2009-04-19 21:50 1,847,296 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 16:53 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 16:53 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-03-21 16:07 1,054,720 -------- c:\windows\system32\dllcache\kernel32.dll
2008-08-24 21:01 87,608 a------- c:\docume~1\utilis~1\applic~1\inst.exe
2008-08-24 21:01 47,360 a------- c:\docume~1\utilis~1\applic~1\pcouffin.sys
2007-02-07 22:33 258 a------- c:\docume~1\utilis~1\applic~1\wklnhst.dat
2001-03-28 13:02 122,880 a------- c:\windows\inf\agfa\message.exe
2006-08-10 16:29 22 a--sh--- c:\windows\sminst\HPCD.sys
2008-05-17 15:04 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\historique\history.ie5\mshist012008051720080518\index.dat

============= FINISH: 16:53:02,00 ===============

Attached Files

Attach.zip (7.9 KB, 3 views)