anti-malware bytes won't install

swinster · 10-19-2009, 01:47 PM

Hi folks

Tried installing malware bytes anti-malware bytes program (through recommendation), my current anti-virus AVG picked up on this - quarantined it thought it was a trojan (can't remember name, but it was something like trojan.banker..JO5). I checked the source of download and new it was ok, so I un-installed AVG and ran the anti-malware bytes executable file and nothing happened. I've since reinstalled avg and now it has no problem with the anti-malware bytes executable file sitting on my desktop, although when I click to start it I get this message

c:\users\THOMAS\Desktop\mbam-setup.exe is not a valid win32 application

can you have a look at this for me?
do I really need this malware bytes anti-malware program if i have avg or have I stumbled on a problem that has until now remained hidden. any advice would be greatly appreciated.

Here is the DDS log information

DDS (Ver_09-10-13.01) - NTFSx86
Run by THOMAS SWINHOE at 19:58:37.16 on 19/10/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_10
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.2047.1213 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Spyware *disabled* (Updated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\RamBooster 2.0\Rambooster.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\THOMAS SWINHOE\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [RamBooster] c:\program files\rambooster 2.0\Rambooster.exe
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
uPolicies-explorer: HideClock = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoFileAssociate = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
AppInit_DLLs: avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\thomas~1\appdata\roaming\mozilla\firefox\profiles\f6egise9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\users\thomas swinhoe\appdata\roaming\mozilla\firefox\profiles\f6egise9.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false

============= SERVICES / DRIVERS ===============

R0 crpf;crpf;c:\windows\system32\drivers\crpf.sys [2009-3-29 37920]
R0 csdf;cdsf;c:\windows\system32\drivers\csdf.sys [2009-3-29 40480]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-10-19 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-19 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-30 360584]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-1-22 159600]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-11-17 55024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-10-19 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-10-19 285392]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-1-22 73840]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-7-11 114024]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-1-22 95640]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-5-19 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-5-19 297752]
S2 gupdate1ca490f6ca37e79;Google Update Service (gupdate1ca490f6ca37e79);c:\program files\google\update\GoogleUpdate.exe [2009-10-9 133104]
S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 6\DfSdkS.exe [2009-7-12 410976]
S3 rkhdrv40;Rootkit Unhooker Driver;c:\windows\system32\drivers\rkhdrv40.sys [2008-11-9 24448]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-11-17 7408]
S4 ActiveSMART Service;ActiveSMART Service;c:\program files\activesmart 2.71\ASmartService.exe [2009-8-26 573720]
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2009-7-20 935208]

=============== Created Last 30 ================

2009-10-19 19:19 0 a------- c:\windows\system32\commonpriv.log.lock
2009-10-19 19:17 <DIR> --d-h--- C:\$AVG
2009-10-19 19:15 <DIR> --d----- c:\programdata\avg9
2009-10-19 19:15 <DIR> --d----- c:\progra~2\avg9
2009-10-19 19:06 <DIR> --d----- c:\users\thomas~1\appdata\roaming\AVG8
2009-10-17 15:47 <DIR> --d----- c:\programdata\Symantec
2009-10-17 15:47 <DIR> --d----- c:\programdata\Norton
2009-10-17 15:47 <DIR> --d----- c:\progra~2\Symantec
2009-10-17 15:47 <DIR> --d----- c:\progra~2\Norton
2009-10-17 15:47 <DIR> --d----- c:\programdata\NortonInstaller
2009-10-17 15:47 <DIR> --d----- c:\progra~2\NortonInstaller
2009-10-17 15:44 <DIR> --d----- c:\windows\system32\Adobe
2009-10-16 18:44 213,504 a------- c:\windows\system32\msv1_0.dll
2009-10-16 18:44 3,597,896 a------- c:\windows\system32\ntkrnlpa.exe
2009-10-16 18:44 3,546,184 a------- c:\windows\system32\ntoskrnl.exe
2009-10-16 18:44 61,440 a------- c:\windows\system32\msasn1.dll
2009-10-16 18:43 144,896 a------- c:\windows\system32\drivers\srv2.sys
2009-10-16 18:43 604,672 a------- c:\windows\system32\WMSPDMOD.DLL
2009-10-15 12:42 29,272 a----r-- c:\windows\system32\AdobePDF.dll
2009-10-09 19:35 <DIR> --d----- c:\program files\common files\DivX Shared
2009-10-09 19:35 <DIR> --d----- c:\program files\DivX
2009-10-07 16:23 <DIR> --d----- c:\windows\system32\EventProviders
2009-10-07 16:03 <DIR> --d----- c:\programdata\Office Genuine Advantage
2009-10-07 16:03 <DIR> --d----- c:\users\thomas swinhoe\Office Genuine Advantage
2009-10-07 15:29 2,421,760 a------- c:\windows\system32\wucltux.dll
2009-10-07 15:28 87,552 a------- c:\windows\system32\wudriver.dll
2009-10-07 15:28 171,608 a------- c:\windows\system32\wuwebv.dll
2009-10-07 15:28 33,792 a------- c:\windows\system32\wuapp.exe
2009-10-04 23:57 195,440 -------- c:\windows\system32\MpSigStub.exe

==================== Find3M ====================

2009-10-19 19:17 360,584 a------- c:\windows\system32\drivers\avgtdix.sys
2009-10-19 19:17 333,192 a------- c:\windows\system32\drivers\avgldx86.sys
2009-10-19 19:17 12,464 a------- c:\windows\system32\avgrsstx.dll
2009-10-15 17:47 20 ----h--- c:\programdata\PKP_DLec.DAT
2009-10-15 17:47 20 ----h--- c:\programdata\PKP_DLds.DAT
2009-10-15 17:47 20 ----h--- c:\progra~2\PKP_DLec.DAT
2009-10-15 17:47 20 ----h--- c:\progra~2\PKP_DLds.DAT
2009-10-07 15:51 86,016 a------- c:\windows\inf\infstrng.dat
2009-10-07 15:51 51,200 a------- c:\windows\inf\infpub.dat
2009-10-07 15:51 86,016 a------- c:\windows\inf\infstor.dat
2009-09-02 03:09 176,128 a------- c:\windows\system32\drivers\Rtlh86.sys
2009-08-28 22:15 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-08-28 13:39 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-28 13:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 13:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 13:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 13:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 11:15 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-14 17:29 104,960 a------- c:\windows\system32\netiohlp.dll
2009-08-14 17:29 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 15:16 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 15:16 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 15:16 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 15:16 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 15:16 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 15:16 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 15:16 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-04 19:52 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-07-22 10:24 94,208 a------- c:\windows\system32\RTNUninst32.dll
2008-07-31 12:49 174 a--sh--- c:\program files\desktop.ini
2008-07-31 12:37 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 13:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 19:59:11.39 ===============

Thanks
Tom