|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
02-02-2009, 04:09 PM
|
#1 (permalink) |
|
Registered User
Join Date: Feb 2009
Posts: 1
OS: Windows XP version 2002
|
C:\resycled\boot.com is not a valid Win32 application : Pls HELP!!
Hello there,
I connected a flashdrive to my computer and it all started from that point, i think so. Now when I click on c:\ drive, a message pops up saying "C:\resycled\boot.com is not a valid Win32 application" I am including all the file as directed. Please help me.. Thanks in advance.. DDS.TXT is pasted below and two file are attached with the post. Thank you Nawal DDS (Ver_09-02-01.01) - NTFSx86 Run by nawal.sharma at 9:32:11.82 on Tue 03/02/2009 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1267 [GMT 11:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\lxcqcoms.exe c:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Lexmark 9300 Series\lxcqmon.exe C:\Program Files\Lexmark 9300 Series\ezprint.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\RunDLL32.EXE C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\Nawal.sharma\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = file:///C:/index.htm uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll uURLSearchHooks: sudeep333 Toolbar: {68f17a93-fc78-4565-8bb4-04105d1725cc} - c:\program files\sudeep333\tbsude.dll BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: sudeep333 Toolbar: {68f17a93-fc78-4565-8bb4-04105d1725cc} - c:\program files\sudeep333\tbsude.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll BHO: NoExplorer - No File TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll TB: sudeep333 Toolbar: {68f17a93-fc78-4565-8bb4-04105d1725cc} - c:\program files\sudeep333\tbsude.dll EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll EB: Web Test Recorder: {8c84b9f5-3d9e-4204-bb0b-f85d46455868} - mscoree.dll uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [lxcqmon.exe] "c:\program files\lexmark 9300 series\lxcqmon.exe" mRun: [EzPrint] "c:\program files\lexmark 9300 series\ezprint.exe" mRun: [LXCQCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCQtime.dll,_RunDLLEntry@16 mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe" mRun: [<NO NAME>] mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe mPolicies-explorer: NoWelcomeScreen = 1 (0x1) IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226359172239 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226359575676 DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab TCP: NameServer = 85.255.116.138,85.255.112.19 TCP: {6DC1AF85-0A4B-40EF-AD8C-41295EA9AD80} = 85.255.116.138,85.255.112.19 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll ================= FIREFOX =================== FF - ProfilePath - ============= SERVICES / DRIVERS =============== R2 lxcq_device;lxcq_device;c:\windows\system32\lxcqcoms.exe -service --> c:\windows\system32\lxcqcoms.exe -service [?] R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2005-10-14 199384] R2 msftesql$LOCALCDDB;SQL Server FullText Search (LOCALCDDB);c:\program files\microsoft sql server\mssql.1\mssql\binn\msftesql.exe [2005-8-26 92880] R2 MSOLAP$LOCALCDDB;SQL Server Analysis Services (LOCALCDDB);c:\program files\microsoft sql server\mssql.2\olap\bin\msmdsrv.exe [2005-10-14 14557912] R2 MSSQL$LOCALCDDB;SQL Server (LOCALCDDB);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2005-10-14 28768528] R2 ReportServer$LOCALCDDB;SQL Server Reporting Services (LOCALCDDB);c:\program files\microsoft sql server\mssql.4\reporting services\reportserver\bin\ReportingServicesService.exe [2005-10-14 14552] R2 SQLAgent$LOCALCDDB;SQL Server Agent (LOCALCDDB);c:\program files\microsoft sql server\mssql.1\mssql\binn\SQLAGENT90.EXE [2005-10-14 318680] R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2008-11-11 1275584] S3 VSPerfDrv;Performance Tools Driver;c:\program files\microsoft visual studio 8\team tools\performance tools\VSPerfDrv.sys [2005-9-23 54464] S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808] =============== Created Last 30 ================ 2009-01-30 15:38 <DIR> --dshr-- C:\resycled 2009-01-30 15:38 253 ---shr-- C:\autorun.inf 2009-01-28 14:47 <DIR> --d----- C:\IER_Website_Dump 2009-01-21 14:07 <DIR> --d----- C:\ResearchPro 2009-01-21 12:19 <DIR> --d----- C:\Projects 2009-01-21 12:17 <DIR> --d----- c:\program files\Microsoft Visual SourceSafe 2009-01-20 12:12 <DIR> --d----- C:\DotNetNuke 2009-01-15 10:41 <DIR> --d----- c:\program files\Ghostgum 2009-01-15 10:36 43 a------- c:\windows\gswin32.ini 2009-01-15 10:35 <DIR> --d----- c:\program files\gs 2009-01-13 15:08 <DIR> --d----- C:\TempDownload ==================== Find3M ==================== 2008-12-11 21:57 333,952 a------- c:\windows\system32\drivers\srv.sys 2008-11-18 14:51 950 a------- c:\windows\fonts\TMix9Ei_.PFM 2008-11-18 14:51 938 a------- c:\windows\fonts\TMix9E__.PFM 2008-11-18 14:51 958 a------- c:\windows\fonts\TMix8Ei_.PFM 2008-11-18 14:51 946 a------- c:\windows\fonts\TMix8E__.PFM 2008-11-18 14:51 944 a------- c:\windows\fonts\TMix7Ei_.PFM 2008-11-18 14:50 932 a------- c:\windows\fonts\TMix7E__.PFM 2008-11-18 14:50 952 a------- c:\windows\fonts\TMix6Ei_.PFM 2008-11-18 14:50 944 a------- c:\windows\fonts\TMix6E__.PFM 2008-11-18 14:50 940 a------- c:\windows\fonts\TMix5Ei_.PFM 2008-11-18 14:50 928 a------- c:\windows\fonts\TMix5E__.PFM 2008-11-18 14:50 958 a------- c:\windows\fonts\TMix4Ei_.PFM 2008-11-18 14:50 946 a------- c:\windows\fonts\TMix4E__.PFM 2008-11-18 14:50 950 a------- c:\windows\fonts\TMix3Ei_.PFM 2008-11-18 14:50 938 a------- c:\windows\fonts\TMix3E__.PFM 2008-11-18 14:50 960 a------- c:\windows\fonts\TMix2Ei_.PFM 2008-11-18 14:50 948 a------- c:\windows\fonts\TMix2E__.PFM 2008-11-12 12:53 22,866 a------- c:\windows\fonts\Gopika.zip 2008-11-11 10:42 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2008-11-11 09:47 21,640 a------- c:\windows\system32\emptyregdb.dat ============= FINISH: 9:32:27.08 =============== Last edited by scatterbrainall; 02-02-2009 at 04:22 PM. |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
02-05-2009, 11:19 AM
|
#2 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,723
OS: 2000 Pro; XP Pro; XP Home
|
Re: C:\resycled\boot.com is not a valid Win32 application : Pls HELP!!
Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.
Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed. --------------------------------------------------------------------------------------------- I see no AntiVirus application installed. An AntiVirus is a must have for machines connected to the internet today. Connecting to the Internet without antivirus protection is a "Welcome" doormat for malware. It can take as little as eight seconds to infect an unprotected computer. There are excellent free AntiVirus applications available today, so there's no reason to be unprotected. We will address that during the course of this fix. I will tell you when. --------------------------------------------------------------------------------------------- Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete. Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum. --------------------------------------------------------------------------------------------- Please visit this webpage for download links, and instructions for running combofix: http://www.bleepingcomputer.com/comb...o-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please include the C:\ComboFix.txt in your next reply for further review.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you.  Microsoft MVP - Consumer Security 2009
|
|
|
|
|
02-09-2009, 02:23 PM
|
#3 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,723
OS: 2000 Pro; XP Pro; XP Home
|
Re: C:\resycled\boot.com is not a valid Win32 application : Pls HELP!!
Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:
NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
| Thread Tools | |
|
|
