"is not a valid Win32 application" Trojan? Windows 7 (64 Bit)- Logs Attached -Help!

Re: "is not a valid Win32 application" Trojan? Windows 7 (64 Bit)- Logs Attached -Hel

Welcome to Major Geeks!

You forgot the log from RogueKiller. Looks like you forgot to download and run it. You ran Rkill which we did not request. However do not bother with this now. I will request a new log from a new scan at the end of the below.

Uninstall the below old versions of Java:
Java 7 Update 17
Java(TM) 6 Update 24

Now install the current version of Sun Java from: Sun Java Runtime Environment

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: vToolbarUpdater15.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe

After clicking Fix, exit HJT.


Please download OTM by Old Timer and save it to your Desktop.

• Run it by double clicking on it (Note: if using Vista, Win7, or Win8, don't double click, use right click and select Run As Administrator).
• Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
  (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
  the code box

Code:

:Processes
explorer.exe
 
:Services
AVGIDSAgent
avgwd
vToolbarUpdater15.2.0
 
:Files
C:\Users\Matt\Documents\Adobe Photoshop CS3 Extended Portable\CSDATA\1000000800002i\svchost.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
C:\$AVG
C:\Program Files (x86)\AVG
C:\Program Files (x86)\AVG Secure Search
C:\Program Files (x86)\Common Files\AVG Secure Search
C:\Windows\SysNative\drivers\avgtdia.sys
C:\Windows\SysNative\drivers\avgtpx64.sys
C:\Windows\TEMP\*.*
C:\Users\Matt\AppData\Local\Temp\*.*
:Reg
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"AVG_TRAY"=-
"vProt"=-
[HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\windows\currentVersion\Run]
"AVG_TRAY"=-
"vProt"=-
 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\s]
[purity]
[EmptyTemp]
[start explorer]

[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
  ) and choose Paste.
• Now click the large button.
• If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
• Close OTM.

Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
this log file to your next message.

Now download and run RogueKiller as request in the READ & RUN ME FIRST and save a log.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


Then attach the below logs:

• the C:\_OTM\MovedFiles log
• the RogueKillerlog
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Re: "is not a valid Win32 application" Trojan? Windows 7 (64 Bit)- Logs Attached -Hel

You're welcome.

Try using the below to remove it:

Revo Uninstaller 1.94

Uninstall both CCleaner and Winrar. Then redownload and reinstall and see if the helps:

CCleaner

WinRAR 4.2.0

Yes of course it is. My last instructions deleted it since it appeared to be broken and not properly installed. In addition you have McAfee installed so you should not have AVG installed. Finish removing it by running the below:

AVG Remover 2013.3341

 

Re: "is not a valid Win32 application" Trojan? Windows 7 (64 Bit)- Logs Attached -Hel

You're welcome.

It is sounding like ou have a bunch of damage to the Windows operating system. Not sure we can fix this here in the Malware Forum, but let's run a couple of things and see what happens.


Click Start, Run, and enter sfc /scannow and click OK. There is a space after the sfc. This runs System File Checker which looks for missing or corrupted system files and attempts to replace/repair them from files on your hard disk or from the CD if necessary. So it will ask for the Windows CD if it needs it.


Be patient while doing the below. The fixes can sometimes take quite awhile to run. Especially the permissions repairs. It may be best to kick it off and goto bed or do something else. It is better not to run anything while the repairs are going on.



Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.

• Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)
• Now select the Start Repairs tab.
• The click the Start button.
• Create a System Restore point if prompted.
• On the next screen, click the Unselect All button to first deselect all repairs.
• Now select the following repair options:
  • Reset Registry Permissions
  • Reset File Permissions
  • Register System Files
  • Repair WMI
  • Remove Policies Set By Infections
  • Repair Proxy Settings
  • Repair Windows Updates
  • Set Windows Services To Default Startup
• Now on the lower right side check the box to Restart/Shutdown System When Finished
• Then make sure the Restart System radio button is enabled.
• Shutdown any other programs that you are running now before continuing.
• Now click the Start button.
• Be patient while the tool repairs the selected items.
• It should reboot automatically when finished.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).



Then attach the below logs:

• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Re: "is not a valid Win32 application" Trojan? Windows 7 (64 Bit)- Logs Attached -Hel

I believe your problem is with your Windows installation. Did you at some point run a System Restore?

Also why haven't you installed your updates to Windows 7. You do not have Service Pack 1 installed.

Yes.

The infection is gone. If you are thinking of doing a reinstall anyway, I would first suggest trying to completely uninstall McAfee and also run below afterwards to make sure it is removed:

McAfee Consumer Product Removal Tool 6.5.101.0

Then I make sure you reboot. Then download WinRAR 4.2.0 and reinstall it. Does WinRAR work now?

 

Re: "is not a valid Win32 application" Trojan? Windows 7 (64 Bit)- Logs Attached -Hel

You did not address my question about having used System Restore.

Also you did not answer my question about WinRAR.

Now I want to see you current status of running software.

So run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\MGlogs.zip

 

Re: "is not a valid Win32 application" Trojan? Windows 7 (64 Bit)- Logs Attached -Hel

You will have to try the same approach as with Winrar. Uninstall with Revo doing a complete cleanup and then reinstall.

Based on your logs you never uninstalled McAfee as requested back in message # 8.