Results 1 to 10 of 10

Thread: Win32 application errors

  1. #1
    Junior Member
    Join Date
    Oct 2007
    Posts
    7

    Default Win32 application errors

    I've the same problem athere but I can't post in that thread
    Here's my ComboFix log and HijackThis log after ComboFix

  2. #2
    Junior Member
    Join Date
    Oct 2007
    Posts
    7

    Default

    Here's my HijackThis log before ComboFix




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:36:46 PM, on 10/24/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    F:\Programs\Utility\UniKey\UniKeyNT.exe
    F:\Programs\Utility\WinVNKey v5.3.431\winNT\winvnkey.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\Microsoft Office\Office12\GrooveShellExtensions.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Windows SP System] svchost.exe
    O4 - HKCU\..\Run: [UniKey] F:\Programs\Utility\UniKey\UniKeyNT.exe
    O4 - HKCU\..\Run: [WinVNKey] F:\Programs\Utility\WinVNKey v5.3.431\winNT\winvnkey.exe
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download FLV videos with IDM from 10 last requested - C:\Program Files\Internet Download Manager\IEGetVL2.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
    O15 - Trusted Zone: http://*.bugs.co.kr
    O15 - Trusted Zone: http://*.gamevn.com
    O15 - Trusted Zone: http://*.softexia.com
    O15 - Trusted IP range: http://192.168.1.1
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1192893758187
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1192975944750
    O17 - HKLM\System\CCS\Services\Tcpip\..\{684E5CF5-A8BA-4C3A-83F8-D888F1C2BA4A}: NameServer = 208.67.222.222,208.67.220.220,192.168.1.1
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 5483 bytes

  3. #3
    Junior Member
    Join Date
    Oct 2007
    Posts
    7

    Default

    Please help me!
    Do you need more information ?

  4. #4
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
    "BEFORE you POST" (READ this Procedure before Requesting Assistance)
    http://forums.spybot.info/showthread.php?t=288
    All advice given is taken at your own risk.
    Please make sure you have read this information so we are on the same page.

    Keep in mind we are volunteers who try to help at a lot of forums and we are certainly going to try to help folks that take the time to follow the directions.
    You have done little of that at this point. Posted above at the most important ones, but look at the top of the forum and read them all. Then you will not be posting logs you should not be posting.

    Now if I have you attention I will tell you that you have a very bad trojan, here read about it:
    O4 - HKLM\..\Run: [Windows SP System] svchost.exe
    http://www.castlecops.com/startuplist-12304.html
    http://www.sophos.com/virusinfo/anal...bancbanjc.html
    Steals credit card details
    Records keystrokes
    Installs itself in the Registry


    Of course I suggest you stay offline while you decide how to proceed with this problem and that you take the actions suggested in the information I am about to post to protect your security.
    There may be more hidden junk that HJT can not see, I can not say at this point since you have no supplied the online scan requested in the instructions.

    A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to by used by the attacker for malicious purposes unknown to the user.

    One or more of the identified infections is a backdoor trojan.
    This allows hackers to remotely control your computer, steal critical system information and Download and Execute files
    I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
    Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

    How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
    http://www.dslreports.com/faq/10451

    When Should I Format, How Should I Reinstall
    http://www.dslreports.com/faq/10063

    Please let us know what you have decided to do in your next post.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  5. #5
    Junior Member
    Join Date
    Oct 2007
    Posts
    7

    Default

    Here's Kaspersky online scanner log, because it's too big, I comressed the log
    Terribly, all exe were infected

  6. #6
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    OK, and thanks for the information. I do not like to open files from an infected computer but did so in this case. Did you review the information I posted for you? My suggestion would be to take this computer offline right away and reformat the computer.

    http://spyware-free.us/tutorials/reformat/
    http://www.cyberwalker.net/faqs/how-...stall-faq.html
    http://helpdesk.its.uiowa.edu/window...s/reformat.htm

    Thanks

    Here is some great information from experts in this field.
    http://users.telenet.be/bluepatchy/m...revention.html
    http://forums.spybot.info/showthread.php?t=279
    http://russelltexas.com/malware/allclear.htm
    http://forum.malwareremoval.com/viewtopic.php?t=14
    http://www.bleepingcomputer.com/forums/topict2520.html
    http://cybercoyote.org/security/not-admin.shtml

    Thanks...pskelley
    Safer Networking Forums
    http://www.spybot.info/en/donate/index.html
    If you are reading this information...thank a teacher,
    If you are reading it in English...thank a soldier.
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  7. #7
    Junior Member
    Join Date
    Oct 2007
    Posts
    7

    Default

    But it's only a text file

  8. #8
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    All logs should be copy/pasted into topic and not attached unless requested by helper in that format.
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  9. #9
    Junior Member
    Join Date
    Oct 2007
    Posts
    7

    Default

    Ok thanks pskelley
    Now my concernment is disconnect from the internet, reformat, reinstall OS, update Windows, update Antivirus software then can reconnect ?

  10. #10
    Junior Member
    Join Date
    Oct 2007
    Posts
    7

    Default

    Ohhhhhhh
    Sooooooooooooooooo luckyyyyyyyyyyy
    I tried to delete all exe file in all partition without system partition and the problem was solved
    Yeahhhhhhhhhhhhhhhhhhhhhhh

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •