Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

not a valid win32 application and wscntfy.exe missing...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

not a valid win32 application and wscntfy.exe missing...

Unread postby lunelautre » November 19th, 2009, 6:00 am

Here is the Combofix report

ComboFix 09-11-18.07 - Séverine 19/11/2009 14:25.5.1 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.1.1252.33.1036.18.446.98 [GMT 1:00]
Lancé depuis: c:\documents and settings\Séverine\Bureau\ccm.exe
Commutateurs utilisés :: /u

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-10-19 au 2009-11-19 ))))))))))))))))))))))))))))))))))))
.

2009-11-19 13:03 . 2009-11-19 13:03 129536 ----a-w- c:\windows\system32\xmlprov.dll
2009-11-19 12:55 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-11-19 12:42 . 2009-11-19 12:42 -------- d-----w- C:\FOUND.000
2009-11-18 12:54 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-18 12:54 . 2009-11-18 12:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-18 12:54 . 2009-09-10 13:53 18520 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-18 12:54 . 2009-11-18 12:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-18 12:30 . 2005-10-20 22:34 1006592 ----a-w- c:\windows\system32\esent.dll
2009-11-18 12:09 . 2004-07-01 22:08 360960 ----a-w- c:\windows\system32\dllcache\qmgr.dll
2009-11-18 12:09 . 2004-07-01 22:08 331776 ----a-w- c:\windows\system32\winhttp.dll
2009-11-18 12:09 . 2004-07-01 22:08 331776 ----a-w- c:\windows\system32\dllcache\winhttp.dll
2009-11-18 12:09 . 2004-07-01 22:08 17408 ----a-w- c:\windows\system32\qmgrprxy.dll
2009-11-18 12:09 . 2004-07-01 22:08 17408 ----a-w- c:\windows\system32\dllcache\qmgrprxy.dll
2009-11-18 11:56 . 2009-11-18 11:56 -------- d-----w- C:\XPSP2
2009-11-17 15:48 . 2009-11-17 15:48 -------- d-----w- c:\program files\WindSolutions
2009-11-17 15:48 . 2009-11-17 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\WindSolutions
2009-11-17 07:51 . 2009-11-17 07:51 -------- d-----w- c:\program files\Tabla SW
2009-11-12 22:16 . 2009-11-12 22:17 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-11-12 22:15 . 2009-11-12 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-10 20:12 . 2009-11-10 20:12 -------- d-----w- c:\program files\Fichiers communs\Skype

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-15 11:59 . 2008-09-27 12:53 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 11:56 . 2008-09-27 12:55 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-15 11:56 . 2008-09-27 12:55 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 11:55 . 2008-09-27 12:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 11:54 . 2008-09-27 12:55 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 11:54 . 2008-09-27 12:55 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 11:53 . 2008-09-27 12:55 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-15 11:53 . 2008-09-27 12:55 97480 ----a-w- c:\windows\system32\AvastSS.scr
2008-01-12 09:28 . 2008-01-12 09:28 2 --sha-r- c:\windows\winstart.bat
.

------- Sigcheck -------


[-] 2009-11-19 . 912591E2055E26566D1CB54092A7E8B0 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll

[7] 2005-01-28 07:53 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2002-12-17 17:45 . 4A38A7A585EED0EBA03EA025A82DAC04 . 52736 . . [9.0.1.56] . . c:\windows\system32\MsPMSNSv.dll
[-] 2002-12-17 17:45 . 4A38A7A585EED0EBA03EA025A82DAC04 . 52736 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

c:\windows\system32\wscntfy.exe ... manque !!
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2002-11-15 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2002-11-18 561152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-03-01 77824]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2003-05-07 36864]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-05-14 55296]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-04-01 88267]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2003-04-24 13312]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Wireless-G Notebook Adapter Utility.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Wireless-G Notebook Adapter Utility.lnk
backup=c:\windows\pss\Wireless-G Notebook Adapter Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Séverine^Menu Démarrer^Programmes^Démarrage^Notification de cadeaux MSN.lnk]
path=c:\documents and settings\Séverine\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk
backup=c:\windows\pss\Notification de cadeaux MSN.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27/09/2008 13:55 114768]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [12/02/2007 16:41 63555]
S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [12/02/2007 16:43 114616]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [31/05/2007 16:01 21344]
S3 IPN2220;Wireless-G Notebook Adapter ver.4.0 Driver;c:\windows\System32\DRIVERS\i2220ntx.sys --> c:\windows\System32\DRIVERS\i2220ntx.sys [?]
S3 PAC207;CamMaestro 3.01 DU PC Camera;c:\windows\system32\drivers\pfc027.sys [17/06/2004 10:05 136832]
S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\RTL8180.sys [01/09/2003 13:33 173184]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\System32\DRIVERS\CT_ZTEMT_U_USBSER.sys --> c:\windows\System32\DRIVERS\CT_ZTEMT_U_USBSER.sys [?]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
.
------- Examen supplémentaire -------
.
mStart Page = hxxp://fr.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uInternet Settings,ProxyServer = 10.1.0.2:9090
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\Séverine\Application Data\Mozilla\Firefox\Profiles\womjh2vg.default\
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt ... =MIMWA5&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\progra~1\YAHOO!\COMMON\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-19 14:39
Windows 5.1.2600 Service Pack 1 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1320)
c:\windows\System32\ODBC32.dll

- - - - - - - > 'lsass.exe'(1376)
c:\windows\System32\dssenh.dll

- - - - - - - > 'explorer.exe'(2304)
c:\windows\System32\msi.dll
.
Heure de fin: 2009-11-19 14:42
ComboFix-quarantined-files.txt 2009-11-19 13:42
ComboFix2.txt 2009-11-19 08:59

Avant-CF: 14 202 339 328 octets libres
Après-CF: 14 172 995 584 octets libres

- - End Of File - - 6CD87186483A3A20B4049D20E3290A98


and the hijack log :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:36, on 19/11/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\aMSN\bin\wish.exe
C:\Documents and Settings\Séverine\Bureau\hijackthis-2.0.2.75917.exe
C:\DOCUME~1\SÉVERINE\LOCALS~1\Temp\hijackthis-2.0.2.75917.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.1.0.2:9090
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: &Yahoo!ƒc[ƒ‹ƒo[ - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... ase370.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8544979055
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8547346984
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 5765 bytes


thanks for helping : i was trying to set up windows xp sp2... and it said its not a valid win 32 application...
then i realized many things go wrong : slow internet connection
and i cant acces to the processes when doing ctrl+alt+del...

please help me
lunelautre
Active Member
 
Posts: 1
Joined: November 19th, 2009, 5:48 am
Advertisement
Register to Remove

Re: not a valid win32 application and wscntfy.exe missing...

Unread postby MWR 3 day Mod » November 22nd, 2009, 10:59 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: not a valid win32 application and wscntfy.exe missing...

Unread postby NonSuch » November 26th, 2009, 3:37 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27301
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware