Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 5 of 5 Posts

·
Registered
Joined
·
110 Posts
Discussion Starter · #1 ·
My coworkers computer has a system error box poping up saying that an error occurred with the file wininw32.exe, when the computer shuts down. Can anyone tell me what wininw32.exe file does? Whats its purpose? thanks in advance
 

·
Registered
Joined
·
110 Posts
Discussion Starter · #2 ·
jrochte said:
My coworkers computer has a system error box poping up saying that an error occurred with the file wininw32.exe, when the computer shuts down. Can anyone tell me what wininw32.exe file does? Whats its purpose? thanks in advance
How about rasser965m.exe?
 

·
Registered
Joined
·
49,013 Posts
Malware and it needs to be removed

SpywareBlaster 3.4 http://majorgeeks.com/download2859.html
SpyBot V1.4 http://www.majorgeeks.com/download2471.html * NEW *
AdAware SE 1.06 http://www.majorgeeks.com/download506.html - * NEW *
MS AntiSpy - http://download.microsoft.com/downl...-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe (XP and W2K only)

DL them (they are free), install them, check each for their
definition updates
and then run AdAware and Spybot, fixing anything
they say.

In SpywareBlaster - Always enable all protection after updates
In SpyBot - After an update run immunize

Do these and reboot before the next step.

Then get HiJack This V1.99.1 http://thespykiller.co.uk/files/hijackthis_sfx.exe - double click the DL file and click unzip letting it extract to its default folder C:\Program FIles\HiJackThis, run it from there, DO NOT fix anything, post the log here.
 

·
Registered
Joined
·
110 Posts
Discussion Starter · #4 ·
Okay, here it is.

Logfile of HijackThis v1.99.0
Scan saved at 1:02:21 PM, on 6/23/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\mcafee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\QuickBooks Online Backup\OLRegCap.EXE
C:\Program Files\QuickBooks Online Backup\OLlaunch.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\mcafee.com\PERSON~1\MpfAgent.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\System32\atl81200.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
C:\WINDOWS\Web\tcpwin.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\PERSON~1\MpfTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\browsewm.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\w?wexec.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\QuickBooks Online Backup\OLSysTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\wuauclt.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: QuickBooks Online Backup RegCap - Intuit Inc. - C:\Program Files\QuickBooks Online Backup\OLRegCap.EXE
O23 - Service: QuickBooks Online Backup Launcher - Intuit Inc. - C:\Program Files\QuickBooks Online Backup\OLlaunch.exe

Thank you again for the help
 

·
Registered
Joined
·
49,013 Posts
That is not all of the log

Open the log in notepad

EDIT - SELECT ALL
EDIT - COPY

Then come to this message, and in the quick reply box click in the white space and then EDIT - PASTE
 
1 - 5 of 5 Posts
Status
Not open for further replies.
Top