Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The application or DLL C:\WINDOWS\system32\kbdit14232.dll is not a valid windows image


  • This topic is locked This topic is locked
18 replies to this topic

#1 monsterbob

monsterbob

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Location:Albay, Philippines
  • Local time:07:11 AM

Posted 17 July 2010 - 05:11 AM

I already tried spybot, malwarebytes, dr. web and superantispyware. I can only use my office computer in safe mode.

Thanx in advance.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:11 PM

Posted 17 July 2010 - 09:28 AM

Hello,The Not a valid Win32 application/image error message can be caused by a number of possibilities.
  • File is corrupt, bad, or missing.
  • File is not designed for your version of Windows.
  • Hardware incompatibility.
  • Malware infection (i.e. W32.Beagle/W32.Bagle worm, W32.Sonic.Worm, etc.)
If malware related, the infection may have altered the Safeboot keys and added a hidden service or a dangerous rootkit which can be difficult to remove as well as compromising the affected machine to other malware attacks.


Please perform a scan with Kaspersky Online Virus Scanner.
-- Requires free Java Runtime Environment (JRE) to be installed before scanning for malware as ActiveX is no longer being used.
-- This scan will not remove any detected file threats but it will show where they are located so they can be cleaned with other tools.
  • Vista users need to right-click the IE or FF Start Menu or Quick Launch Bar icons and Run As Administrator from the context menu.
  • Read the "Advantages - Requirements and Limitations" then press the Posted Image... button.
  • You will be prompted to install an application from Kaspersky. Click the Run button. It will start downloading and installing the scanner and virus definitions.
  • When the downloads have finished, you should see 'Database is updated. Ready to scan'. Click on the Posted Image... button.
  • Make sure these boxes are checked. By default, they should be. If not, please check them and click on the Posted Image... button afterwards:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
  • Click on My Computer under the Scan section. OK any warnings from your protection programs.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • Once the scan is complete (the 'status' will show complete), click on View Scan Report and any infected objects will be shown.
  • Click on Save Report As... and change the Files of type to Text file (.txt)
  • Name the file KAVScan_ddmmyy (day, month, year) before clicking on the Save button and save it to your Desktop.
  • Copy and paste (Ctrl+C) the saved scan results from that file in your next reply.
-- Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 monsterbob

monsterbob
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Location:Albay, Philippines
  • Local time:07:11 AM

Posted 19 July 2010 - 12:32 AM

According to Kaspersky online scanner my pc did not pass the system requirements.

is there any other scanner that we can use to scan my machine?

thanx boopme for immediate reply.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:11 PM

Posted 19 July 2010 - 08:33 AM

Try these ...

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.

Please run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 monsterbob

monsterbob
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Location:Albay, Philippines
  • Local time:07:11 AM

Posted 19 July 2010 - 11:13 PM

because i'm running in safe mode i was not able to scan my pc with F-secure (the window of the f-secure is to big to be displayed on my monitor i can't click the scan/next button) but the result of bitdefender scan is here.

QuickScan Beta 32-bit v0.9.9.22
-------------------------------
Scan date: Tue Jul 20 11:13:33 2010
Machine ID: 48AFDAF5



No infection found.
-------------------



Processes
---------
<verified> Google Chrome 420 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
<verified> Google Chrome 1044 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
<verified> Google Chrome 1096 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
<verified> Google Chrome 1364 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
<verified> Google Chrome 1388 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
<verified> Google Chrome 2020 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
<verified> Microsoft® Windows® Operating System 500 C:\WINDOWS\system32\ctfmon.exe


Network activity
----------------
Process chrome.exe (1364) connected on port 80 (HTTP) --> tz-in-f101.1e100.net
Process chrome.exe (1364) connected on port 80 (HTTP) --> tz-in-f101.1e100.net
Process chrome.exe (1364) connected on port 80 (HTTP) --> ni-in-f104.1e100.net



Autoruns and critical files
---------------------------
<unsigned> kbdit14232.dll c:\windows\system32\kbdit14232.dll
<unsigned> kbdit32.dll c:\windows\system32\kbdit32.dll
<unsigned> kbdit3232.dll c:\windows\system32\kbdit3232.dll
<unsigned> kbdla32.dll c:\windows\system32\kbdla32.dll
<unsigned> kbdla32.dllex30032.dll c:\windows\system32\kbdla32.dllex30032.dll
<unsigned> kbdla32.dllex30032.dllzp0seh832.dll c:\windows\system32\kbdla32.dllex30032.dllzp0seh832.dll
<unsigned> kbdla32.dllex30032.dllzp0seh832.dllbq3i c:\windows\system32\kbdla32.dllex30032.dllzp0seh832.dllbq3io5xao32.dll
<unsigned> kbdla32.dllex30032.dllzp0seh832.dllbq3i c:\windows\system32\kbdla32.dllex30032.dllzp0seh832.dllbq3io5xao32.dll4wj3k932.dll
<unsigned> TeaTimer.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

<verified> Google Update C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
<verified> Google Update C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
<verified> Malwarebytes' Anti-Malware C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
<verified> Malwarebytes' Anti-Malware C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
<verified> Messenger C:\Program Files\Messenger\msmsgs.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cmd.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
<verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
<verified> Microsoft® Windows® Operating System c:\windows\syswow64\browseui.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\SysWOW64\shell32.dll
<verified> Microsoft® Windows® Operating System c:\windows\syswow64\stobject.dll
<verified> Microsoft® Windows® Operating System c:\windows\syswow64\webcheck.dll
<verified> SpybotSD.exe C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
<verified> SuperAntiSpyware c:\program files (x86)\superantispyware\sasseh.dll
<verified> SUPERAntiSpyware WinLogon Processor C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
<verified> USBGuard Application C:\Program Files (x86)\USB Disk Security\USBGuard.exe


Browser plugins
---------------
<unsigned> Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

<verified> AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
<verified> Adobe Acrobat C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll
<verified> AutocompletePro c:\program files (x86)\autocompletepro\autocompletepro.dll
<verified> BitDefender QuickScan C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.22\npqscan.dll
<verified> BitDefender QuickScan C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.22\npqslauncher.dll
<verified> Google Update C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
<verified> Java™ Platform SE 6 U20 c:\program files (x86)\java\jre6\bin\jp2ssv.dll
<verified> Java™ Platform SE 6 U20 c:\program files (x86)\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<verified> Messenger C:\Program Files\Messenger\msmsgs.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\System32\mswsock.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
<verified> Microsoft® Windows® Operating System c:\windows\syswow64\shdocvw.dll
<verified> NPSWF32.dll C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll
<verified> sdhelper.dll c:\program files (x86)\spybot - search & destroy\sdhelper.dll


Missing files
-------------
File not found: WlNotify.dll
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn\"DllName"

File not found: command.com /c del "C:\Documents and Settings\Administrator\Application Data\SystemProc\lsass.exe"
referenced in: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\"SpybotDeletingA6856"
referenced in: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\"SpybotDeletingB6821"

File not found: p507kndb32.dll
referenced in: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\"AppInit_DLLs"

File not found: p507kndb32.dll9es8np7rxg32.dll
referenced in: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\"AppInit_DLLs"

File not found: p507kndb32.dll9es8np7rxg32.dll8el03oc32.dll
referenced in: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\"AppInit_DLLs"

File not found: p507kndb32.dll9es8np7rxg32.dll8el03oc32.dll74taiacrxic32.dll
referenced in: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\"AppInit_DLLs"

File not found: wlnotify.dll
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp\"DllName"
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule\"DllName"
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon\"DllName"


Scan
----
<unsigned> MD5: 390679f7a217a5e73d756276c40ae887 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
<unsigned> MD5: 32a783fe8d78db883368ca851e274dbe C:\WINDOWS\system32\Adobe\Director\np32dsw.dll


No file uploaded.

Scan finished - communication took 5 sec
Total traffic - 0.00 MB sent, 0.07 KB recvd
Scanned 174 files and modules - 7 seconds

==============================================================================

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:11 PM

Posted 20 July 2010 - 03:08 PM

Can we do a Gmer rootkit scan??

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 monsterbob

monsterbob
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Location:Albay, Philippines
  • Local time:07:11 AM

Posted 20 July 2010 - 09:47 PM

"GMER hasn't found any system modification."

that's the only message I got after running GMER.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:11 PM

Posted 20 July 2010 - 10:00 PM

Ok, I am not satisfied either here. i think the Bagle or another type malware is hidden.'
We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
Include the GMER comment you posted earlier.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 monsterbob

monsterbob
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Location:Albay, Philippines
  • Local time:07:11 AM

Posted 20 July 2010 - 11:07 PM

"This tool does not support your operating system" according to DDS.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:11 PM

Posted 20 July 2010 - 11:14 PM

You have 64 bit system?
Use OTL and GMER

  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 monsterbob

monsterbob
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Location:Albay, Philippines
  • Local time:07:11 AM

Posted 20 July 2010 - 11:34 PM

yes i'mm using 64bit OS.

"403 Forbidden

Access to this resource on the server is denied!
Powered By LiteSpeed Web Server
LiteSpeed Technologies is not responsible for administration and contents of this web site!" when I click the link

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:11 PM

Posted 21 July 2010 - 12:09 AM

Ok ,found out that G2G (hosts the mirror for OTL) is down due to an attack currently. Th e bad guys are attacking the site.. It's just all fun here in malware world.
That's likely the issue with OTL. We will need the OTL log at least. My recommendation is to wait a while (at least a few hours) and see if they get the site back up.

Then post the OTL.. Thanks

:trumpet: I have to go circle the wagons around BC now. :flowers: :thumbsup:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 monsterbob

monsterbob
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Location:Albay, Philippines
  • Local time:07:11 AM

Posted 21 July 2010 - 12:10 AM

ok. thanx a lot!

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:11 PM

Posted 21 July 2010 - 12:21 AM

Welcome, just let me know if you get a log posted, :thumbsup:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:11 PM

Posted 21 July 2010 - 02:59 PM

Here's another OTL link,site's still down

http://www.bleepingcomputer.com/forums/ind...t&p=1851405
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users