Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

a mysterious dll file is missing (says error pop-up)


  • This topic is locked This topic is locked
3 replies to this topic

#1 roniven

roniven

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 16 April 2010 - 05:36 PM

Major issue here!

I loaded AVG last night (and some associated toolbar, per AVG install). AVG immediately flagged two issues (even before I ran a scan). I

requested a fix. (note: during AVG install, it requested I remove Norton and I did remove Norton).

After loading AVG, Google Chrome got an error stating "This application has failed to start because msjrdu.dll was not found. Re-installing the

application may fix the problem." However, I closed the warning and Google Chrome operated normally. NOTE: I googled the dll file and no entries

were found for this mysterious dll.

I shut-down the computer and upon re-boot I now get the same warning pop-up when windows boots and for every single exe that loads up upon

boot. And for every application I try to open. If I x-out (or close) the pop-up, then my desired application will run (all except Google Chrome and

Firefox and Adobe).

So far, I have loaded and run many spyware applications (AVG, Spybot, Super Spyware, Malwarebytes). And I ran the online scan from Microsoft

(called Safety Scanner via onecare live website). The Safety Scanner ststed that two problems could not be fixed. Finally I ran ComboFix - which

told me that I have an infected system32 imm (or something) file. But ComboFix was not able to fix the problem.

Please help!!!! The log from ComboFix is here:


-------------------
ComboFix 10-04-15.05 - Administrator 04/16/2010 16:04:45.1.1 - x86
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\QUAD Backups
c:\documents and settings\Administrator\Application Data\QUAD Backups\04.16.2010,14-04-36\HKEY_CLASSES_ROOT.reg
c:\documents and settings\Administrator\Application Data\QUAD Backups\04.16.2010,14-04-36\HKEY_CURRENT_CONFIG.reg
c:\documents and settings\Administrator\Application Data\QUAD Backups\04.16.2010,14-04-36\HKEY_CURRENT_USER.reg
c:\documents and settings\Administrator\Application Data\QUAD Backups\04.16.2010,14-04-36\HKEY_LOCAL_MACHINE.reg
c:\documents and settings\Administrator\Application Data\QUAD Backups\04.16.2010,14-04-36\HKEY_USERS.reg
c:\documents and settings\Administrator\Application Data\QUAD Backups\06.27.2009,08-00-38\Automatic.reg
c:\documents and settings\Administrator\Application Data\QUAD Backups\06.28.2009,08-22-40\Automatic.reg
c:\documents and settings\Administrator\Application Data\QUAD Backups\06.29.2009,06-48-59\Automatic.reg
c:\documents and settings\Administrator\Application Data\QUAD Backups\06.30.2009,10-54-11\Automatic.reg
c:\documents and settings\Administrator\Application Data\QUAD Backups\07.27.2009,11-05-28\Automatic.reg
c:\documents and settings\Administrator\Recent\Thumbs.db
c:\documents and settings\Administrator\Start Menu\Programs\QUAD Utilities
c:\documents and settings\Administrator\Start Menu\Programs\QUAD Utilities\QUAD RegistryCleaner\QUAD RegistryCleaner.lnk
c:\documents and settings\Administrator\Start Menu\Programs\QUAD Utilities\QUAD RegistryCleaner\Uninstall QUAD RegistryCleaner.lnk
c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
c:\program files\QUAD Utilities
c:\program files\QUAD Utilities\QUAD RegistryCleaner\program.log
c:\program files\QUAD Utilities\QUAD RegistryCleaner\QUAD RegistryCleaner.exe
c:\program files\QUAD Utilities\QUAD RegistryCleaner\Scheduler.dll
c:\program files\QUAD Utilities\QUAD RegistryCleaner\Styles\Vista.cjstyles
c:\recycler\S-1-5-21-1708537768-602609370-725345543-500
c:\recycler\S-1-5-21-4261962953-2847145338-1083065114-500
C:\Thumbs.db
c:\windows\system32\AutoRun.inf
c:\windows\system32\Thumbs.db

c:\windows\system32\imm32.dll . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2010-03-16 to 2010-04-16 )))))))))))))))))))))))))))))))
.

2010-04-16 07:16 . 2010-04-16 07:16 -------- d-----w- C:\$AVG
2010-04-15 19:09 . 2010-04-15 19:13 -------- d-----w- c:\program files\Windows Live Safety Center
2010-04-15 17:50 . 2010-04-15 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-15 17:50 . 2010-04-15 17:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-15 17:50 . 2010-04-15 17:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-04-15 17:49 . 2010-04-15 17:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-15 17:47 . 2010-04-15 17:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-15 17:47 . 2010-04-15 17:47 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-04-15 17:47 . 2010-04-15 17:47 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-04-15 17:47 . 2010-04-15 17:47 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-15 17:47 . 2010-04-15 17:47 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-15 17:47 . 2010-04-15 17:47 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-15 17:46 . 2010-04-16 14:42 -------- d-----w- c:\windows\system32\drivers\Avg
2010-04-15 17:44 . 2010-04-15 17:44 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-04-15 17:44 . 2010-04-15 17:44 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-04-15 17:42 . 2010-04-15 17:42 -------- d-----w- c:\program files\AVG
2010-04-15 10:23 . 2010-03-09 10:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-15 10:23 . 2010-03-09 10:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-15 10:23 . 2010-03-09 10:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-15 10:23 . 2010-03-09 10:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-15 10:23 . 2010-03-09 10:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-15 10:23 . 2010-03-09 10:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-15 10:23 . 2010-03-09 10:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-15 10:23 . 2010-03-09 10:24 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-15 10:23 . 2010-03-09 10:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-15 10:23 . 2010-04-15 10:23 -------- d-----w- c:\program files\Alwil Software
2010-04-15 10:23 . 2010-04-15 10:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-04-14 23:03 . 2010-04-15 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-11 09:42 . 2006-10-27 00:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-04-11 09:42 . 2006-10-27 00:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-04-11 09:40 . 2010-04-11 09:40 -------- d-----w- c:\program files\Microsoft Works
2010-04-11 09:39 . 2010-04-11 09:39 -------- d-----w- c:\program files\MSBuild
2010-04-11 09:37 . 2010-04-11 09:37 -------- d-----w- c:\program files\Microsoft.NET
2010-04-11 09:30 . 2010-04-11 09:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Help
2010-04-11 09:29 . 2010-04-11 09:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-11 09:06 . 2010-04-11 09:06 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-04-11 09:05 . 2008-04-07 10:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-04-11 09:05 . 2008-04-07 10:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2010-04-04 23:39 . 2010-04-04 23:39 -------- d-----w- C:\dory-n-paris
2010-03-31 17:52 . 2010-04-15 17:23 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2010-03-29 11:21 . 2010-03-29 11:21 -------- d-----w- c:\program files\Microsoft Time Zone
2010-03-20 19:12 . 2010-03-20 19:12 -------- d-----w- c:\program files\Common Files\Nero
2010-03-20 19:08 . 2010-03-20 19:11 -------- d-----w- c:\program files\Nero
2010-03-20 17:15 . 2010-03-20 18:36 -------- d-----w- c:\program files\Total Video Converter
2010-03-20 16:15 . 2010-03-20 16:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVS4YOU
2010-03-20 16:12 . 2010-03-20 17:10 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-03-20 16:11 . 2008-08-13 15:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-03-20 16:11 . 2010-03-20 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-03-20 16:11 . 2008-08-13 15:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-03-20 16:11 . 2008-08-13 15:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-03-20 16:11 . 2010-04-15 09:11 -------- d-----w- c:\program files\AVS4YOU

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-16 08:23 . 2010-04-15 17:52 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-16 08:23 . 2010-04-15 17:51 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-15 18:51 . 2010-04-15 18:51 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-15 18:51 . 2010-04-15 18:51 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-15 17:50 . 2010-04-15 17:50 65024 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2010-04-15 17:50 . 2010-04-15 17:50 18944 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
2010-04-15 17:06 . 2008-12-03 14:16 -------- d-----w- c:\program files\Lavasoft Ad-aware 6
2010-04-15 16:10 . 2008-12-03 16:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-15 16:09 . 2010-04-15 16:09 5918775 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-15 09:24 . 2010-03-12 19:26 -------- d-----w- c:\program files\Elaborate Bytes
2010-04-15 08:28 . 2008-12-03 18:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-14 20:20 . 2010-02-09 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-04-14 20:18 . 2005-10-14 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-04-11 09:53 . 2005-12-15 16:16 95512 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-10 21:48 . 2010-03-12 19:18 -------- d-----w- c:\program files\SlySoft
2010-04-10 21:47 . 2010-02-27 18:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitTorrent
2010-04-02 19:40 . 2007-06-30 16:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2010-03-30 05:46 . 2008-12-03 16:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 05:45 . 2008-12-03 16:50 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-12 19:46 . 2010-03-12 19:46 -------- d-----w- c:\program files\Cucusoft
2010-03-12 19:46 . 2010-03-12 19:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\GetRightToGo
2010-03-12 19:24 . 2010-03-12 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft
2010-03-09 13:14 . 2010-03-03 13:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\gtk-2.0
2010-03-03 13:01 . 2010-03-03 13:01 -------- d-----w- c:\program files\GIMP-2.0
2010-02-27 18:15 . 2010-02-27 18:15 -------- d-----w- c:\program files\BitTorrent
2004-08-04 08:00 . 2004-08-04 08:00 4096 --sha-w- c:\windows\system32\nfhfynbyj.dat
.

------- Sigcheck -------

[-] 2008-12-03 . 2438B14041CFDFCD42162DA3B31E0774 . 110592 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-10 133104]
"Timezone"="c:\program files\Microsoft Time Zone\TimeZone.exe" [2004-10-19 712704]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 88363]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-30 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-30 114688]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-31 122940]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 729177]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-10-11 499712]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-08-24 397312]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-09-07 213054]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-07-04 184320]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 20:28 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-15 17:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 19:41 40960 ----a-w- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Call Me for Skype.lnk]
backup=c:\windows\pss\Call Me for Skype.lnkStartup
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Call Me for Skype.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Disney^Mix Central^Uninstall Disney Mix-It Plug-in and Skin.lnk]
backup=c:\windows\pss\Uninstall Disney Mix-It Plug-in and Skin.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Disney\Mix Central\Uninstall Disney Mix-It Plug-in and Skin.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 03:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 07:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 22:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
2008-04-17 01:18 2516344 ----a-w- c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-05-10 15:12 133104 ----atw- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 02:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-30 09:19 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2008-03-26 23:41 1232896 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-04-16 17:53 1079808 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2005-09-07 15:57 86016 ----a-w- c:\program files\HPQ\HP ProtectTools Security Manager\pthosttr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-03-11 17:00 24095528 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-15 18:23 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 08:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 02:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2010-04-15 30104]
R3 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [2010-04-15 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [2010-04-15 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [2010-04-15 26120]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
S0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSxx.sys [2010-04-15 25096]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-04-15 52872]
S1 aswSP;aswSP; [x]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-04-15 216200]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-04-15 242696]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2004-08-04 14336]
S2 aswFsBlk;aswFsBlk; [x]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-04-15 308064]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-04-15 2325816]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2010-04-15 30104]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [2005-05-31 87936]
S3 swmx02;HP ev2200 USB MUX Driver (02);c:\windows\system32\DRIVERS\swmx02.sys [2005-09-15 57600]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3120095592-837586283-1490110683-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-10 15:12]

2010-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3120095592-837586283-1490110683-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-10 15:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.netaddress.com/
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyServer = 168.116.162.7:1234
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath -

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-QUAD Scheduler - c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
MSConfigStartUp-QUAD Windows service - c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-16 16:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????8?6?2?8??????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3120095592-837586283-1490110683-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,21,17,a4,04,2c,b7,39,42,9f,2e,c6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,21,17,a4,04,2c,b7,39,42,9f,2e,c6,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1360)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

- - - - - - - > 'explorer.exe'(6164)
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\program files\HPQ\IAM\Bin\SFSShell.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng-us.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\DllHost.exe
c:\program files\HPQ\IAM\bin\asghost.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\windows\System32\SCardSvr.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\FolderSize\FolderSizeSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\windows\AGRSMMSG.exe
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\HPQ\SHARED\HPQTOA~1.EXE
c:\program files\HPQ\SHARED\HPQWMI.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2010-04-16 16:30:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-16 21:30

Pre-Run: 18,075,480,064 bytes free
Post-Run: 18,006,355,968 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Debug COM 1 Baud 57600" /fastdetect /debug /debugport=com1 /baudrate=57600
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Debug 1394 Channel 44" /fastdetect /debug /debugport=1394 /channel=44

- - End Of File - - DCF36E0E91544224313BF87E3B3FAB92

-------------------

EDIT: Moved from XP to Malware Removal Logs, more appropriate forum ~ Hamluis.

Edited by hamluis, 16 April 2010 - 05:42 PM.


BC AdBot (Login to Remove)

 


#2 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:08:49 AM

Posted 21 April 2010 - 07:02 PM

Hi roniven,

Welcome to Bleeping Computer.

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don''t understand, don''t hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.
STEP 1 - Preparation Guide

Please follow the instructions in the Preparation Guide until you have reached step 6. You may stop once you have finished step 6 and continue with the instructions here.

STEP 2 - MBAM

Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

STEP 4 - OTL

Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • In the Custom Scans box, copy and paste the following:
    CODE
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of the files, and post it with your next reply.
STEP 5 - Reply

Please reply with the following logs:
  • MBAM Log
  • GMER Log
  • OTL Log

Edited by mpascal, 21 April 2010 - 07:58 PM.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:49 PM

Posted 21 April 2010 - 07:05 PM

Edited

Edited by m0le, 21 April 2010 - 07:23 PM.

Posted Image
m0le is a proud member of UNITE

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:49 PM

Posted 26 April 2010 - 06:46 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users