Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

lsass.exe trojan?


  • This topic is locked This topic is locked
2 replies to this topic

#1 Eman70

Eman70

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 05 March 2011 - 10:29 PM

My sisters laptop wont start up! 10% off the time it will. But when it doesn't, I see a lsass.exe error. I cant read it all, it keeps rebooting. I cant even boot to safe mode or to he BIOS. I tried installing fresh copy of XP and I can't even use the keyboard.
When it does start up, a ACPI new hardware wants me to restat. It does show a blue screen few times about ACPI

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by SONIA at 17:02:29.50 on Sat 03/05/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.279 [GMT -8:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: System Shield *Disabled/Updated* {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\SONIA\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page =
uSearch Bar =
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm021YYUS&fl=0&ptb=BjLvf35N4Kor.ReYW.01.A&url=http://www.ask.com/web&q={searchTerms}&l=zk&o=sb
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant =
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80114
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: {9A782146-1AEF-4ebc-9641-D4309F8A67A4} - No File
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [YSearchProtection] c:\program files\yahoo!\search protection\YspService.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Transfer by Image Converter 2 - c:\program files\sony\image converter 2\menu.htm
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\windows\system32\iavlsp.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/serialharvest/gwCID.CAB
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: igfxcui - igfxsrvc.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\sonia\applic~1\mozilla\firefox\profiles\tteaepwe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZKxdm021YYUS&ptb=BjLvf35N4Kor.ReYW.01.A&psa=&ind=2008021314&ptnrS=ZKxdm021YYUS&si=&st=kwd&n=77aff942&searchfor=
FF - plugin: c:\documents and settings\sonia\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-2-12 64512]
R2 AMP;AMP;c:\windows\system32\drivers\amp.sys [2010-1-19 127016]
R2 AMPSE;AMPSE;c:\windows\system32\drivers\ampse.sys [2010-1-19 1118248]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2011-2-10 724664]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2011-2-10 724664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1405384]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
R2 vseamps;vseamps;c:\program files\common files\authentium\antivirus5\vseamps.exe [2010-1-19 121384]
R2 vsedsps;vsedsps;c:\program files\common files\authentium\antivirus5\vsedsps.exe [2010-1-19 117288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15232]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-2-11 27064]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 vseqrts;vseqrts;c:\program files\common files\authentium\antivirus5\vseqrts.exe [2010-1-19 158248]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2005-3-9 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-03-06 00:41:11 131840 ----a-w- c:\windows\system32\OLDB.tmp
2011-03-06 00:41:09 2069376 ----a-w- c:\windows\system32\OLD7.tmp
2011-03-06 00:41:08 2192768 ----a-w- c:\windows\system32\OLD4.tmp
2011-02-26 20:04:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-02-26 20:04:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-02-25 03:20:25 -------- d-----w- C:\AV-CLS
2011-02-25 02:57:00 388096 ----a-r- c:\docume~1\sonia\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-02-25 02:56:58 -------- d-----w- c:\program files\Trend Micro
2011-02-24 01:37:41 -------- d-----w- c:\program files\Enigma Software Group
2011-02-24 01:37:06 -------- d-----w- c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP
2011-02-24 01:36:53 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-02-24 01:24:02 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-02-13 01:10:21 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-02-13 01:10:11 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-13 01:04:46 -------- d-----w- c:\docume~1\sonia\locals~1\applic~1\Sunbelt Software
2011-02-13 00:57:55 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-02-13 00:55:58 -------- d-----w- c:\program files\Lavasoft
2011-02-13 00:45:54 -------- d-----w- c:\docume~1\sonia\applic~1\Windows Search
2011-02-13 00:05:22 -------- d-----w- c:\windows\system32\winrm
2011-02-13 00:05:16 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-02-12 23:01:52 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-02-12 23:00:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2011-02-12 22:55:05 -------- d-sh--w- c:\documents and settings\sonia\PrivacIE
2011-02-12 22:46:29 -------- d-sh--w- c:\documents and settings\sonia\IETldCache
2011-02-12 20:29:40 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-02-12 20:28:24 -------- d-----w- c:\windows\ie8updates
2011-02-12 20:27:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-02-12 20:27:10 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-02-12 20:27:10 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-02-12 20:23:16 -------- dc-h--w- c:\windows\ie8
2011-02-12 20:01:16 -------- d-----w- c:\windows\system32\XPSViewer
2011-02-12 20:00:26 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-02-12 19:59:39 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-02-12 19:59:39 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-02-12 19:59:39 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-02-12 19:59:39 117760 ------w- c:\windows\system32\prntvpt.dll
2011-02-12 19:59:38 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-02-12 19:59:38 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-02-12 19:59:36 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-02-12 19:59:36 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-02-12 19:59:29 -------- d-----w- C:\364f98d0f1fbb6e996976f22a638af
2011-02-12 19:50:29 -------- d-----w- c:\docume~1\sonia\applic~1\Windows Desktop Search
2011-02-12 19:49:51 -------- d-----w- c:\windows\system32\GroupPolicy
2011-02-12 19:49:51 -------- d-----w- c:\program files\Windows Desktop Search
2011-02-12 19:47:34 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2011-02-12 19:47:34 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2011-02-12 19:47:34 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2011-02-11 16:54:59 -------- d-----w- c:\docume~1\sonia\locals~1\applic~1\VS Revo Group
2011-02-11 16:54:44 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-02-11 16:54:40 -------- d-----w- c:\program files\VS Revo Group
2011-02-11 16:27:54 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
2011-02-11 16:27:54 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
2011-02-11 16:27:54 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2011-02-11 16:27:54 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
2011-02-11 16:27:54 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
2011-02-11 16:27:52 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
2011-02-11 16:27:51 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll
2011-02-11 05:09:25 -------- d-----w- c:\program files\common files\Authentium
2011-02-11 05:09:03 118784 ----a-w- c:\windows\system32\iavlsp.dll
2011-02-11 05:08:59 511328 ----a-w- c:\program files\common files\microsoft shared\capicom\CAPICOM.DLL
2011-02-11 05:08:58 87688 ----a-w- c:\windows\system32\IncContxMenu.dll
2011-02-11 05:08:58 2234040 ----a-w- c:\windows\system32\Incinerator.dll
2011-02-11 05:08:54 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2011-02-11 05:08:54 11776 ----a-w- c:\windows\system32\smrgdf.exe
2011-02-11 05:08:53 -------- d-----w- c:\program files\iolo
2011-02-11 05:01:24 74703 ----a-w- c:\windows\system32\mfc45.dll
2011-02-11 05:01:14 -------- d-----w- c:\docume~1\sonia\applic~1\iolo
2011-02-11 05:01:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\iolo
.
==================== Find3M ====================
.
2011-03-03 09:19:52 90112 ----a-w- c:\windows\DUMP6b1d.tmp
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ------w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ------w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38:47 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:05 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 17:03:50.59 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:55 AM

Posted 13 March 2011 - 06:49 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:55 AM

Posted 03 April 2011 - 07:30 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users