Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rundll32.exe will not respond at shut down


  • Please log in to reply
7 replies to this topic

#1 druidknight44

druidknight44

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 23 July 2012 - 07:11 PM

I am running Windows XP Home Edition Service Pack 3. I recently started having problems with the rundll32.exe file not ending at shutdown. I had some malware on my machine, but have managed to get it cleaned off using many tools such as Malwarebytes, SuperAntiSpyware, and Avast. But now I have this problem that I can't seem to solve. I can get the runddl32.exe file to shut down and allow the computer to shut down if I end it (it does give me the option). Do you have any suggestions on how to get this fixed?

Edited by hamluis, 30 July 2012 - 08:59 AM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,551 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:25 AM

Posted 24 July 2012 - 11:30 AM

Post the exact error message, please.

What makes you so sure that your system is "no longer" infected? Especially in light of the fact that you had to use "many tools" in your efforts?

I see that your April topic in the MRL forum was not completed. The malware that you spoke of in your initial post yesterday...are you referring to the problems you posted about in April?

Louis

Edited by hamluis, 24 July 2012 - 11:40 AM.


#3 druidknight44

druidknight44
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 25 July 2012 - 05:51 PM

The exact error message is:
Endprogram Rundll32.exe
The program is not responding. To return to Windows and check the status of the program, click Cancel. If you choose to end the program immediately, you will lose any unsaved data. To end the program now, click End Now.

This error message happens when I try to shut down the computer. If I click End Now, it will shut down.

As far as the viruses go, I was running Trend Micro Titanium as antivirus, but that program is useless. It allowed a TDSSRootkit virus in. The only reason I know this is it finally recognized that it was there and told me, but wouldn't fix it. I downloaded TDSSKiller from Kaspersky to get rid of the TDSS virus, and then downloaded Avast, Malware Bytes, and SuperAntiSpyware to help finish cleaning up. None of the 3 of these sees any more viruses after running a full scan by each of them on my machine. It is possible, I'm sure, and if you know of something else I should try and see if there is still a virus, I am willing to try it.

As far as the April problem goes, I think it got fixed. At least I didn't notice any more problems. I don't think the two are related. I could be wrong.

Any suggestions you have I am willing to try.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:25 AM

Posted 25 July 2012 - 09:44 PM

Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

#5 druidknight44

druidknight44
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 29 July 2012 - 04:04 PM

Here is the output from Autoruns:

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Ad-Aware Browsing Protection" "Ad-Aware Browsing Protection" "Lavasoft" "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "avast" "avast! Antivirus" "AVAST Software" "c:\program files\avast software\avast\avastui.exe"
+ "DivXUpdate" "DivX Update" "" "c:\program files\divx\divx update\divxupdate.exe"
+ "HP Software Update" "hpwuSchd Application" "Hewlett-Packard" "c:\program files\hp\hp software update\hpwuschd2.exe"
+ "ISUSPM Startup" "InstallShield Update Service Update Manager" "InstallShield Software Corporation" "c:\program files\common files\installshield\updateservice\isuspm.exe"
+ "ISUSScheduler" "InstallShield Update Service Scheduler" "InstallShield Software Corporation" "c:\program files\common files\installshield\updateservice\issch.exe"
+ "Kernel and Hardware Abstraction Layer" "Logitech KHAL Main Process" "Logitech, Inc." "c:\windows\khalmnpr.exe"
+ "Malwarebytes' Anti-Malware" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamgui.exe"
+ "Microsoft Default Manager" "Microsoft Default Manager" "Microsoft Corporation" "c:\program files\microsoft\search enhancement pack\default manager\defmgr.exe"
+ "RTHDCPL" "Realtek HD Audio Control Panel" "Realtek Semiconductor Corp." "c:\windows\rthdcpl.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "Trend Micro Client Framework" "Trend Micro Client Session Agent Monitor" "Trend Micro Inc." "c:\program files\trend micro\uniclient\uifrmwrk\uiwatchdog.exe"
+ "Trend Micro Titanium" "Trend Micro Client Main Console" "Trend Micro Inc." "c:\program files\trend micro\titanium\uiframework\uiwinmgr.exe"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
+ "Logitech SetPoint.lnk" "Logitech SetPoint Event Manager (UNICODE)" "Logitech, Inc." "c:\program files\logitech\setpoint\setpoint.exe"
+ "WDDMStatus.lnk" "WD Drive Manager Status" "Western Digital Technologies, Inc." "c:\program files\western digital\wd smartware\wd drive manager\wddmstatus.exe"
"C:\Documents and Settings\Scott\Start Menu\Programs\Startup" "" "" ""
+ "GameStop Now.lnk" "GameStop Now" "GameStop Corp." "c:\program files\stardock\impulse\now\gamestopnow.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "APN" "Creative " "Creative Technology Ltd" "c:\documents and settings\scott\local settings\application data\graboid\apn\nhaqlvptu.dll"
+ "MSMSGS" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
+ "Steam" "Steam" "Valve Corporation" "c:\program files\steam\steam.exe"
+ "SUPERAntiSpyware" "SUPERAntiSpyware Application" "SUPERAntiSpyware.com" "c:\program files\superantispyware\superantispyware.exe"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "tmbp" "Trend Micro Browser Plug-In (IE)" "Trend Micro Inc." "c:\program files\trend micro\amsp\module\20002\7.1.1102\7.1.1102\tmbpie32.dll"
+ "tmpx" "Trend Micro NSC IE Plug-In" "Trend Micro Inc." "c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1078\tmieplg.dll"
+ "tmtb" "Trend Micro TrendSecure" "Trend Micro Inc." "c:\program files\trend micro\titanium\uiframework\toolbarie.dll"
+ "tmtbim" "Trend Micro TrendSecure" "Trend Micro Inc." "c:\program files\trend micro\titanium\uiframework\protoolbarimratingactivex.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "SABShellExecuteHook Class" "ShellExecuteHook" "SuperAdBlocker.com" "c:\program files\superantispyware\sasseh.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
+ "LavasoftShellExt" "" "" "File not found: C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
+ "TmdshellExt Class" "Trend Micro Client Shell Extension" "Trend Micro Inc." "c:\program files\trend micro\uniclient\uifrmwrk\tmdshell.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "00avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "00nView" "NVIDIA Desktop Explorer, Version 135.50 " "NVIDIA Corporation" "c:\program files\nvidia corporation\nview\nvshell.dll"
+ "NvCplDesktopContext" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "NeroDigitalColumnHandler Class" "" "" "File not found: C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll"
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "Sun Microsystems, Inc." "c:\program files\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
+ "LavasoftShellExt" "" "" "File not found: C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "TmdshellExt Class" "Trend Micro Client Shell Extension" "Trend Micro Inc." "c:\program files\trend micro\uniclient\uifrmwrk\tmdshell.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "00avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Ad-Aware Security Toolbar" "Ad-Aware Security Toolbar Link Library" "" "c:\program files\adawaretb\adawaredx.dll"
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "avast! WebRep" "avast! WebRep Plugin" "AVAST Software" "c:\program files\avast software\avast\aswwebrepie.dll"
+ "Bing Bar Helper" "Bing Client Extensions" "Microsoft Corporation." "c:\program files\microsoft\bingbar\bingext.dll"
+ "DivX Plus Web Player HTML5 <video>" "DivX Plus Web Player HTML5 <video> version 2.1.2.145" "DivX, LLC" "c:\program files\divx\divx plus web player\ie\divxhtml5\divxhtml5.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\ssv.dll"
+ "JQSIEStartDetectorImpl Class" "Java™ Quick Starter binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
+ "TmBpIeBHO Class" "Trend Micro Browser Plug-In (IE)" "Trend Micro Inc." "c:\program files\trend micro\amsp\module\20002\7.1.1102\7.1.1102\tmbpie32.dll"
+ "TmIEPlugInBHO Class" "Trend Micro NSC IE Plug-In" "Trend Micro Inc." "c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1078\tmieplg.dll"
+ "TSToolbarBHO" "Trend Micro TrendSecure" "Trend Micro Inc." "c:\program files\trend micro\titanium\uiframework\toolbarie.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks" "" "" ""
+ "Ad-Aware Security Toolbar" "Ad-Aware Security Toolbar Link Library" "" "c:\program files\adawaretb\adawaredx.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Ad-Aware Security Toolbar" "Ad-Aware Security Toolbar Link Library" "" "c:\program files\adawaretb\adawaredx.dll"
+ "avast! WebRep" "avast! WebRep Plugin" "AVAST Software" "c:\program files\avast software\avast\aswwebrepie.dll"
+ "Bing" "Bing Client Extensions" "Microsoft Corporation." "c:\program files\microsoft\bingbar\bingext.dll"
+ "Trend Micro Toolbar" "Trend Micro TrendSecure" "Trend Micro Inc." "c:\program files\trend micro\titanium\uiframework\toolbarie.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.3 r300" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "At1.job" "HP Customer Participation." "Hewlett-Packard Co." "c:\program files\hp\hp deskjet 1050 j410 series\bin\hpcustpartic.exe"
+ "At2.job" "HP Customer Participation." "Hewlett-Packard Co." "c:\program files\hp\hp deskjet 1050 j410 series\bin\hpcustpartic.exe"
+ "At3.job" "HP Customer Participation." "Hewlett-Packard Co." "c:\program files\hp\hp deskjet 1050 j410 series\bin\hpcustpartic.exe"
+ "At4.job" "HP Customer Participation." "Hewlett-Packard Co." "c:\program files\hp\hp deskjet 1050 j410 series\bin\hpcustpartic.exe"
+ "avast! Emergency Update.job" "avast! Emergency Update" "AVAST Software" "c:\program files\avast software\avast\avastemupdate.exe"
+ "Microsoft Antimalware Scheduled Scan.job" "" "" "File not found: C:\Program Files\Microsoft Security Client\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sascore.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "aexnsclienttransport" "VAIOMediaPlatform-PhotoServer-HTTP" "" "File not found: C:\WINDOWS\system32\advservice.dll"
+ "AmeLanPc" "HFACSVC" "" "File not found: C:\WINDOWS\system32\smstsmgr.dll"
+ "Amsp" "Manages Trend Micro security modules" "Trend Micro Inc." "c:\program files\trend micro\amsp\coreserviceshell.exe"
+ "apache" "WINIO" "" "File not found: C:\WINDOWS\system32\simbad.dll"
+ "AppleChargerSrv" "Apple mobile devices charging service" "" "c:\windows\system32\applechargersrv.exe"
+ "AppMgmt" "Provides software installation services such as Assign, Publish, and Remove." "" "File not found: C:\WINDOWS\System32\appmgmts.dll"
+ "array_utility_service4,0,1,3" "Captureservice" "" "File not found: C:\WINDOWS\system32\lirsgt.dll"
+ "avast! Antivirus" "Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler." "AVAST Software" "c:\program files\avast software\avast\avastsvc.exe"
+ "BBSvc" "Keeps Bing Bar up-to-date. Disabling this service might prevent updates and expose your computer to security vulnerabilities or functional flaws in Bing Bar." "Microsoft Corporation." "c:\program files\microsoft\bingbar\bbsvc.exe"
+ "dimension4" "Trlokom_rmhsvc" "" "File not found: C:\WINDOWS\system32\svv.dll"
+ "dtscsi" "Tosrfbd" "" "File not found: C:\WINDOWS\system32\ooclevercacheagent.dll"
+ "easdrv" "Hibernation" "" "File not found: C:\WINDOWS\system32\tng-doba.dll"
+ "egathdrv" "Oracleorahome92pagingserver" "" "File not found: C:\WINDOWS\system32\tvtfilter.dll"
+ "ES lite Service" "" "" "c:\program files\gigabyte\easysaver\essvr.exe"
+ "FileDisk" "Dlpwd" "" "File not found: C:\WINDOWS\system32\acsvc.dll"
+ "GoProto" "W200obex" "" "File not found: C:\WINDOWS\system32\upsmonservice.dll"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "" "File not found: C:\Program Files\Google\Update\GoogleUpdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "" "File not found: C:\Program Files\Google\Update\GoogleUpdate.exe"
+ "houdinilicenseserver" "Zebrmdmc" "" "File not found: C:\WINDOWS\system32\SE2Bmdfl.dll"
+ "HPSLPSVC" "Houdinilicenseserver" "" "File not found: C:\WINDOWS\system32\sprtsvc_dellsupportcenter.dll"
+ "iaimtv0" "Generic Host Process for Win32 Services" "Microsoft Corporation" "\\.\globalroot\systemroot\system32\svchost.exe"
+ "icollectservice" "Lyncusbserv" "" "File not found: C:\WINDOWS\system32\CX88ENC.dll"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jqs.exe"
+ "LBTServ" "Logitech Bluetooth Service" "Logitech, Inc." "c:\program files\common files\logishrd\bluetooth\lbtserv.exe"
+ "lmimaint" "VRFIL" "" "File not found: C:\WINDOWS\system32\MRESP50a64.dll"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamservice.exe"
+ "mdvrmng" "W810mdm" "" "File not found: C:\WINDOWS\system32\sfvfs02.dll"
+ "mks_scan" "Cltnetcnservice" "" "File not found: C:\WINDOWS\system32\p3.dll"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "mssql$sqlexpress" "Ltxred" "" "File not found: C:\WINDOWS\system32\Epfwndis.dll"
+ "navapsvc" "Iaimfp1" "" "File not found: C:\WINDOWS\system32\MegaSR.dll"
+ "nosGetPlusHelper" "getPlus® Helper" "NOS Microsystems Ltd." "c:\program files\nos\bin\getplus_helper_3004.dll"
+ "nvsvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvsvc32.exe"
+ "NWDNS" "Aegisp" "" "File not found: C:\WINDOWS\system32\belgium_id_card_service.dll"
+ "NWUSBModem" "Tfsnpool" "" "File not found: C:\WINDOWS\system32\websensecommunicationagent.dll"
+ "OEM02Dev" "Avidsdmservice" "" "File not found: C:\WINDOWS\system32\vds.dll"
+ "openldap-slapd" "Oracle_load_balancer_60_server-forms6i" "" "File not found: C:\WINDOWS\system32\ipnat.dll"
+ "pavdrv" "Psimsvc" "" "File not found: C:\WINDOWS\system32\iSMBIOS.dll"
+ "pmshellsrv" "MaRdPnp" "" "File not found: C:\WINDOWS\system32\MSMQ.dll"
+ "PnkBstrA" "PunkBuster Service Component [v1029] http://www.evenbalance.com" "" "c:\windows\system32\pnkbstra.exe"
+ "RTHDMIAzAudService" "Belgium_id_card_service" "" "File not found: C:\WINDOWS\system32\s7oppitx.dll"
+ "SABProcEnum" "Snapman380" "" "File not found: C:\WINDOWS\system32\SABProcEnum.dll"
+ "se58bus" "Qkbfiltr" "" "File not found: C:\WINDOWS\system32\SRTSP.dll"
+ "SeaPort" "Enables the detection, download and installation of up-to-date configuration files for Bing Bar. Also provides server communication for the customer experience improvement program. Stopping or disabling this service may prevent you from getting the latest updates for Bing Bar, which may expose your computer to security vulnerabilities or functional flaws in the Bing Bar." "Microsoft Corporation" "c:\program files\microsoft\bingbar\seaport.exe"
+ "Sk99202k" "Zebrbus" "" "File not found: C:\WINDOWS\system32\inort.dll"
+ "SQTECH9080" "Generic Host Process for Win32 Services" "Microsoft Corporation" "\\.\globalroot\systemroot\system32\svchost.exe"
+ "SSHDRV61" "Generic Host Process for Win32 Services" "Microsoft Corporation" "\\.\globalroot\systemroot\system32\svchost.exe"
+ "Steam Client Service" "Steam Client Service monitors and updates Steam content" "Valve Corporation" "c:\program files\common files\steam\steamservice.exe"
+ "steamdvr" "SiSGbeXP" "" "File not found: C:\WINDOWS\system32\lmouflt2.dll"
+ "streamloadservice" "V0080Dev" "" "File not found: C:\WINDOWS\system32\dcevt32.dll"
+ "SWUMX51" "Rawwan" "" "File not found: C:\WINDOWS\system32\vrmonsvc.dll"
+ "tfsndrct" "S3twistr" "" "File not found: C:\WINDOWS\system32\apphostsvc.dll"
+ "VAIOMediaPlatform-MusicServer-UPnP" "Z800mdm" "" "File not found: C:\WINDOWS\system32\w70n51.dll"
+ "WDDMService" "WD Drive Manager Service" "WDC" "c:\program files\western digital\wd smartware\wd drive manager\wddmservice.exe"
+ "WDFME" "WD File Management Engine" "" "c:\program files\western digital\wd smartware\front parlor\wdfme\wdfme.exe"
+ "WDSC" "WD File Management Shadow Engine" "" "c:\program files\western digital\wd smartware\front parlor\wdsc.exe"
+ "winvnc4" "Xpagentserver" "" "File not found: C:\WINDOWS\system32\VICESYS.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "wlsetupsvc" "USBDeviceService" "" "File not found: C:\WINDOWS\system32\areschatserver.dll"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Aavmker4" "avast! Asynchronous Virus Monitor" "AVAST Software" "c:\windows\system32\drivers\aavmker4.sys"
+ "ALCXWDM" "Realtek AC'97 Audio Driver (WDM)" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\alcxwdm.sys"
+ "Ambfilt" "Creative WDM 3D Audio Driver" "Creative" "c:\windows\system32\drivers\ambfilt.sys"
+ "AmdPPM" "AMD Processor Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdppm.sys"
+ "AppleCharger" "Apple mobile devices charging program" "" "c:\windows\system32\drivers\applecharger.sys"
+ "aswFsBlk" "avast! mini-filter driver (aswFsBlk)" "AVAST Software" "c:\windows\system32\drivers\aswfsblk.sys"
+ "aswMon2" "avast! Standard Shield Support" "AVAST Software" "c:\windows\system32\drivers\aswmon2.sys"
+ "AswRdr" "avast! TDI Redirect driver" "AVAST Software" "c:\windows\system32\drivers\aswrdr.sys"
+ "aswSnx" "avast! virtualization driver (aswSnx)" "AVAST Software" "c:\windows\system32\drivers\aswsnx.sys"
+ "aswSP" "avast! Self Protection" "AVAST Software" "c:\windows\system32\drivers\aswsp.sys"
+ "aswTdi" "avast! Network Shield TDI driver" "AVAST Software" "c:\windows\system32\drivers\aswtdi.sys"
+ "catchme" "" "" "File not found: C:\ComboFix\catchme.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "FsUsbExDisk" "" "" "c:\windows\system32\fsusbexdisk.sys"
+ "gdrv" "GIGABYTE Tools" "Windows ® 2000 DDK provider" "c:\windows\gdrv.sys"
+ "HDAudBus" "High Definition Audio Bus Driver v1.0a" "Windows ® Server 2003 DDK provider" "c:\windows\system32\drivers\hdaudbus.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkhdaud.sys"
+ "ivusb" "Initio Default Vendor Specific Device Driver" "Initio Corporation" "c:\windows\system32\drivers\ivusb.sys"
+ "L8042Kbd" "Logitech PS2 Keyboard Filter Driver." "Logitech, Inc." "c:\windows\system32\drivers\l8042kbd.sys"
+ "Lavasoft Kernexplorer" "" "" "File not found: C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys"
+ "LBeepKE" "Logitech Beep Suppression Driver" "Logitech, Inc." "c:\windows\system32\drivers\lbeepke.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "LHidFilt" "Logitech HID Filter Driver." "Logitech, Inc." "c:\windows\system32\drivers\lhidfilt.sys"
+ "LMouFilt" "Logitech Mouse Filter Driver." "Logitech, Inc." "c:\windows\system32\drivers\lmoufilt.sys"
+ "LUsbFilt" "Logitech USB Filter Driver." "Logitech, Inc." "c:\windows\system32\drivers\lusbfilt.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "Monfilt" "Creative WDM Audio Driver (32-bit)" "Creative Technology Ltd." "c:\windows\system32\drivers\monfilt.sys"
+ "MTsensor" "ATK0110 ACPI Utility" "" "c:\windows\system32\drivers\asacpi.sys"
+ "nv" "NVIDIA Compatible Windows 2000 Miniport Driver, Version 267.24 " "NVIDIA Corporation" "c:\windows\system32\drivers\nv4_mini.sys"
+ "nvata" "NVIDIA® nForce™ IDE Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvata.sys"
+ "NVENETFD" "NVIDIA Networking Function Driver." "NVIDIA Corporation" "c:\windows\system32\drivers\nvenetfd.sys"
+ "nvnetbus" "NVIDIA Networking Bus Driver." "NVIDIA Corporation" "c:\windows\system32\drivers\nvnetbus.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "RTLE8023xp" "Realtek 10/100/1000 NDIS 5.1 Driver " "Realtek Semiconductor Corporation " "c:\windows\system32\drivers\rtenicxp.sys"
+ "SASDIFSV" "SASDIFSV.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv.sys"
+ "SASKUTIL" "SASKUTIL.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "tmactmon" "Trend Micro Activity Monitor Driver" "Trend Micro Inc." "c:\windows\system32\drivers\tmactmon.sys"
+ "tmcomm" "Trend Micro Common Engine Driver" "Trend Micro Inc." "c:\windows\system32\drivers\tmcomm.sys"
+ "tmeext" "Trend Micro Network Hook Driver" "Trend Micro Inc." "c:\windows\system32\drivers\tmeext.sys"
+ "tmevtmgr" "Trend Micro Event Manager Driver" "Trend Micro Inc." "c:\windows\system32\drivers\tmevtmgr.sys"
+ "tmnciesc" "Trend Micro NCIE scanner of EagleEye hook" "Trend Micro Inc." "c:\windows\system32\drivers\tmnciesc.sys"
+ "tmtdi" "Trend Micro TDI Driver (i386-fre)" "Trend Micro Inc." "c:\windows\system32\drivers\tmtdi.sys"
+ "usbfilter" "AMD USB Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\usbfilter.sys"
+ "WDC_SAM" "Manages WD external storage products." "Western Digital Technologies" "c:\windows\system32\drivers\wdcsam.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.ac3filter" "" "" "c:\windows\system32\ac3filter.acm"
+ "msacm.iac2" "" "" "File not found: C:\WINDOWS\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.DIVX" "DivX" "DivX, Inc." "c:\windows\system32\divx.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "" "" "File not found: ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "vidc.yv12" "DivX" "DivX, Inc." "c:\windows\system32\divx.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "" "" "File not found: C:\WINDOWS\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "" "" "File not found: C:\WINDOWS\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "" "" "File not found: C:\WINDOWS\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "" "" "File not found: C:\WINDOWS\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "AC3 Parser Filter" "" "" "File not found: C:\WINDOWS\system32\mpg2splt.ax"
+ "AC3Filter" "ac3filter" "" "c:\program files\ac3filter\ac3filter.ax"
+ "ACELP.net Audio Decoder" "" "" "File not found: C:\WINDOWS\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "BDA MPEG2 Transport Information Filter" "" "" "File not found: C:\WINDOWS\system32\psisrndr.ax"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "DivX AAC Decoder" "AAC audio decoder filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\daac.ax"
+ "DivX Decoder Filter" "DivX Decoder Filter" "DivX, Inc." "c:\program files\divx\divx codec\divxdec.ax"
+ "DivX Demux Filter" "DivX Plus DMF Navigator Filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\directshowdemuxfilter.dll"
+ "DivX Demux Filter (Unrestricted Edition)" "DivX Plus DMF Navigator Filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\directshowdemuxfilter.dll"
+ "DivX H.264 Decoder" "DivX H.264 Decoder Filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\divxdech264.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "G.711 Codec" "" "" "File not found: C:\WINDOWS\system32\g711codc.ax"
+ "Indeo® audio software" "" "" "File not found: C:\WINDOWS\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Microsoft MPEG-4 Video Decompressor" "" "" "File not found: C:\WINDOWS\system32\mpg4ds32.ax"
+ "Microsoft Screen Video Decompressor" "" "" "File not found: C:\WINDOWS\system32\msscds32.ax"
+ "MPEG Layer-3 Decoder" "" "" "File not found: C:\WINDOWS\system32\l3codecx.ax"
+ "MPEG-2 Demultiplexer" "" "" "File not found: C:\WINDOWS\system32\mpg2splt.ax"
+ "MPEG-2 Sections and Tables" "" "" "File not found: C:\WINDOWS\system32\mpeg2data.ax"
+ "MPEG-2 Splitter" "" "" "File not found: C:\WINDOWS\system32\mpg2splt.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "VBI Surface Allocator" "" "" "File not found: C:\WINDOWS\system32\vbisurf.ax"
+ "WIA Stream Snapshot Filter" "" "" "File not found: C:\WINDOWS\system32\wiasf.ax"
+ "Windows Media Audio Decoder" "" "" "File not found: C:\WINDOWS\system32\msadds32.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "!SASWinLogon" "SUPERAntiSpyware WinLogon Processor" "SUPERAntiSpyware.com" "c:\program files\superantispyware\saswinlo.dll"
+ "LBTWlgn" "Logitech Bluetooth Service" "Logitech, Inc." "c:\program files\common files\logishrd\bluetooth\lbtwlgn.dll"

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:25 AM

Posted 29 July 2012 - 04:18 PM

It seems you're infected

"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "APN" "Creative " "Creative Technology Ltd" "c:\documents and settings\scott\local settings\application data\graboid\apn\nhaqlvptu.dll"

Uncheck this entry and restart the PC and try to shutdown

You may need to manually delete the dll file after a reboot

good luck

#7 druidknight44

druidknight44
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 01 August 2012 - 08:28 PM

I did as you suggested. I found the file at that point and was able to delete it. So far, so good. Thank you so much for all your help!

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:25 AM

Posted 01 August 2012 - 08:51 PM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users