Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rundll32.exe LdrResFindResource could not located library ntdll.dll


  • This topic is locked This topic is locked
2 replies to this topic

#1 Pajajn

Pajajn

  • Members
  • 364 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:03:15 PM

Posted 28 October 2012 - 01:36 AM

ComboFix 12-10-26.05 - sylvass 2012-10-28 7:22.12.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.3327.2755 [GMT 1:00]
Körs från: c:\documents and settings\sylvass\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NVSVC
-------\Service_NVSvc
.
.
(((((((((((((((((((((((( Filer skapade från 2012-09-28 till 2012-10-28 ))))))))))))))))))))))))))))))
.
.
2012-10-28 05:58 . 2012-10-28 05:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2012-10-28 05:58 . 2012-10-28 05:58 -------- d-----w- c:\documents and settings\UpdatusUser
2012-10-28 05:58 . 2012-09-23 13:04 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-10-28 05:58 . 2012-09-23 13:04 15512424 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-28 05:58 . 2012-09-23 13:04 164200 ----a-w- c:\windows\system32\nvsvc32.exe
2012-10-28 05:58 . 2012-09-23 13:04 143720 ----a-w- c:\windows\system32\nvcolor.exe
2012-10-28 05:58 . 2012-09-23 13:04 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-28 05:58 . 2012-09-23 14:28 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-10-28 05:58 . 2012-10-28 05:58 1101436 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-10-28 05:58 . 2012-10-28 05:58 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-10-28 05:58 . 2012-10-28 05:58 1101436 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-10-28 05:57 . 2012-07-03 15:25 28008 ----a-w- c:\windows\system32\nvhdap32.dll
2012-10-28 05:57 . 2012-07-03 15:25 124264 ----a-w- c:\windows\system32\drivers\nvhda32.sys
2012-10-28 05:57 . 2012-07-03 07:37 884072 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2012-10-28 05:57 . 2012-09-23 14:28 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-10-28 05:57 . 2012-09-23 14:28 5947392 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-28 05:57 . 2012-09-23 14:28 19103744 ----a-w- c:\windows\system32\nvoglnt.dll
2012-10-28 05:57 . 2012-09-23 14:28 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-10-28 05:35 . 2012-10-28 05:35 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-10-28 05:31 . 2012-10-28 05:35 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-10-28 05:31 . 2012-10-28 05:31 -------- d-----w- c:\program files\Tweaking.com
2012-10-28 05:16 . 2012-10-28 05:16 -------- d-----w- c:\documents and settings\All Users\Application Data\GroupPolicy
2012-10-28 04:46 . 2008-04-14 11:00 218624 ----a-w- c:\windows\system32\uxtheme.dll.backup
2012-10-28 04:27 . 2012-02-03 12:43 295936 ----a-w- c:\windows\system32\apphelp.dll
2012-10-27 22:15 . 2012-10-27 22:15 -------- d-----w- c:\documents and settings\sylvass\Application Data\CheckPoint
2012-10-24 21:11 . 2012-10-24 21:10 1536 ----a-w- c:\windows\system32\bcevent.dll
2012-10-24 21:07 . 2012-10-24 21:07 -------- d-----w- c:\documents and settings\sylvass\Application Data\Locktime
2012-10-24 21:07 . 2012-10-24 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Locktime
2012-10-20 00:32 . 2012-10-20 00:32 -------- d-----w- c:\program files\OpenVPN
2012-10-19 16:43 . 2012-10-19 16:43 -------- d-----w- c:\documents and settings\sylvass\Application Data\NVIDIA
2012-10-16 22:12 . 2012-10-19 17:10 -------- d-----w- c:\documents and settings\sylvass\Application Data\GHISLER
2012-10-16 22:12 . 2012-08-03 06:01 545 ----a-w- c:\windows\UC.PIF
2012-10-16 22:12 . 2012-08-03 06:01 545 ----a-w- c:\windows\RAR.PIF
2012-10-16 22:12 . 2012-08-03 06:01 545 ----a-w- c:\windows\LHA.PIF
2012-10-16 22:12 . 2012-08-03 06:01 545 ----a-w- c:\windows\ARJ.PIF
2012-10-16 22:05 . 2012-10-16 22:05 -------- d-----w- c:\windows\W7SBC
2012-10-15 23:22 . 2012-10-15 23:22 -------- d-----w- c:\documents and settings\sylvass\Local Settings\Application Data\Sun
2012-10-15 23:17 . 2012-10-15 23:17 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-15 23:17 . 2012-10-15 23:17 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-15 15:56 . 2012-10-15 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2012-10-15 15:54 . 2012-10-15 15:54 -------- d-----w- C:\NVIDIA
2012-10-14 23:28 . 2011-04-25 17:15 238944 ----a-w- c:\windows\system32\RaCoInst.dll
2012-10-11 18:05 . 2012-10-11 18:05 404920 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-10 00:32 . 2012-10-28 01:49 -------- d-----w- c:\documents and settings\sylvass\Application Data\Skype
2012-10-04 16:29 . 2012-10-22 11:49 -------- d-----w- c:\documents and settings\sylvass\Application Data\Audacity
2012-10-04 16:29 . 2012-10-04 16:29 -------- d-----w- c:\program files\Audacity
2012-10-01 22:55 . 2012-10-01 22:55 -------- d-----w- c:\program files\Common Files\Skype
2012-10-01 22:55 . 2012-10-01 22:55 -------- d-----r- c:\program files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-28 04:46 . 2011-12-02 14:53 218624 ----a-w- c:\windows\system32\uxtheme.dll
2012-09-23 14:28 . 2012-08-30 18:09 2376704 ----a-w- c:\windows\system32\nvapi.dll
2012-09-23 14:28 . 2012-08-30 18:09 12557728 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-09-23 14:28 . 2012-08-30 18:09 4494208 ----a-w- c:\windows\system32\nv4_disp.dll
2012-09-23 14:28 . 2012-08-30 17:33 2578792 ----a-w- c:\windows\system32\nvcuvid.dll
2012-09-23 14:28 . 2012-08-30 17:33 1866088 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-09-23 14:28 . 2012-08-30 17:33 7446528 ----a-w- c:\windows\system32\nvcuda.dll
2012-09-23 14:28 . 2012-08-30 17:33 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2012-09-04 19:01 . 2012-09-07 18:14 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-30 19:07 . 2008-04-13 22:15 49408 ----a-w- c:\windows\system32\drivers\stream.sys
2012-08-30 19:07 . 2011-10-29 03:57 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2012-08-30 19:07 . 2011-10-29 03:57 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2012-08-30 19:07 . 2011-10-29 03:57 4096 ----a-w- c:\windows\system32\ksuser.dll
2012-08-30 19:07 . 2011-10-29 03:57 129536 ----a-w- c:\windows\system32\ksproxy.ax
2012-08-30 19:07 . 2008-04-13 22:46 141056 ----a-w- c:\windows\system32\drivers\ks.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-10-14 . EA22DA5C7AE7192A12E37A7C546220C6 . 361600 . . [5.1.2600.6009] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2011-10-14 . E17798E1E6FF1CA9C67B8576570E05EE . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-09-23 15512424]
"NvMediaCenter"="NvMCTray.dll" [2012-09-23 108392]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-09-23 1634112]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, credssp.dll, digest.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Counter-Strike Global Offensive\\csgo.exe"=
"c:\\Documents and Settings\\sylvass\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Steam\\steamapps\\pajajn327\\counter-strike\\hl.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
.
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [2011-10-14 13616]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [2011-10-14 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [2011-10-14 13616]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2011-07-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-28 1258856]
R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\AE1000XP.sys [2011-11-25 1174976]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-04-27 64904]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-04-27 146568]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2012-10-28 124264]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-08-31 1691480]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2011-10-18 78136]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2011-10-18 181432]
S3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\DRIVERS\ss.sys --> c:\windows\system32\DRIVERS\ss.sys [?]
S4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [2012-07-11 116608]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-03-30 239336]
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://google.se/
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\sylvass\Application Data\Mozilla\Firefox\Profiles\lirne0dy.default\
FF - prefs.js: browser.startup.homepage -
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-28 07:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLL'er som "laddats" under processer som körs ---------------------
.
- - - - - - - > 'explorer.exe'(2872)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andra processer som körs ------------------------
.
c:\windows\system32\RunDLL32.exe
.
**************************************************************************
.
Sluttid: 2012-10-28 07:29:35 - datorn startades om.
ComboFix-quarantined-files.txt 2012-10-28 06:29
ComboFix2.txt 2012-10-09 13:59
ComboFix3.txt 2012-09-25 19:32
ComboFix4.txt 2012-09-14 16:46
ComboFix5.txt 2012-10-09 14:06
.
Före genomsökningen: 476 764 995 584 bytes free
Efter genomsökningen: 476 761 780 224 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - C35DE152C1082A9590E6198037D49268

Edited by Orange Blossom, 28 October 2012 - 02:10 AM.
Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:15 PM

Posted 30 October 2012 - 10:41 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Let see what we can find.

rundll32.exe LdrResFindResource could not located library ntdll.dll

This error message indicates that you are missing the ntdll.dll file or you have the wrong version installed.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :filefind
    ntdll.dll

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
    • DDS.pif
    • DDS.COM
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Posted Image

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

Please post the logs for my review.

#3 Pajajn

Pajajn
  • Topic Starter

  • Members
  • 364 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:03:15 PM

Posted 30 October 2012 - 05:14 PM

Greetings nasdaq and thank you very much for your quick answer. I checked ntdll and uxtheme.dll in my system32 folder and they were there in original version. But i couldnt remove uxtheme how matter i tried...

Shortly after the thread was made i decided to reformat the PC from scratch instead of trying to solve this. I googled and searched but only found kernel stuff and hard knowledged pages with programmer information to developers :wacko:

Would be glad if you closed this thread and i hope you take my appologize

Regards




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users