1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

unknown dll file is missing - all exe files interrupted

Discussion in 'Virus & Other Malware Removal' started by roniven, Apr 16, 2010.

Thread Status:
Not open for further replies.
  1. roniven

    roniven Thread Starter

    Joined:
    Apr 16, 2010
    Messages:
    1
    Major issue here! Seems like a virus to me, but I'm not sure.

    I loaded AVG last night (and some associated toolbar, per AVG install). AVG immediately flagged two issues (even before I ran a scan). I requested a fix. (note: during AVG install, it requested I remove Norton and I did remove Norton).

    After loading AVG, Google Chrome got an error stating: "This application has failed to start because msjrdu.dll was not found. Re-installing the application may fix the problem." However, I closed the warning and Google Chrome operated normally.

    NOTE: I googled for information about the msjrdu.dll file and goole had no entries for this mysterious dll.

    I shut-down the computer and upon re-boot I now get the same warning pop-up when windows boots and for every single exe that loads up upon boot. And for every application I try to open.

    If I x-out (or close) the pop-up, then my desired application will run (all except Google Chrome, Firefox and Adobe).

    So far, I loaded and ran many spyware applications (AVG, Spybot, Super Spyware, Malwarebytes). And I ran the online scan from Microsoft (called Safety Scanner via onecare live website). The Safety Scanner ststed that two problems could not be fixed.

    Finally I ran ComboFix - which told me that I have an infected system32 imm (or something) file. But ComboFix was not able to fix the problem.

    Please help!!!! The log from ComboFix is here:

    ------------------------------------------------------

    ComboFix 10-04-15.05 - Administrator 04/16/2010 16:04:45.1.1 - x86
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Administrator\Application Data\QUAD Backups
    c:\documents and settings\Administrator\Application Data\QUAD Backups\04.16.2010,14-04-36\HKEY_CLASSES_ROOT.reg
    c:\documents and settings\Administrator\Application Data\QUAD Backups\04.16.2010,14-04-36\HKEY_CURRENT_CONFIG.reg
    c:\documents and settings\Administrator\Application Data\QUAD Backups\04.16.2010,14-04-36\HKEY_CURRENT_USER.reg
    c:\documents and settings\Administrator\Application Data\QUAD Backups\04.16.2010,14-04-36\HKEY_LOCAL_MACHINE.reg
    c:\documents and settings\Administrator\Application Data\QUAD Backups\04.16.2010,14-04-36\HKEY_USERS.reg
    c:\documents and settings\Administrator\Application Data\QUAD Backups\06.27.2009,08-00-38\Automatic.reg
    c:\documents and settings\Administrator\Application Data\QUAD Backups\06.28.2009,08-22-40\Automatic.reg
    c:\documents and settings\Administrator\Application Data\QUAD Backups\06.29.2009,06-48-59\Automatic.reg
    c:\documents and settings\Administrator\Application Data\QUAD Backups\06.30.2009,10-54-11\Automatic.reg
    c:\documents and settings\Administrator\Application Data\QUAD Backups\07.27.2009,11-05-28\Automatic.reg
    c:\documents and settings\Administrator\Recent\Thumbs.db
    c:\documents and settings\Administrator\Start Menu\Programs\QUAD Utilities
    c:\documents and settings\Administrator\Start Menu\Programs\QUAD Utilities\QUAD RegistryCleaner\QUAD RegistryCleaner.lnk
    c:\documents and settings\Administrator\Start Menu\Programs\QUAD Utilities\QUAD RegistryCleaner\Uninstall QUAD RegistryCleaner.lnk
    c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    c:\program files\QUAD Utilities
    c:\program files\QUAD Utilities\QUAD RegistryCleaner\program.log
    c:\program files\QUAD Utilities\QUAD RegistryCleaner\QUAD RegistryCleaner.exe
    c:\program files\QUAD Utilities\QUAD RegistryCleaner\Scheduler.dll
    c:\program files\QUAD Utilities\QUAD RegistryCleaner\Styles\Vista.cjstyles
    c:\recycler\S-1-5-21-1708537768-602609370-725345543-500
    c:\recycler\S-1-5-21-4261962953-2847145338-1083065114-500
    C:\Thumbs.db
    c:\windows\system32\AutoRun.inf
    c:\windows\system32\Thumbs.db

    c:\windows\system32\imm32.dll . . . is infected!!

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_TDSSSERV.SYS


    ((((((((((((((((((((((((( Files Created from 2010-03-16 to 2010-04-16 )))))))))))))))))))))))))))))))
    .

    2010-04-16 07:16 . 2010-04-16 07:16 -------- d-----w- C:\$AVG
    2010-04-15 19:09 . 2010-04-15 19:13 -------- d-----w- c:\program files\Windows Live Safety Center
    2010-04-15 17:50 . 2010-04-15 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2010-04-15 17:50 . 2010-04-15 17:50 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-04-15 17:50 . 2010-04-15 17:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
    2010-04-15 17:49 . 2010-04-15 17:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-04-15 17:47 . 2010-04-15 17:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-04-15 17:47 . 2010-04-15 17:47 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
    2010-04-15 17:47 . 2010-04-15 17:47 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2010-04-15 17:47 . 2010-04-15 17:47 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-04-15 17:47 . 2010-04-15 17:47 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-04-15 17:47 . 2010-04-15 17:47 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-04-15 17:46 . 2010-04-16 14:42 -------- d-----w- c:\windows\system32\drivers\Avg
    2010-04-15 17:44 . 2010-04-15 17:44 50968 ----a-w- c:\windows\system32\avgfwdx.dll
    2010-04-15 17:44 . 2010-04-15 17:44 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
    2010-04-15 17:42 . 2010-04-15 17:42 -------- d-----w- c:\program files\AVG
    2010-04-15 10:23 . 2010-03-09 10:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-04-15 10:23 . 2010-03-09 10:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-04-15 10:23 . 2010-03-09 10:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-04-15 10:23 . 2010-03-09 10:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-04-15 10:23 . 2010-03-09 10:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-04-15 10:23 . 2010-03-09 10:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-04-15 10:23 . 2010-03-09 10:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-04-15 10:23 . 2010-03-09 10:24 38848 ----a-w- c:\windows\system32\avastSS.scr
    2010-04-15 10:23 . 2010-03-09 10:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
    2010-04-15 10:23 . 2010-04-15 10:23 -------- d-----w- c:\program files\Alwil Software
    2010-04-15 10:23 . 2010-04-15 10:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-04-14 23:03 . 2010-04-15 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
    2010-04-11 09:42 . 2006-10-27 00:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
    2010-04-11 09:42 . 2006-10-27 00:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
    2010-04-11 09:40 . 2010-04-11 09:40 -------- d-----w- c:\program files\Microsoft Works
    2010-04-11 09:39 . 2010-04-11 09:39 -------- d-----w- c:\program files\MSBuild
    2010-04-11 09:37 . 2010-04-11 09:37 -------- d-----w- c:\program files\Microsoft.NET
    2010-04-11 09:30 . 2010-04-11 09:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Help
    2010-04-11 09:29 . 2010-04-11 09:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-04-11 09:06 . 2010-04-11 09:06 -------- d-----w- c:\program files\Common Files\Macrovision Shared
    2010-04-11 09:05 . 2008-04-07 10:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
    2010-04-11 09:05 . 2008-04-07 10:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
    2010-04-04 23:39 . 2010-04-04 23:39 -------- d-----w- C:\dory-n-paris
    2010-03-31 17:52 . 2010-04-15 17:23 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
    2010-03-29 11:21 . 2010-03-29 11:21 -------- d-----w- c:\program files\Microsoft Time Zone
    2010-03-20 19:12 . 2010-03-20 19:12 -------- d-----w- c:\program files\Common Files\Nero
    2010-03-20 19:08 . 2010-03-20 19:11 -------- d-----w- c:\program files\Nero
    2010-03-20 17:15 . 2010-03-20 18:36 -------- d-----w- c:\program files\Total Video Converter
    2010-03-20 16:15 . 2010-03-20 16:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVS4YOU
    2010-03-20 16:12 . 2010-03-20 17:10 -------- d-----w- c:\program files\Common Files\AVSMedia
    2010-03-20 16:11 . 2008-08-13 15:22 974848 ----a-w- c:\windows\system32\mfc70.dll
    2010-03-20 16:11 . 2010-03-20 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
    2010-03-20 16:11 . 2008-08-13 15:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
    2010-03-20 16:11 . 2008-08-13 15:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
    2010-03-20 16:11 . 2010-04-15 09:11 -------- d-----w- c:\program files\AVS4YOU

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-16 08:23 . 2010-04-15 17:52 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-04-16 08:23 . 2010-04-15 17:51 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-04-15 18:51 . 2010-04-15 18:51 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
    2010-04-15 18:51 . 2010-04-15 18:51 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
    2010-04-15 17:50 . 2010-04-15 17:50 65024 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
    2010-04-15 17:50 . 2010-04-15 17:50 18944 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
    2010-04-15 17:06 . 2008-12-03 14:16 -------- d-----w- c:\program files\Lavasoft Ad-aware 6
    2010-04-15 16:10 . 2008-12-03 16:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-15 16:09 . 2010-04-15 16:09 5918775 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-04-15 09:24 . 2010-03-12 19:26 -------- d-----w- c:\program files\Elaborate Bytes
    2010-04-15 08:28 . 2008-12-03 18:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-04-14 20:20 . 2010-02-09 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
    2010-04-14 20:18 . 2005-10-14 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
    2010-04-11 09:53 . 2005-12-15 16:16 95512 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-04-10 21:48 . 2010-03-12 19:18 -------- d-----w- c:\program files\SlySoft
    2010-04-10 21:47 . 2010-02-27 18:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitTorrent
    2010-04-02 19:40 . 2007-06-30 16:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
    2010-03-30 05:46 . 2008-12-03 16:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-30 05:45 . 2008-12-03 16:50 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-03-12 19:46 . 2010-03-12 19:46 -------- d-----w- c:\program files\Cucusoft
    2010-03-12 19:46 . 2010-03-12 19:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\GetRightToGo
    2010-03-12 19:24 . 2010-03-12 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft
    2010-03-09 13:14 . 2010-03-03 13:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\gtk-2.0
    2010-03-03 13:01 . 2010-03-03 13:01 -------- d-----w- c:\program files\GIMP-2.0
    2010-02-27 18:15 . 2010-02-27 18:15 -------- d-----w- c:\program files\BitTorrent
    2004-08-04 08:00 . 2004-08-04 08:00 4096 --sha-w- c:\windows\system32\nfhfynbyj.dat
    .

    ------- Sigcheck -------

    [-] 2008-12-03 . 2438B14041CFDFCD42162DA3B31E0774 . 110592 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-10 133104]
    "Timezone"="c:\program files\Microsoft Time Zone\TimeZone.exe" [2004-10-19 712704]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 88363]
    "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-30 94208]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-30 114688]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-31 122940]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 729177]
    "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-10-11 499712]
    "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-08-24 397312]
    "CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]
    "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-09-07 213054]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
    "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-07-04 184320]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-07-23 20:28 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-04-15 17:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
    2005-07-25 19:41 40960 ----a-w- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Call Me for Skype.lnk]
    backup=c:\windows\pss\Call Me for Skype.lnkStartup
    path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Call Me for Skype.lnk

    [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
    backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
    path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Disney^Mix Central^Uninstall Disney Mix-It Plug-in and Skin.lnk]
    backup=c:\windows\pss\Uninstall Disney Mix-It Plug-in and Skin.lnkCommon Startup
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Disney\Mix Central\Uninstall Disney Mix-It Plug-in and Skin.lnk

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2008-06-12 03:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
    2008-06-12 07:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-02-27 22:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
    2008-04-17 01:18 2516344 ----a-w- c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2009-05-10 15:12 133104 ----atw- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-10-15 02:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    2005-09-30 09:19 77824 ----a-w- c:\windows\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
    2008-03-26 23:41 1232896 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
    2008-04-16 17:53 1079808 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
    2005-09-07 15:57 86016 ----a-w- c:\program files\HPQ\HP ProtectTools Security Manager\pthosttr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2009-03-11 17:00 24095528 ----a-r- c:\program files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-05-15 18:23 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
    2003-08-19 08:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2006-10-19 02:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

    R3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2010-04-15 30104]
    R3 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
    R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [2010-04-15 122376]
    R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [2010-04-15 30216]
    R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [2010-04-15 26120]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
    S0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSxx.sys [2010-04-15 25096]
    S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-04-15 52872]
    S1 aswSP;aswSP; [x]
    S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-04-15 216200]
    S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-04-15 242696]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]
    S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2004-08-04 14336]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-04-15 308064]
    S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-04-15 2325816]
    S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2010-04-15 30104]
    S3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [2005-05-31 87936]
    S3 swmx02;HP ev2200 USB MUX Driver (02);c:\windows\system32\DRIVERS\swmx02.sys [2005-09-15 57600]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Cognizance REG_MULTI_SZ ASChannel
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder

    2010-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3120095592-837586283-1490110683-500Core.job
    - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-10 15:12]

    2010-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3120095592-837586283-1490110683-500UA.job
    - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-10 15:12]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.netaddress.com/
    uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
    uInternet Settings,ProxyServer = 168.116.162.7:1234
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    FF - ProfilePath -

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    - - - - ORPHANS REMOVED - - - -

    URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
    BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    MSConfigStartUp-QUAD Scheduler - c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
    MSConfigStartUp-QUAD Windows service - c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-16 16:22
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????8?6?2?8??????? ???B???????????????B? ??????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3120095592-837586283-1490110683-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,21,17,a4,04,2c,b7,39,42,9f,2e,c6,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,21,17,a4,04,2c,b7,39,42,9f,2e,c6,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1360)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

    - - - - - - - > 'explorer.exe'(6164)
    c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
    c:\program files\HPQ\IAM\Bin\SFSShell.dll
    c:\program files\HPQ\IAM\bin\ItMsg.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\btncopy.dll
    c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll
    c:\program files\Nokia\Nokia PC Suite 6\NGSCM.DLL
    c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng-us.nlr
    c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVG\AVG9\avgchsvx.exe
    c:\program files\AVG\AVG9\avgrsx.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\windows\system32\DllHost.exe
    c:\program files\HPQ\IAM\bin\asghost.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    c:\windows\System32\SCardSvr.exe
    c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\program files\FolderSize\FolderSizeSvc.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Analog Devices\SoundMAX\SMAgent.exe
    c:\program files\AVG\AVG9\avgam.exe
    c:\program files\AVG\AVG9\avgnsx.exe
    c:\program files\Windows Media Player\WMPNetwk.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\AGRSMMSG.exe
    c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
    c:\windows\system32\igfxsrvc.exe
    c:\progra~1\HPQ\SHARED\HPQTOA~1.EXE
    c:\program files\HPQ\SHARED\HPQWMI.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
    .
    **************************************************************************
    .
    Completion time: 2010-04-16 16:30:10 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-04-16 21:30

    Pre-Run: 18,075,480,064 bytes free
    Post-Run: 18,006,355,968 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Debug COM 1 Baud 57600" /fastdetect /debug /debugport=com1 /baudrate=57600
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Debug 1394 Channel 44" /fastdetect /debug /debugport=1394 /channel=44

    - - End Of File - - DCF36E0E91544224313BF87E3B3FAB92
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/917364

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice