unknown dll file is missing - all exe files interrupted

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

roniven

Thread Starter
Joined
Apr 16, 2010
Messages
1
Major issue here! Seems like a virus to me, but I'm not sure.

I loaded AVG last night (and some associated toolbar, per AVG install). AVG immediately flagged two issues (even before I ran a scan). I requested a fix. (note: during AVG install, it requested I remove Norton and I did remove Norton).

After loading AVG, Google Chrome got an error stating: "This application has failed to start because msjrdu.dll was not found. Re-installing the application may fix the problem." However, I closed the warning and Google Chrome operated normally.

NOTE: I googled for information about the msjrdu.dll file and goole had no entries for this mysterious dll.

I shut-down the computer and upon re-boot I now get the same warning pop-up when windows boots and for every single exe that loads up upon boot. And for every application I try to open.

If I x-out (or close) the pop-up, then my desired application will run (all except Google Chrome, Firefox and Adobe).

So far, I loaded and ran many spyware applications (AVG, Spybot, Super Spyware, Malwarebytes). And I ran the online scan from Microsoft (called Safety Scanner via onecare live website). The Safety Scanner ststed that two problems could not be fixed.

Finally I ran ComboFix - which told me that I have an infected system32 imm (or something) file. But ComboFix was not able to fix the problem.

Please help!!!! The log from ComboFix is here:

------------------------------------------------------

ComboFix 10-04-15.05 - Administrator 04/16/2010 16:04:45.1.1 - x86
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\QUAD Backups
c:\documents and settings\Administrator\Application Data\QUAD Backups\04.16.2010,14-04-36\HKEY_CLASSES_ROOT.reg
c:\documents and settings\Administrator\Application Data\QUAD Backups\04.16.2010,14-04-36\HKEY_CURRENT_CONFIG.reg
c:\documents and settings\Administrator\Application Data\QUAD Backups\04.16.2010,14-04-36\HKEY_CURRENT_USER.reg
c:\documents and settings\Administrator\Application Data\QUAD Backups\04.16.2010,14-04-36\HKEY_LOCAL_MACHINE.reg
c:\documents and settings\Administrator\Application Data\QUAD Backups\04.16.2010,14-04-36\HKEY_USERS.reg
c:\documents and settings\Administrator\Application Data\QUAD Backups\06.27.2009,08-00-38\Automatic.reg
c:\documents and settings\Administrator\Application Data\QUAD Backups\06.28.2009,08-22-40\Automatic.reg
c:\documents and settings\Administrator\Application Data\QUAD Backups\06.29.2009,06-48-59\Automatic.reg
c:\documents and settings\Administrator\Application Data\QUAD Backups\06.30.2009,10-54-11\Automatic.reg
c:\documents and settings\Administrator\Application Data\QUAD Backups\07.27.2009,11-05-28\Automatic.reg
c:\documents and settings\Administrator\Recent\Thumbs.db
c:\documents and settings\Administrator\Start Menu\Programs\QUAD Utilities
c:\documents and settings\Administrator\Start Menu\Programs\QUAD Utilities\QUAD RegistryCleaner\QUAD RegistryCleaner.lnk
c:\documents and settings\Administrator\Start Menu\Programs\QUAD Utilities\QUAD RegistryCleaner\Uninstall QUAD RegistryCleaner.lnk
c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
c:\program files\QUAD Utilities
c:\program files\QUAD Utilities\QUAD RegistryCleaner\program.log
c:\program files\QUAD Utilities\QUAD RegistryCleaner\QUAD RegistryCleaner.exe
c:\program files\QUAD Utilities\QUAD RegistryCleaner\Scheduler.dll
c:\program files\QUAD Utilities\QUAD RegistryCleaner\Styles\Vista.cjstyles
c:\recycler\S-1-5-21-1708537768-602609370-725345543-500
c:\recycler\S-1-5-21-4261962953-2847145338-1083065114-500
C:\Thumbs.db
c:\windows\system32\AutoRun.inf
c:\windows\system32\Thumbs.db

c:\windows\system32\imm32.dll . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2010-03-16 to 2010-04-16 )))))))))))))))))))))))))))))))
.

2010-04-16 07:16 . 2010-04-16 07:16 -------- d-----w- C:\$AVG
2010-04-15 19:09 . 2010-04-15 19:13 -------- d-----w- c:\program files\Windows Live Safety Center
2010-04-15 17:50 . 2010-04-15 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-15 17:50 . 2010-04-15 17:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-15 17:50 . 2010-04-15 17:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-04-15 17:49 . 2010-04-15 17:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-15 17:47 . 2010-04-15 17:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-15 17:47 . 2010-04-15 17:47 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-04-15 17:47 . 2010-04-15 17:47 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-04-15 17:47 . 2010-04-15 17:47 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-15 17:47 . 2010-04-15 17:47 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-15 17:47 . 2010-04-15 17:47 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-15 17:46 . 2010-04-16 14:42 -------- d-----w- c:\windows\system32\drivers\Avg
2010-04-15 17:44 . 2010-04-15 17:44 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-04-15 17:44 . 2010-04-15 17:44 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-04-15 17:42 . 2010-04-15 17:42 -------- d-----w- c:\program files\AVG
2010-04-15 10:23 . 2010-03-09 10:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-15 10:23 . 2010-03-09 10:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-15 10:23 . 2010-03-09 10:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-15 10:23 . 2010-03-09 10:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-15 10:23 . 2010-03-09 10:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-15 10:23 . 2010-03-09 10:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-15 10:23 . 2010-03-09 10:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-15 10:23 . 2010-03-09 10:24 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-15 10:23 . 2010-03-09 10:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-15 10:23 . 2010-04-15 10:23 -------- d-----w- c:\program files\Alwil Software
2010-04-15 10:23 . 2010-04-15 10:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-04-14 23:03 . 2010-04-15 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-11 09:42 . 2006-10-27 00:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-04-11 09:42 . 2006-10-27 00:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-04-11 09:40 . 2010-04-11 09:40 -------- d-----w- c:\program files\Microsoft Works
2010-04-11 09:39 . 2010-04-11 09:39 -------- d-----w- c:\program files\MSBuild
2010-04-11 09:37 . 2010-04-11 09:37 -------- d-----w- c:\program files\Microsoft.NET
2010-04-11 09:30 . 2010-04-11 09:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Help
2010-04-11 09:29 . 2010-04-11 09:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-11 09:06 . 2010-04-11 09:06 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-04-11 09:05 . 2008-04-07 10:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-04-11 09:05 . 2008-04-07 10:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2010-04-04 23:39 . 2010-04-04 23:39 -------- d-----w- C:\dory-n-paris
2010-03-31 17:52 . 2010-04-15 17:23 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2010-03-29 11:21 . 2010-03-29 11:21 -------- d-----w- c:\program files\Microsoft Time Zone
2010-03-20 19:12 . 2010-03-20 19:12 -------- d-----w- c:\program files\Common Files\Nero
2010-03-20 19:08 . 2010-03-20 19:11 -------- d-----w- c:\program files\Nero
2010-03-20 17:15 . 2010-03-20 18:36 -------- d-----w- c:\program files\Total Video Converter
2010-03-20 16:15 . 2010-03-20 16:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVS4YOU
2010-03-20 16:12 . 2010-03-20 17:10 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-03-20 16:11 . 2008-08-13 15:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-03-20 16:11 . 2010-03-20 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-03-20 16:11 . 2008-08-13 15:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-03-20 16:11 . 2008-08-13 15:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-03-20 16:11 . 2010-04-15 09:11 -------- d-----w- c:\program files\AVS4YOU

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-16 08:23 . 2010-04-15 17:52 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-16 08:23 . 2010-04-15 17:51 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-15 18:51 . 2010-04-15 18:51 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-15 18:51 . 2010-04-15 18:51 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-15 17:50 . 2010-04-15 17:50 65024 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2010-04-15 17:50 . 2010-04-15 17:50 18944 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
2010-04-15 17:06 . 2008-12-03 14:16 -------- d-----w- c:\program files\Lavasoft Ad-aware 6
2010-04-15 16:10 . 2008-12-03 16:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-15 16:09 . 2010-04-15 16:09 5918775 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-15 09:24 . 2010-03-12 19:26 -------- d-----w- c:\program files\Elaborate Bytes
2010-04-15 08:28 . 2008-12-03 18:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-14 20:20 . 2010-02-09 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-04-14 20:18 . 2005-10-14 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-04-11 09:53 . 2005-12-15 16:16 95512 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-10 21:48 . 2010-03-12 19:18 -------- d-----w- c:\program files\SlySoft
2010-04-10 21:47 . 2010-02-27 18:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitTorrent
2010-04-02 19:40 . 2007-06-30 16:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2010-03-30 05:46 . 2008-12-03 16:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 05:45 . 2008-12-03 16:50 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-12 19:46 . 2010-03-12 19:46 -------- d-----w- c:\program files\Cucusoft
2010-03-12 19:46 . 2010-03-12 19:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\GetRightToGo
2010-03-12 19:24 . 2010-03-12 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft
2010-03-09 13:14 . 2010-03-03 13:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\gtk-2.0
2010-03-03 13:01 . 2010-03-03 13:01 -------- d-----w- c:\program files\GIMP-2.0
2010-02-27 18:15 . 2010-02-27 18:15 -------- d-----w- c:\program files\BitTorrent
2004-08-04 08:00 . 2004-08-04 08:00 4096 --sha-w- c:\windows\system32\nfhfynbyj.dat
.

------- Sigcheck -------

[-] 2008-12-03 . 2438B14041CFDFCD42162DA3B31E0774 . 110592 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-10 133104]
"Timezone"="c:\program files\Microsoft Time Zone\TimeZone.exe" [2004-10-19 712704]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 88363]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-30 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-30 114688]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-31 122940]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 729177]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-10-11 499712]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-08-24 397312]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-09-07 213054]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-07-04 184320]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 20:28 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-15 17:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 19:41 40960 ----a-w- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Call Me for Skype.lnk]
backup=c:\windows\pss\Call Me for Skype.lnkStartup
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Call Me for Skype.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Disney^Mix Central^Uninstall Disney Mix-It Plug-in and Skin.lnk]
backup=c:\windows\pss\Uninstall Disney Mix-It Plug-in and Skin.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Disney\Mix Central\Uninstall Disney Mix-It Plug-in and Skin.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 03:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 07:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 22:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
2008-04-17 01:18 2516344 ----a-w- c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-05-10 15:12 133104 ----atw- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 02:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-30 09:19 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2008-03-26 23:41 1232896 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-04-16 17:53 1079808 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2005-09-07 15:57 86016 ----a-w- c:\program files\HPQ\HP ProtectTools Security Manager\pthosttr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-03-11 17:00 24095528 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-15 18:23 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 08:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 02:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2010-04-15 30104]
R3 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [2010-04-15 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [2010-04-15 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [2010-04-15 26120]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
S0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSxx.sys [2010-04-15 25096]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-04-15 52872]
S1 aswSP;aswSP; [x]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-04-15 216200]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-04-15 242696]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2004-08-04 14336]
S2 aswFsBlk;aswFsBlk; [x]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-04-15 308064]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-04-15 2325816]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2010-04-15 30104]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [2005-05-31 87936]
S3 swmx02;HP ev2200 USB MUX Driver (02);c:\windows\system32\DRIVERS\swmx02.sys [2005-09-15 57600]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3120095592-837586283-1490110683-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-10 15:12]

2010-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3120095592-837586283-1490110683-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-10 15:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.netaddress.com/
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyServer = 168.116.162.7:1234
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath -

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-QUAD Scheduler - c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
MSConfigStartUp-QUAD Windows service - c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-16 16:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????8?6?2?8??????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3120095592-837586283-1490110683-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,21,17,a4,04,2c,b7,39,42,9f,2e,c6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,21,17,a4,04,2c,b7,39,42,9f,2e,c6,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1360)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

- - - - - - - > 'explorer.exe'(6164)
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\program files\HPQ\IAM\Bin\SFSShell.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng-us.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\DllHost.exe
c:\program files\HPQ\IAM\bin\asghost.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\windows\System32\SCardSvr.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\FolderSize\FolderSizeSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\windows\AGRSMMSG.exe
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\HPQ\SHARED\HPQTOA~1.EXE
c:\program files\HPQ\SHARED\HPQWMI.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2010-04-16 16:30:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-16 21:30

Pre-Run: 18,075,480,064 bytes free
Post-Run: 18,006,355,968 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Debug COM 1 Baud 57600" /fastdetect /debug /debugport=com1 /baudrate=57600
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Debug 1394 Channel 44" /fastdetect /debug /debugport=1394 /channel=44

- - End Of File - - DCF36E0E91544224313BF87E3B3FAB92
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top