Jump to content

Please Help get rid of reluctant virus

tfindley604

By tfindley604
in Resolved Malware Removal Logs

 Share

Recommended Posts

tfindley604

tfindley604

Posted
Posted

DDS (Ver_10-12-12.02) - NTFSx86

Run by Parent at 17:36:23.42 on Wed 12/29/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1789.1202 [GMT -5:00]

AV: Total Protection Service *Enabled/Updated* {8C354827-2F54-4E28-90DC-AD391E77808C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

svchost.exe

C:\Program Files\LSI SoftModem\agrsmsvc.exe

C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe

C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\regsvr32.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\MsiExec.exe

C:\Program Files\McAfee\Managed VirusScan\Agent\UpdDlg.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Parent\Local Settings\Temporary Internet Files\Content.IE5\2WXM6F2K\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.k12.com/

uDefault_Page_URL = hxxp://www.k12.com

uInternet Connection Wizard,ShellNext = iexplore

mWinlogon: Userinit=c:\windows\system32\userinit.exe

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\managed virusscan\vscan\ScriptSn.20100812101007.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Vmuruwesebe] rundll32.exe "c:\windows\ofspldsp.dll",Startup

uRun: [126453] c:\docume~1\parent\locals~1\temp\126453.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [McAfee Managed Services Tray] c:\program files\mcafee\managed virusscan\desktopui\XTray.Exe

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [MVS Splash] "c:\program files\mcafee\managed virusscan\desktopui\XTray.exe" /LOGON

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Mzoli] rundll32.exe "c:\windows\upeqeruzonahuko.dll",Startup

mRunOnce: [Malwarebytes' Anti-Malware] c:\me\mbamgui.exe /install /silent

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - c:\program files\mcafee\managed virusscan\agent\MyRmProt5.0.0.811.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [2010-6-18 184888]

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-10 214664]

R2 EngineServer;EngineServer;c:\program files\mcafee\managed virusscan\vscan\EngineServer.exe [2010-8-10 14144]

R2 McShield;McShield;c:\progra~1\mcafee\manage~1\vscan\McShield.exe [2010-8-10 144704]

R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2010-8-10 282824]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2002-12-31 44800]

R3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\mfeavfk.sys [2010-8-10 79816]

R3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2010-8-10 35272]

S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2010-8-10 34248]

S4 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]

=============== Created Last 30 ================

2010-12-29 22:30:58 -------- d-----w- c:\docume~1\parent\applic~1\Malwarebytes

2010-12-29 22:30:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-29 22:30:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-12-29 22:30:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-29 22:30:48 -------- d-----w- C:\me

2010-12-29 22:27:16 -------- d-----w- c:\windows\system32\Lang

2010-12-29 21:47:38 -------- d-----w- c:\program files\Kodak

2010-12-29 21:47:34 -------- d-----w- c:\program files\julie

2010-12-29 21:44:45 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}

2010-12-29 18:01:15 -------- d-----w- c:\windows\system32\wbem\mof\good

2010-12-29 18:01:15 -------- d-----w- c:\windows\system32\wbem\mof\bad

2010-12-29 17:42:17 -------- d-----w- c:\windows\system32\appmgmt

2010-12-27 19:19:51 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-12-18 02:33:00 350208 ----a-w- c:\windows\system32\mssph.dll

2010-12-18 02:32:12 -------- d-----w- c:\docume~1\parent\locals~1\applic~1\ApplicationHistory

2010-12-18 02:26:57 -------- d-----w- c:\program files\Microsoft

2010-12-18 02:24:31 -------- d-----w- c:\program files\common files\Windows Live

2010-12-18 02:23:10 -------- d-----w- c:\program files\Windows Desktop Search

2010-12-18 02:22:05 -------- d-----w- c:\windows\system32\URTTEMP

2010-12-11 21:33:24 0 ----a-w- c:\windows\Byizilawetidalu.bin

2010-12-11 19:02:45 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll

2010-12-11 19:02:44 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll

2010-12-11 19:02:44 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll

2010-12-11 19:02:44 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll

2010-12-11 19:02:43 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe

2010-12-11 19:01:17 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys

2010-12-11 19:01:17 465920 -c--a-w- c:\windows\system32\dllcache\imapi2fs.dll

2010-12-11 19:01:17 465920 ------w- c:\windows\system32\imapi2fs.dll

2010-12-11 19:01:17 317952 -c--a-w- c:\windows\system32\dllcache\imapi2.dll

2010-12-11 19:01:17 317952 ------w- c:\windows\system32\imapi2.dll

2010-12-05 17:04:28 -------- d-----w- c:\program files\Windows Media Connect 2

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec

2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: WDC_____ rev.03.0 -> Harddisk0\DR0 -> \Device\Scsi\ahcix861

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89CE1555]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89ce77b0]; MOV EAX, [0x89ce782c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x8A5848C8]

3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x89CC8118]

\Driver\ahcix86[0x8A5C33E8] -> IRP_MJ_CREATE -> 0x89CE1555

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

\Device\Scsi\ahcix861Port0Path0Target0Lun0 -> \??\SCSI#Disk&Ven_WDC&Prod_WD1600AAJS-60Z0A&Rev_03.0#4&13a82458&0&000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

============= FINISH: 17:37:44.57 ===============

ark.zip

Mine2.zip

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello tfindley604! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

What about Attach.txt ?

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Good! :P

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, change it to Cure and then click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Link to post
Share on other sites
tfindley604

tfindley604

Posted
  • Author
Posted

As my computer starts up .. I get two error messages

error loading c:\windows\ofspldsp.dll

error loading c:\upeqeruzonahuko.dll

Here was the report afterwards ... it cured something win32?

Thanks

Tina

2010/12/30 10:17:20.0875 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46

2010/12/30 10:17:20.0875 ================================================================================

2010/12/30 10:17:20.0875 SystemInfo:

2010/12/30 10:17:20.0875

2010/12/30 10:17:20.0875 OS Version: 5.1.2600 ServicePack: 3.0

2010/12/30 10:17:20.0875 Product type: Workstation

2010/12/30 10:17:20.0875 ComputerName: K12-6000A467406

2010/12/30 10:17:20.0875 UserName: Parent

2010/12/30 10:17:20.0875 Windows directory: C:\WINDOWS

2010/12/30 10:17:20.0875 System windows directory: C:\WINDOWS

2010/12/30 10:17:20.0875 Processor architecture: Intel x86

2010/12/30 10:17:20.0875 Number of processors: 1

2010/12/30 10:17:20.0875 Page size: 0x1000

2010/12/30 10:17:20.0875 Boot type: Normal boot

2010/12/30 10:17:20.0875 ================================================================================

2010/12/30 10:17:21.0078 Initialize success

Link to post
Share on other sites
tfindley604

tfindley604

Posted
  • Author
Posted

Here's the new DDS

DDS (Ver_10-12-12.02) - NTFSx86

Run by Parent at 11:59:33.59 on Thu 12/30/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1789.1283 [GMT -5:00]

AV: Total Protection Service *Enabled/Updated* {8C354827-2F54-4E28-90DC-AD391E77808C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Parent\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.k12.com/

uDefault_Page_URL = hxxp://www.k12.com

uInternet Connection Wizard,ShellNext = iexplore

mWinlogon: Userinit=c:\windows\system32\userinit.exe

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\managed virusscan\vscan\ScriptSn.20100812101007.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Vmuruwesebe] rundll32.exe "c:\windows\ofspldsp.dll",Startup

uRun: [126453] c:\docume~1\parent\locals~1\temp\126453.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [McAfee Managed Services Tray] c:\program files\mcafee\managed virusscan\desktopui\XTray.Exe

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [MVS Splash] "c:\program files\mcafee\managed virusscan\desktopui\XTray.exe" /LOGON

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Mzoli] rundll32.exe "c:\windows\upeqeruzonahuko.dll",Startup

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - c:\program files\mcafee\managed virusscan\agent\MyRmProt5.0.0.811.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [2010-6-18 184888]

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-10 214664]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2002-12-31 44800]

S2 EngineServer;EngineServer;c:\program files\mcafee\managed virusscan\vscan\EngineServer.exe [2010-8-10 14144]

S2 McShield;McShield;c:\progra~1\mcafee\manage~1\vscan\McShield.exe [2010-8-10 144704]

S2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2010-8-10 282824]

S3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\mfeavfk.sys [2010-8-10 79816]

S3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2010-8-10 35272]

S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2010-8-10 34248]

S4 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]

=============== Created Last 30 ================

2010-12-29 22:30:58 -------- d-----w- c:\docume~1\parent\applic~1\Malwarebytes

2010-12-29 22:30:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-29 22:30:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-12-29 22:30:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-29 22:30:48 -------- d-----w- C:\me

2010-12-29 22:27:16 -------- d-----w- c:\windows\system32\Lang

2010-12-29 21:47:34 -------- d-----w- c:\program files\julie

2010-12-29 21:44:45 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}

2010-12-29 18:01:15 -------- d-----w- c:\windows\system32\wbem\mof\good

2010-12-29 18:01:15 -------- d-----w- c:\windows\system32\wbem\mof\bad

2010-12-29 17:42:17 -------- d-----w- c:\windows\system32\appmgmt

2010-12-27 19:19:51 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-12-18 02:33:00 350208 ----a-w- c:\windows\system32\mssph.dll

2010-12-18 02:32:12 -------- d-----w- c:\docume~1\parent\locals~1\applic~1\ApplicationHistory

2010-12-18 02:26:57 -------- d-----w- c:\program files\Microsoft

2010-12-18 02:24:31 -------- d-----w- c:\program files\common files\Windows Live

2010-12-18 02:23:10 -------- d-----w- c:\program files\Windows Desktop Search

2010-12-18 02:22:05 -------- d-----w- c:\windows\system32\URTTEMP

2010-12-11 21:33:24 0 ----a-w- c:\windows\Byizilawetidalu.bin

2010-12-11 19:02:45 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll

2010-12-11 19:02:44 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll

2010-12-11 19:02:44 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll

2010-12-11 19:02:44 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll

2010-12-11 19:02:43 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe

2010-12-11 19:01:17 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys

2010-12-11 19:01:17 465920 -c--a-w- c:\windows\system32\dllcache\imapi2fs.dll

2010-12-11 19:01:17 465920 ------w- c:\windows\system32\imapi2fs.dll

2010-12-11 19:01:17 317952 -c--a-w- c:\windows\system32\dllcache\imapi2.dll

2010-12-11 19:01:17 317952 ------w- c:\windows\system32\imapi2.dll

2010-12-05 17:04:28 -------- d-----w- c:\program files\Windows Media Connect 2

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec

2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 11:59:54.03 ===============

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Goood! :)

  • Download OTL to your desktop. Otherwise, try OTL.com or OTL.scr .
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

  • Run OTL.exe
  • Under Custom Scans/Fixes post the following script:

:OTL
O4 - HKLM..\Run: [Mzoli] C:\WINDOWS\upeqeruzonahuko.DLL File not found
O4 - HKCU..\Run: [Vmuruwesebe] C:\WINDOWS\ofspldsp.DLL File not found

:files
C:\WINDOWS\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\imsins.BAK

:Commands
[purity]
[emptytemp]
[resethosts]

  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  • Please post that log in your next reply.

Link to post
Share on other sites
  • 2 weeks later...
LDTate

LDTate

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.