1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active Rundll error loading

Discussion in 'Malware and Virus Removal Archive' started by reknaw, 2009/10/07.

  1. 2009/10/07
    reknaw

    reknaw Well-Known Member Thread Starter

    Joined:
    2002/05/17
    Messages:
    214
    Likes Received:
    1
    [Active] Rundll error loading

    I'm using Windows XP Home Edition and every time I boot up I receive
    RUNDALL Error loadin C:\WINDOWS\Spadahyunolife.dat - This specified module could not be found - I click OK and it goes away - how can I eliminate it altogether ?

    I run Ad-Aware, SpyBoot, Ccleaner and Pitstop Optimize 3 frequently to no avail.

    My "dds" and "DDS" logs follow:

    Any help Appreciated

    Reknaw :mad::mad:

    DDS (Ver_09-09-29.01) - NTFSx86
    Run by User at 19:31:55.34 on 07/10/2009
    Internet Explorer: 7.0.5730.13
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1223 [GMT -4:00]

    AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Oxigen\bin\OxiTray.exe
    C:\Program Files\Oxigen\bin\Oxigen.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\BellCanada\McciTrayApp.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe
    C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
    C:\Program Files\Paltalk Messenger\paltalk.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Webshots\Webshots.scr
    svchost.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    svchost.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\defragActivityMonitor.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\User\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = about:blank
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = localhost;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    uRun: [WeatherEye] c:\program files\theweathernetwork\weathereye\WeatherEye.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
    uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini
    mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
    mRun: [WinampAgent] c:\program files\winamp\winampa.exe
    mRun: [Tpabozu] rundll32.exe "c:\windows\Spadaliyunolife.dat ",e
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [SSA.exe] "c:\program files\bell\sympatico security advisor\SSA.exe" /AUTORUN
    mRun: [SkyTel] SkyTel.EXE
    mRun: [PC Pitstop Optimize Scheduler] c:\program files\pcpitstop\optimize\PCPOptimize.exe -boot
    mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe "
    mRun: [OxigenTrayIcon] "c:\program files\oxigen\bin\OxiTray.exe "
    mRun: [OxigenClientAdmin] "c:\program files\oxigen\bin\Oxigen.exe "
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
    mRun: [Logitech Utility] LOGI_MWX.EXE
    mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe "
    mRun: [ISUSScheduler] "c:\progra~1\common~1\instal~1\update~1\issch.exe" -start
    mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe "
    mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
    mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
    mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    mRun: [BellCanada_McciTrayApp] c:\program files\bellcanada\McciTrayApp.exe
    mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\user\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ashamp~1.lnk - c:\program files\ashampoo\ashampoo magical defrag\bin\aDefragCtrl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lumixs~1.lnk - c:\program files\panasonic\lumixsimpleviewer\PhLeAutoRun.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\paltalk.lnk - c:\program files\paltalk messenger\paltalk.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
    IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    DPF: PUFLITE - hxxp://www.kenallen.ca/Office/ColpaControls/Photo/Control/PUFLITE.CAB
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089}
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94}
    DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}
    DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B}
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} - hxxp://www.ooxtv.com/stream.ocx
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
    Notify: avgrsstarter - avgrsstx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll
    LSA: Notification Packages = scecli itbcet.dll

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-12 64160]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-8-18 34312]
    R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2007-12-21 468224]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1028432]
    R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-2-4 90352]
    S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe --> c:\progra~1\avg\avg8\avgwdsvc.exe [?]
    S2 gupdate1c9bc8759770ac;Google Update Service (gupdate1c9bc8759770ac);c:\program files\google\update\GoogleUpdate.exe [2009-4-13 133104]
    S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\spamfighter\sfus.exe [2009-2-12 184968]
    S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]

    =============== Created Last 30 ================

    2009-09-19 08:37 <DIR> --d----- c:\windows\system32\VirtualExpander
    2009-09-12 11:09 <DIR> --d----- c:\program files\sina
    2009-09-12 11:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVS4YOU
    2009-09-12 11:09 <DIR> --d----- c:\docume~1\user\applic~1\AVS4YOU
    2009-09-12 11:08 1,700,352 a------- c:\windows\system32\GdiPlus.dll
    2009-09-12 11:08 <DIR> --d----- c:\program files\common files\AVSMedia
    2009-09-12 11:07 <DIR> --d----- c:\program files\AVS4YOU
    2009-09-12 10:51 <DIR> --d----- c:\windows\system32\wbem\Repository
    2009-09-12 10:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TVU Networks
    2009-09-10 13:05 <DIR> --d----- c:\docume~1\user\applic~1\TVU networks

    ==================== Find3M ====================

    2009-09-15 07:53 31,084 ac------ c:\docume~1\user\applic~1\wklnhst.dat
    2009-08-14 23:50 162,370 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1033.dat
    2009-08-13 08:36 133,320 ac------ c:\docume~1\user\applic~1\GDIPFONTCACHEV1.DAT
    2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll
    2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll
    2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
    2009-07-28 14:55 579,602 a------- c:\windows\system32\x264vfw.dll
    2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
    2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
    2009-01-02 08:28 4,283 ac------ c:\program files\INSTALL.LOG
    0000-00-00 00:00 0 ac-sh--- c:\windows\system32\gedekuye.dll
    2009-06-10 17:39 848 ac-sh--- c:\windows\system32\KGyGaAvL.sys
    0000-00-00 00:00 0 ac-sh--- c:\windows\system32\ruyutave.dll
    0000-00-00 00:00 0 ac-sh--- c:\windows\system32\wuyojogi.dll

    ============= FINISH: 19:32:04.70 ===============

    NLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-09-29.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 23/10/2007 2:45:55 PM
    System Uptime: 10/07/2009 5:23:04 PM (2138 hours ago)

    Motherboard: | | NF-MCP61
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ | Socket M2 | 2612/201mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 233 GiB total, 200.212 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
    Description: Nokia 6620
    Device ID: ROOT\WPD\0000
    Manufacturer: Nokia
    Name: Nokia 6620
    PNP Device ID: ROOT\WPD\0000
    Service: WUDFRd

    ==== System Restore Points ===================

    RP822: 06/08/2009 2:00:47 PM - Printer Driver Microsoft XPS Document Writer Installed
    RP823: 07/08/2009 10:45:55 AM - Software Distribution Service 3.0
    RP824: 08/08/2009 11:40:50 AM - System Checkpoint
    RP825: 09/08/2009 9:28:55 PM - System Checkpoint
    RP826: 11/08/2009 9:00:05 AM - System Checkpoint
    RP827: 11/08/2009 5:42:47 PM - Software Distribution Service 3.0
    RP828: 13/08/2009 8:21:57 AM - System Checkpoint
    RP829: 14/08/2009 8:56:28 AM - System Checkpoint
    RP830: 14/08/2009 9:04:48 AM - Software Distribution Service 3.0
    RP831: 15/08/2009 10:15:20 AM - System Checkpoint
    RP832: 16/08/2009 10:59:31 AM - System Checkpoint
    RP833: 17/08/2009 11:35:59 AM - System Checkpoint
    RP834: 01/09/2009 9:42:05 AM - Software Distribution Service 3.0
    RP835: 02/09/2009 1:33:56 PM - System Checkpoint
    RP836: 03/09/2009 8:42:28 PM - System Checkpoint
    RP837: 04/09/2009 9:28:36 PM - System Checkpoint
    RP838: 05/09/2009 9:45:58 PM - System Checkpoint
    RP839: 08/09/2009 7:00:38 AM - System Checkpoint
    RP840: 09/09/2009 9:20:31 AM - System Checkpoint
    RP841: 09/09/2009 9:27:23 AM - Software Distribution Service 3.0
    RP842: 10/09/2009 8:34:59 PM - System Checkpoint
    RP843: 11/09/2009 8:58:43 PM - System Checkpoint
    RP844: 12/09/2009 10:49:48 AM - Restore Operation
    RP845: 12/09/2009 12:22:37 PM - Software Distribution Service 3.0
    RP846: 13/09/2009 6:24:25 PM - System Checkpoint
    RP847: 14/09/2009 9:24:23 PM - System Checkpoint
    RP848: 15/09/2009 9:54:19 PM - System Checkpoint
    RP849: 16/09/2009 10:00:14 PM - System Checkpoint
    RP850: 17/09/2009 10:07:41 PM - System Checkpoint
    RP851: 18/09/2009 10:53:41 PM - System Checkpoint
    RP852: 20/09/2009 9:37:39 AM - System Checkpoint
    RP853: 21/09/2009 5:57:27 PM - System Checkpoint
    RP854: 22/09/2009 7:35:35 PM - System Checkpoint
    RP855: 24/09/2009 7:37:49 PM - System Checkpoint
    RP856: 26/09/2009 12:21:15 AM - System Checkpoint
    RP857: 27/09/2009 11:37:37 AM - System Checkpoint
    RP858: 28/09/2009 1:40:00 PM - System Checkpoint
    RP859: 28/09/2009 10:33:32 PM - Software Distribution Service 3.0
    RP860: 30/09/2009 8:00:03 PM - System Checkpoint
    RP861: 01/10/2009 8:40:40 PM - System Checkpoint
    RP862: 02/10/2009 8:51:57 PM - System Checkpoint
    RP863: 03/10/2009 11:57:32 PM - System Checkpoint
    RP864: 05/10/2009 1:04:04 PM - System Checkpoint
    RP865: 06/10/2009 1:30:01 PM - System Checkpoint
    RP866: 07/10/2009 2:34:39 PM - System Checkpoint

    ==== Installed Programs ======================


    Ad-Aware
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.1.2
    Adobe Reader 8.1.2 Security Update 1 (KB403742)
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Software Suite
    Ashampoo Magical Defrag
    Ashampoo Magical Snap 2.30
    Ashampoo Photo Commander 7.20
    Ashampoo Photo Optimizer 2.00
    Avanquest update
    AVS Audio Converter version 6.1
    AVS Update Manager 1.0
    AVS4YOU Software Navigator 1.3
    Bonjour
    Brother MFL-Pro Suite
    CCleaner (remove only)
    CleanIt!
    Dual-Core Optimizer
    DVD Suite
    eMusic - 50 Free MP3 offer
    ESET NOD32 Antivirus
    ffdshow
    ffdshow [rev 1562] [2007-10-21]
    filogix forms Data File Import Utility (forms 2004)
    FootyOnline.tv
    Forms 2009
    Google Earth
    Google Earth Plug-in
    Google Update Helper
    Google Updater
    H264 Codecs
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB954550-v5)
    HP Driver Diagnostics
    HP Memories Disc
    Internet Check-Up
    iTunes
    Java(TM) 6 Update 11
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1
    LimeWire 5.2.13
    LiveOnlineFooty.com
    Logitech Desktop Messenger
    Logitech iTouch Software
    Logitech MouseWare 9.79
    LUMIX Simple Viewer
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Digital Image Library 9 - Blocker
    Microsoft Encarta Encyclopedia Standard 2005
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Money 2005
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2000 Small Business
    Microsoft Office Excel Viewer
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Picture It! Library 10
    Microsoft Picture It! Premium 10
    Microsoft Publisher 97
    Microsoft Silverlight
    Microsoft Streets and Trips 2005
    Microsoft User-Mode Driver Framework Feature Pack 1.5
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Word 2002
    Microsoft Works
    Microsoft Works 2005 Setup Launcher
    Microsoft Works Suite Add-in for Microsoft Word
    MSVC80_x86
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 6.0 Parser (KB933579)
    Nero 7 Essentials
    NetZero Internet and Voice Offer
    NVIDIA Drivers
    Oxigen Client v5.00.0000
    PaperPort Image Printer
    PC Connectivity Solution
    PC Pitstop Driver Alert 1.0.0.13
    PC Pitstop Exterminate2 2.0
    PC Pitstop Optimize3 3.0
    PDFcamp Pro v2.1
    PHOTOfunSTUDIO -viewer-
    PowerDVD
    PrimoPDF Redistribution Package
    Quick StartUp 2.3
    QuickTime
    RealPlayer
    Realtek High Definition Audio Driver
    ScanSoft PaperPort 11
    Scrabble Complete
    Security Update for CAPICOM (KB931906)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB923689)
    Shockwave
    Sina Web TV
    SIW version 1.73
    Sony Ericsson PC Suite 4.010.00
    SopCast 3.2.4
    SopCore 1.1.1
    Spybot - Search & Destroy
    Spybot - Search & Destroy 1.4
    Stationery, Brochures and More
    Sympatico Security Advisor 1.5.11
    TVAnts 1.0
    TVUPlayer 2.4.5.3
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Virtual Earth 3D (Beta)
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WeatherEye
    WebFldrs XP
    Webshots Desktop
    Winamp (remove only)
    Windows Driver Package - Nokia Modem (02/15/2007 3.1)
    Windows Driver Package - Nokia Modem (03/05/2008 3.7)
    Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
    Windows Driver Package - Nokia Modem (05/22/2008 3.8)
    Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
    Windows Driver Package - Nokia Modem (10/12/2007 3.6)
    Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Installer Clean Up
    Windows Internet Explorer 7
    Windows Live installer
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver
    WinZip 12.1
    WordPerfect Office 12
    Works Upgrade
    x264 Revision 534 x264.nl (remove only)
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    02/10/2009 12:59:56 PM, error: Service Control Manager [7000] - The AVG Free8 WatchDog service failed to start due to the following error: The system cannot find the path specified.

    ==== End Of File ===========================
     
    reknaw,
    #1
  2. 2009/10/08
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    Malware logs need to be posted in the Malware forum.... moved.
     
    Admin.,
    #2


  3. to hide this advert.

  4. 2009/10/08
    reknaw

    reknaw Well-Known Member Thread Starter

    Joined:
    2002/05/17
    Messages:
    214
    Likes Received:
    1
    Sorry, my mistake - thanks for moving it
     
    reknaw,
    #3
  5. 2009/10/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download Security Check from HERE, and save it to your Desktop.

    * Double-click SecurityCheck.exe
    * Follow the onscreen instructions inside of the black box.
    * A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE. If Combofix asks you to install Recovery Console, please allow it.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!



    Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Download HijackThis Installer
    Install, and run it.
    Post HijackTHis log.
    Do NOT attempt to fix anything!

    NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
     
    broni,
    #4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...