Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rundll32.exe - Application Error - Infected ?


  • This topic is locked This topic is locked
3 replies to this topic

#1 Frank Vasquez

Frank Vasquez

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 16 September 2008 - 07:34 PM

DELETED OTHER POST - FOLLOWED POSTING INSTRUCTIONS THIS TIME

NEED HELP!! Thanks!

I may have inadvertently downloaded a virus or Trojan yesterday. When I try to run a game, like COD4, I get the error message:

"Rundll32.exe - Application Error. The instruction at "0x7c9100c8" referenced memory at "0x00fa0010", the memory could not be "read"."

The error comes up about 4 times, having to hit "OK" each time.


Firefox and IE run fine, in fact everything does, except when I try to run a game like COD4, BF1942 or try to run something graphical like FUTUREMARK 3DMark06

I have turned on normal BOOT through MSCONFIG, and I have run all the Anti-Spyware progs as advised: BitDefender, SpyBot, SuperAntiSpyware, SDFIX, ComboFix, SmitFraud, etc.

Here is the latest DSS Log.

Deckard's System Scanner v20071014.68
Run by Frank Vasquez on 2008-09-16 20:26:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Frank Vasquez.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:26:35 PM, on 9/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ATI\WebPAM\jetty\extra\win32\Wrapper.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ATI\WebPAM\_jvm\bin\java.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Documents and Settings\Frank Vasquez\My Documents\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\Integrator.exe
C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
C:\Program Files\Marvell\61xx\tray\zRaidTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Frank Vasquez\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\FRANKV~1.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AWWFSPU] "C:\Program Files\ASUS WiFi-AP Solo\AWWFSPU.exe" -nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [AODAssist.exe] C:\Program Files\AMD\AMD OverDrive\AODAssist.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Documents and Settings\Frank Vasquez\My Documents\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe
O4 - Startup: MarvellTrayStartup.lnk = C:\Program Files\Marvell\61xx\tray\RaidTray.bat
O4 - Startup: Zoom.lnk = C:\Program Files\Dachshund Software\Zoom\Zoom.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: SetPointII.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O15 - Trusted IP range: 63.241.31.84
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {F648E9E2-DCD5-46F0-B09B-DD190B57CE69} (epExportForExcel_73.ExcelExport) - http://63.241.31.84/sales_forecast/Control...ExcelExport.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = tabs.toshiba.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = tabs.toshiba.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI WebPAM (ATIWebPAM) - Unknown owner - C:\Program Files\ATI\WebPAM\jetty\extra\win32\Wrapper.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 12744 bytes

-- Files created between 2008-08-16 and 2008-09-16 -----------------------------

2008-09-16 20:25:56 0 d-------- C:\Documents and Settings\Frank Vasquez\Application Data\HotSync
2008-09-16 20:17:48 0 dr-h----- C:\Documents and Settings\Frank Vasquez\Recent
2008-09-16 19:56:13 0 d-------- C:\WINDOWS\BDOSCAN8
2008-09-16 17:10:16 0 d-------- C:\Program Files\FileASSASSIN
2008-09-16 17:05:23 0 d-------- C:\Documents and Settings\Frank Vasquez\Application Data\Malwarebytes
2008-09-16 17:04:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-16 17:04:53 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-16 15:59:23 0 d-------- C:\Documents and Settings\Frank Vasquez\.housecall6.6
2008-09-16 15:12:52 0 d-------- C:\Program Files\Panda Security
2008-09-16 14:53:25 0 d-------- C:\Program Files\Trend Micro
2008-09-16 09:30:33 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-09-16 09:12:37 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-09-16 02:31:12 68096 --a------ C:\WINDOWS\zip.exe
2008-09-16 02:31:12 49152 --a------ C:\WINDOWS\VFind.exe
2008-09-16 02:31:12 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-09-16 02:31:12 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-09-16 02:31:12 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-09-16 02:31:12 98816 --a------ C:\WINDOWS\sed.exe
2008-09-16 02:31:12 80412 --a------ C:\WINDOWS\grep.exe
2008-09-16 02:31:12 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-09-16 01:34:31 64512 --ah----- C:\Documents and Settings\Frank Vasquez\Application Data\dach100.dll
2008-09-12 18:18:28 0 d-------- C:\Program Files\iPod
2008-09-12 18:18:23 0 d-------- C:\Program Files\iTunes
2008-09-12 18:18:23 0 d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-12 18:16:51 0 d-------- C:\Program Files\Bonjour
2008-09-12 18:15:18 0 d-------- C:\Program Files\QuickTime
2008-09-06 17:26:53 0 d-------- C:\Program Files\RivaTuner v2.10
2008-09-06 09:52:57 0 d-------- C:\Program Files\SystemRequirementsLab
2008-09-06 09:52:54 0 d-------- C:\Documents and Settings\Frank Vasquez\Application Data\SystemRequirementsLab
2008-08-29 09:53:50 61440 --a------ C:\WINDOWS\system32\dnssd.dll <Not Verified; Apple Inc.; Bonjour>
2008-08-27 15:07:03 3972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2008-08-27 15:07:03 5632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys <Not Verified; EnTech Taiwan; EnTech.sys>
2008-08-27 15:07:02 0 d-------- C:\WINDOWS\system32\Futuremark
2008-08-27 15:07:02 21664 --a------ C:\WINDOWS\system32\drivers\Entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
2008-08-27 15:05:16 0 d-------- C:\Program Files\Futuremark
2008-08-17 12:31:52 0 d-------- C:\WINDOWS\Startup (disabled)
2008-08-17 12:30:40 210 --ah----- C:\WINDOWS\sysdata.dat
2008-08-17 12:01:54 278 --a------ C:\WINDOWS\windat.dll
2008-08-17 12:01:15 311 --a------ C:\WINDOWS\winshell.dll
2008-08-17 11:49:39 514 --ah----- C:\WINDOWS\wininf.dat
2008-08-17 11:48:56 265 --ah----- C:\WINDOWS\winshell.dat
2008-08-17 11:48:51 0 d-------- C:\Program Files\Dachshund Software
2008-08-16 12:07:06 0 d-------- C:\Program Files\UrbanTerror


-- Find3M Report ---------------------------------------------------------------

2008-09-16 20:25:43 0 d-------- C:\Program Files\Palm
2008-09-16 20:17:32 0 d-------- C:\Documents and Settings\Frank Vasquez\Application Data\Macromedia
2008-09-16 20:16:32 60 --a------ C:\WINDOWS\zoom.dat
2008-09-16 20:16:30 9 --a------ C:\WINDOWS\mvraidver.dat
2008-09-16 20:16:29 61 --a------ C:\WINDOWS\hare.dat
2008-09-16 20:16:27 66 --a------ C:\WINDOWS\anticrash.dat
2008-09-16 20:16:10 0 d-------- C:\Program Files\Steam
2008-09-16 19:41:29 0 d-------- C:\Program Files\Common Files
2008-09-16 18:54:43 0 d-------- C:\Program Files\AMD
2008-09-16 16:20:15 0 d-------- C:\Program Files\Java
2008-09-16 14:05:22 0 --a------ C:\AUTOEXEC.BAT
2008-09-16 09:33:04 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-09-15 13:37:13 0 d-------- C:\Program Files\SpeedFan
2008-09-12 18:15:26 0 d-------- C:\Program Files\Common Files\Apple
2008-09-06 10:50:03 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-05 22:47:55 0 d-------- C:\Program Files\Common Files\LightScribe
2008-09-02 12:27:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-28 15:18:28 0 d-------- C:\Program Files\SlySoft
2008-08-27 15:18:59 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-08-25 09:36:37 0 d-------- C:\Program Files\Paint.NET
2008-08-18 22:43:25 0 d-------- C:\Program Files\Microsoft Silverlight
2008-08-17 12:25:16 0 d-------- C:\Documents and Settings\Frank Vasquez\Application Data\FrostWire
2008-08-13 03:05:53 0 d-------- C:\Program Files\Messenger
2008-08-10 00:20:22 0 d-------- C:\Program Files\Apple Software Update
2008-08-08 00:09:45 0 d-------- C:\Documents and Settings\Frank Vasquez\Application Data\Arcsoft
2008-08-07 17:14:43 0 d-------- C:\Program Files\MSI
2008-08-04 05:44:19 0 d-------- C:\Program Files\TomTom HOME
2008-07-27 22:38:31 0 d-------- C:\Program Files\MagicISO
2008-07-27 19:53:46 0 d-------- C:\Program Files\Alcohol Soft
2008-07-26 21:43:16 0 d-------- C:\Documents and Settings\Frank Vasquez\Application Data\Vso
2008-07-25 18:05:37 0 d-------- C:\Documents and Settings\Frank Vasquez\Application Data\Corel
2008-07-22 10:59:53 0 d-------- C:\Program Files\Yahoo!
2008-07-20 22:27:45 0 d-------- C:\Documents and Settings\Frank Vasquez\Application Data\Ahead
2008-07-18 13:09:56 0 d-------- C:\Program Files\FrostWire
2008-07-16 13:41:26 0 d-------- C:\Documents and Settings\Frank Vasquez\Application Data\Apple Computer
2008-07-09 12:12:12 208896 --a------ C:\WINDOWS\system32\WinSys2.exe <Not Verified; ; DOT Application>
2008-07-09 12:12:12 131072 --a------ C:\WINDOWS\system32\smdll.dll <Not Verified; ; SMdll Dynamic Link Library>
2008-07-09 12:12:12 614400 --a------ C:\WINDOWS\system32\msvcr80.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Studio® .NET>
2008-07-09 12:12:12 1777664 --a------ C:\WINDOWS\system32\msicpl.dll <Not Verified; MSI; MSI MsiCpl>
2008-07-09 12:12:12 130048 --a------ C:\WINDOWS\system32\MadCHook.dll <Not Verified; www.madshi.net; madCHook>
2008-07-09 12:12:12 262144 --a------ C:\WINDOWS\system32\HookShield.dll
2008-07-09 12:12:12 258048 --a------ C:\WINDOWS\system32\HookMAp.dll
2008-07-09 12:12:12 32768 --a------ C:\WINDOWS\system32\Auxiliary.dll
2008-06-27 02:38:12 729088 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AWWFSPU"="C:\Program Files\ASUS WiFi-AP Solo\AWWFSPU.exe" [12/18/2006 01:19 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/03/2008 11:16 AM]
"nwiz"="nwiz.exe" [05/03/2008 11:16 AM C:\WINDOWS\system32\nwiz.exe]
"WinSys2"="C:\WINDOWS\system32\winsys2.exe" [07/09/2008 12:12 PM]
"AODAssist.exe"="C:\Program Files\AMD\AMD OverDrive\AODAssist.exe" [09/25/2007 06:42 PM]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [09/06/2007 12:19 PM]
"CPU Power Monitor"="C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [10/16/2007 12:35 PM]
"Cpu Level Up help"="C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [09/11/2007 11:32 AM]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [09/22/2004 09:00 AM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [12/07/2005 04:55 AM]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [10/07/2003 10:48 AM]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [12/13/2007 06:43 PM]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [12/13/2007 06:57 PM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [07/17/2007 06:39 PM C:\WINDOWS\KHALMNPR.Exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 12:50 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/06/2008 12:40 PM]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [08/16/2007 10:25 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [12/18/2006 09:34 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/03/2008 11:16 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [09/06/2008 03:09 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/10/2008 05:40 PM]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [02/06/2007 12:20 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]
"LightScribe Control Panel"="C:\Documents and Settings\Frank Vasquez\My Documents\LightScribe\LightScribeControlPanel.exe" [04/19/2007 01:26 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/18/2008 06:41 PM]
"Steam"="C:\Program Files\Steam\Steam.exe" [04/18/2008 11:04 AM]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [09/24/2004 06:22 PM]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [08/26/2008 01:25 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [09/16/2008 09:33 AM]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Frank Vasquez\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 8:16:50 PM]
AntiCrash.lnk - C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe [12/17/2002 12:00:44 PM]
Hare.lnk - C:\Program Files\Dachshund Software\Hare\Hare.exe [9/21/2002 12:26:40 PM]
MarvellTrayStartup.lnk - C:\Program Files\Marvell\61xx\tray\RaidTray.bat [2/27/2008 5:09:45 PM]
Zoom.lnk - C:\Program Files\Dachshund Software\Zoom\Zoom.exe [9/21/2002 12:27:14 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2/27/2008 7:49:39 PM]
SetPointII.lnk - C:\Program Files\Logitech\SetPoint II\SetpointII.exe [8/30/2007 7:13:06 PM]
VPN Client.lnk - C:\WINDOWS\Installer\{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}\Icon3E5562ED7.ico [2/27/2008 7:15:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 09/16/2008 09:33 AM 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymAppCore"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"ISPwdSvc"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"LiveUpdate"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

*Newly Created Service* - PAVBOOT
*Newly Created Service* - SASDIFSV

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"



-- End of Deckard's System Scanner: finished at 2008-09-16 20:26:53 ------------

BC AdBot (Login to Remove)

 


#2 Frank Vasquez

Frank Vasquez
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 17 September 2008 - 04:18 PM

Well, whatever I downloaded, I believe the slew of Virus and Spyware sweeps I did killed it, but the damage had been done - After tooling around for some time, I figured that the Video Driver was corrupted, so I re-installed the latest Driver for my card and voila - no more rundll32.exe application errors.

YAY! Glad I could do this on my own

"It's Shake-N-Bake, and I helped!"

Most of you are probably tooooo young to get that joke.

#3 Frank Vasquez

Frank Vasquez
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 17 September 2008 - 04:18 PM

Dang double post!

Edited by Frank Vasquez, 17 September 2008 - 04:19 PM.


#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,503 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:44 AM

Posted 28 September 2008 - 06:04 PM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users