Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: getting runDLL  (Read 5525 times)

0 Members and 1 Guest are viewing this topic.

John H

    Topic Starter


    Beginner

    getting runDLL
    « on: October 26, 2008, 10:10:19 PM »
    I been having problems with my computer, HP, Pavillion a1700n, 250 GB HD, 3 mb ram, AMD 64 Atlon core.

     I deleted my super antivirus program and tried to get rid of Norton,no luck downloaded AVG and when it started to show me threats it showing me the same ones over and over instead of fixing them. Finally I it to heal them or quarantine them, it warned me that that action couls instability or crash, that was a big mistake because now I keep getting a DLL box opening every 2 seconds that says error loading, I can barely type because it keeps popping up, please help, thanks.
    Logged

    iamtonsoffun247



      Apprentice

      Thanked: 7
      Re: getting runDLL
      « Reply #1 on: October 26, 2008, 11:28:38 PM »
      Welcome.

      To start off, look here: http://www.computerhope.com/forum/index.php/topic,46313.0.html

      follow the instructions and post back the 3 necessary logs
      Logged

      John H

        Topic Starter


        Beginner

        Re: getting runDLL
        « Reply #2 on: November 04, 2008, 09:19:37 PM »
        Thanks for the help. I got the run dll problem fixed for the most part. I still get an error when I log in. The computer is running slow now. Here are the logs.  Malwarebytes' Anti-Malware 1.30
        Database version: 1366
        Windows 6.0.6001 Service Pack 1

        11/4/2008 9:18:04 PM
        mbam-log-2008-11-04 (21-18-04).txt

        Scan type: Quick Scan
        Objects scanned: 84601
        Time elapsed: 9 minute(s), 59 second(s)

        Memory Processes Infected: 0
        Memory Modules Infected: 0
        Registry Keys Infected: 9
        Registry Values Infected: 1
        Registry Data Items Infected: 0
        Folders Infected: 8
        Files Infected: 18

        Memory Processes Infected:
        (No malicious items detected)

        Memory Modules Infected:
        (No malicious items detected)

        Registry Keys Infected:
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\TypeLib\{76d54105-99eb-4ecb-95b2-a944f50cc566} (Adware.Hotbar) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{a3e67daa-da01-4da5-98be-3088b554a11e} (Adware.Hotbar) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a3e67daa-da01-4da5-98be-3088b554a11e} (Adware.Hotbar) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{d95c7240-0282-4c01-93f5-673bca03da86} (Adware.Hotbar) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d95c7240-0282-4c01-93f5-673bca03da86} (Adware.Hotbar) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

        Registry Values Infected:
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\38ffabca (Trojan.Vundo) -> Quarantined and deleted successfully.

        Registry Data Items Infected:
        (No malicious items detected)

        Folders Infected:
        C:\Program Files\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
        C:\Program Files\Hotbar\bin (Adware.Hotbar) -> Quarantined and deleted successfully.
        C:\Program Files\Hotbar\bin\10.2.232.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
        C:\Program Files\Hotbar\bin\10.2.232.0\firefox (Adware.Hotbar) -> Quarantined and deleted successfully.
        C:\Program Files\Hotbar\bin\10.2.232.0\firefox\extensions (Adware.Hotbar) -> Quarantined and deleted successfully.
        C:\Program Files\Hotbar\bin\10.2.232.0\firefox\extensions\components (Adware.Hotbar) -> Quarantined and deleted successfully.
        C:\Program Files\Hotbar\bin\10.2.232.0\firefox\extensions\plugins (Adware.Hotbar) -> Quarantined and deleted successfully.
        C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.

        Files Infected:
        C:\Users\CCI Cleaning LLC\Desktop\PLAY_MP3.exe (Adware.PlayMp3z) -> Quarantined and deleted successfully.
        C:\Program Files\Hotbar\bin\10.2.232.0\arrow.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
        C:\Program Files\Hotbar\bin\10.2.232.0\copyright.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
        C:\Program Files\Hotbar\bin\10.2.232.0\HostOE.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
        C:\Program Files\Hotbar\bin\10.2.232.0\HostOL.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
        C:\Program Files\Hotbar\bin\10.2.232.0\HotbarSAAX.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
        C:\Program Files\Hotbar\bin\10.2.232.0\HotbarSADF.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
        C:\Program Files\Hotbar\bin\10.2.232.0\HotbarSAHook.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
        C:\Program Files\Hotbar\bin\10.2.232.0\HotbarUninstaller.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
        C:\Program Files\Hotbar\bin\10.2.232.0\LaunchHelp.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
        C:\Program Files\Hotbar\bin\10.2.232.0\link.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
        C:\Program Files\Hotbar\bin\10.2.232.0\Srv.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
        C:\Program Files\Hotbar\bin\10.2.232.0\Toolbar.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
        C:\Program Files\Hotbar\bin\10.2.232.0\WeSkin.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
        C:\Program Files\Hotbar\bin\10.2.232.0\firefox\extensions\chrome.manifest (Adware.Hotbar) -> Quarantined and deleted successfully.
        C:\Program Files\Hotbar\bin\10.2.232.0\firefox\extensions\install.rdf (Adware.Hotbar) -> Quarantined and deleted successfully.
        C:\Program Files\Hotbar\bin\10.2.232.0\firefox\extensions\components\npclntax.xpt (Adware.Hotbar) -> Quarantined and deleted successfully.
        C:\Program Files\Hotbar\bin\10.2.232.0\firefox\extensions\plugins\npclntax_HotbarSA.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 9:52:17 PM, on 11/4/2008
        Platform: Windows Vista SP1 (WinNT 6.00.1905)
        MSIE: Internet Explorer v7.00 (7.00.6001.18000)
        Boot mode: Normal

        Running processes:
        C:\Windows\system32\Dwm.exe
        C:\Windows\system32\taskeng.exe
        C:\Windows\Explorer.EXE
        C:\Program Files\Windows Defender\MSASCui.exe
        C:\hp\support\hpsysdrv.exe
        C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
        C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
        C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
        C:\Windows\RtHDVCpl.exe
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\Windows\System32\rundll32.exe
        C:\Program Files\SpiralFrog\Spiralfrog.exe
        C:\Program Files\AVG\AVG8\avgtray.exe
        C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
        C:\Windows\ehome\ehtray.exe
        C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
        C:\Program Files\Ares Vista\Ares.exe
        C:\Program Files\Windows Media Player\wmpnscfg.exe
        C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
        C:\Windows\ehome\ehmsas.exe
        C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
        C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
        C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
        C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
        C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
        C:\hp\kbd\kbd.exe
        C:\Windows\system32\taskeng.exe
        C:\Windows\system32\sdclt.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Windows\system32\SearchFilterHost.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
        O1 - Hosts: ::1 localhost
        O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
        O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
        O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
        O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
        O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
        O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
        O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
        O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
        O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
        O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
        O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
        O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
        O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
        O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
        O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
        O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
        O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
        O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
        O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
        O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [SpiralFrog] C:\Program Files\SpiralFrog\Spiralfrog.exe
        O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
        O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
        O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
        O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
        O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
        O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
        O4 - HKCU\..\Run: [ares vista] "C:\Program Files\Ares Vista\Ares.exe" -h
        O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
        O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
        O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
        O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
        O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
        O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
        O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
        O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
        O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
        O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\StreamingStar\HiDownload\HDGetAll.htm
        O8 - Extra context menu item: Download by HiDownload - C:\Program Files\StreamingStar\HiDownload\HDGet.htm
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
        O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\StreamingStar\HiDownload\hidownload.exe (HKCU)
        O13 - Gopher Prefix:
        O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
        O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll
        O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
        O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
        O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
        O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
        O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
        O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
        O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
        O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
        O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
        O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
        O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
        O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
        O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
        O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
        O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
        O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
        O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

        --
        Logged

        John H

          Topic Starter


          Beginner

          Re: getting runDLL
          « Reply #3 on: November 04, 2008, 09:21:32 PM »
          Here's the third log, too many characters on the other reply.End of file - 11997 bytes
          SUPERAntiSpyware Scan Log
          http://www.superantispyware.com

          Generated 11/04/2008 at 08:44 PM

          Application Version : 4.21.1004

          Core Rules Database Version : 3623
          Trace Rules Database Version: 1607

          Scan type       : Quick Scan
          Total Scan Time : 00:52:14

          Memory items scanned      : 875
          Memory threats detected   : 0
          Registry items scanned    : 487
          Registry threats detected : 195
          File items scanned        : 19467
          File threats detected     : 16

          Adware.180solutions/Seekmo
             HKCR\HostIE.Bho
             HKCR\HostIE.Bho\CurVer
             HKCR\HostIE.Bho.1

          Adware.Zango Toolbar/Hb
             HKCR\HbCoreSrv.DynamicProp
             HKCR\HbCoreSrv.DynamicProp\CurVer
             HKCR\HbCoreSrv.DynamicProp.1
             HKCR\Wallpaper.WallpaperManager
             HKCR\Wallpaper.WallpaperManager\CurVer
             HKCR\Wallpaper.WallpaperManager.1
             HKCR\CoreSrv.CoreServices
             HKCR\CoreSrv.CoreServices\CurVer
             HKCR\CoreSrv.CoreServices.1
             HKCR\CoreSrv.LfgAx
             HKCR\CoreSrv.LfgAx\CurVer
             HKCR\CoreSrv.LfgAx.1
             HKCR\HBMain.CommBand
             HKCR\HBMain.CommBand\CurVer
             HKCR\HBMain.CommBand.1
             HKCR\hbr.HbMain
             HKCR\hbr.HbMain\CurVer
             HKCR\hbr.HbMain.1
             HKCR\HostOL.MailAnim
             HKCR\HostOL.MailAnim\CLSID
             HKCR\HostOL.MailAnim\CurVer
             HKCR\HostOL.MailAnim.1
             HKCR\HostOL.MailAnim.1\CLSID
             HKCR\HostOL.WebmailSend
             HKCR\HostOL.WebmailSend\CLSID
             HKCR\HostOL.WebmailSend\CurVer
             HKCR\HostOL.WebmailSend.1
             HKCR\HostOL.WebmailSend.1\CLSID
             HKCR\Srv.CoreServices
             HKCR\Srv.CoreServices\CLSID
             HKCR\Srv.CoreServices\CurVer
             HKCR\Srv.CoreServices.1
             HKCR\Srv.CoreServices.1\CLSID
             HKCR\Toolbar.HtmlMenuUI
             HKCR\Toolbar.HtmlMenuUI\CLSID
             HKCR\Toolbar.HtmlMenuUI\CurVer
             HKCR\Toolbar.HtmlMenuUI.1
             HKCR\Toolbar.HtmlMenuUI.1\CLSID
             HKCR\Toolbar.ToolbarCtl
             HKCR\Toolbar.ToolbarCtl\CLSID
             HKCR\Toolbar.ToolbarCtl\CurVer
             HKCR\Toolbar.ToolbarCtl.1
             HKCR\Toolbar.ToolbarCtl.1\CLSID

          Adware.Vundo Variant/Rel
             HKU\S-1-5-21-2430150753-969689782-1605659421-1000\Software\Microsoft\Windows\CurrentVersion\Run#MSServer [ rundll32.exe C:\Users\CCICLE~1\AppData\Local\Temp\byxuvWMf.dll,#1 ]
             HKU\S-1-5-21-2430150753-969689782-1605659421-1000\Software\Microsoft\Windows\CurrentVersion\Run#cmds [ rundll32.exe C:\Users\CCICLE~1\AppData\Local\Temp\ssqQhEUn.dll,c ]
             HKU\S-1-5-21-2430150753-969689782-1605659421-1000\Software\Microsoft\rdfa

          Adware.Zango/ShoppingReport
             HKCR\CntntCntr.CntntDic
             HKCR\CntntCntr.CntntDic\CurVer
             HKCR\CntntCntr.CntntDic.1
             HKCR\CntntCntr.CntntDisp
             HKCR\CntntCntr.CntntDisp\CurVer
             HKCR\CntntCntr.CntntDisp.1
             HKCR\WeatherDPA.WeatherController
             HKCR\WeatherDPA.WeatherController\CurVer
             HKCR\WeatherDPA.WeatherController.1
             HKCR\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}
             HKCR\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}\Control
             HKCR\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}\InprocServer32
             HKCR\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}\InprocServer32#ThreadingModel
             HKCR\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}\MiscStatus
             HKCR\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}\MiscStatus\1
             HKCR\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}\ProgID
             HKCR\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}\Programmable
             HKCR\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}\ToolboxBitmap32
             HKCR\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}\TypeLib
             HKCR\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}\Version
             HKCR\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}\VersionIndependentProgID
             HKCR\CLSID\{70880CE6-308C-4204-A89E-B266C3F7B7FA}
             HKCR\CLSID\{70880CE6-308C-4204-A89E-B266C3F7B7FA}\LocalServer32
             HKCR\CLSID\{70880CE6-308C-4204-A89E-B266C3F7B7FA}\ProgID
             HKCR\CLSID\{70880CE6-308C-4204-A89E-B266C3F7B7FA}\Programmable
             HKCR\CLSID\{70880CE6-308C-4204-A89E-B266C3F7B7FA}\TypeLib
             HKCR\CLSID\{70880CE6-308C-4204-A89E-B266C3F7B7FA}\VersionIndependentProgID
             HKCR\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}
             HKCR\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}\Control
             HKCR\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}\InprocServer32
             HKCR\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}\InprocServer32#ThreadingModel
             HKCR\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}\ProgID
             HKCR\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}\Programmable
             HKCR\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}\ToolboxBitmap32
             HKCR\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}\TypeLib
             HKCR\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}\VersionIndependentProgID
             HKCR\CLSID\{CC19A5F2-B4AD-41D5-A5C9-0680904C1483}
             HKCR\CLSID\{CC19A5F2-B4AD-41D5-A5C9-0680904C1483}\InprocServer32
             HKCR\CLSID\{CC19A5F2-B4AD-41D5-A5C9-0680904C1483}\InprocServer32#ThreadingModel
             HKCR\CLSID\{CC19A5F2-B4AD-41D5-A5C9-0680904C1483}\ProgID
             HKCR\CLSID\{CC19A5F2-B4AD-41D5-A5C9-0680904C1483}\Programmable
             HKCR\CLSID\{CC19A5F2-B4AD-41D5-A5C9-0680904C1483}\TypeLib
             HKCR\CLSID\{CC19A5F2-B4AD-41D5-A5C9-0680904C1483}\VersionIndependentProgID
             HKCR\CLSID\{F9BFA98D-9935-4EA4-A05A-72C7F0778F02}
             HKCR\CLSID\{F9BFA98D-9935-4EA4-A05A-72C7F0778F02}\InprocServer32
             HKCR\CLSID\{F9BFA98D-9935-4EA4-A05A-72C7F0778F02}\InprocServer32#ThreadingModel
             HKCR\CLSID\{F9BFA98D-9935-4EA4-A05A-72C7F0778F02}\ProgID
             HKCR\CLSID\{F9BFA98D-9935-4EA4-A05A-72C7F0778F02}\Programmable
             HKCR\CLSID\{F9BFA98D-9935-4EA4-A05A-72C7F0778F02}\TypeLib
             HKCR\CLSID\{F9BFA98D-9935-4EA4-A05A-72C7F0778F02}\VersionIndependentProgID
             HKCR\TypeLib\{03D7FF6E-9781-40B5-BB7F-94291A361604}
             HKCR\TypeLib\{03D7FF6E-9781-40B5-BB7F-94291A361604}\1.0
             HKCR\TypeLib\{03D7FF6E-9781-40B5-BB7F-94291A361604}\1.0\0
             HKCR\TypeLib\{03D7FF6E-9781-40B5-BB7F-94291A361604}\1.0\0\win32
             HKCR\TypeLib\{03D7FF6E-9781-40B5-BB7F-94291A361604}\1.0\FLAGS
             HKCR\TypeLib\{03D7FF6E-9781-40B5-BB7F-94291A361604}\1.0\HELPDIR
             HKCR\TypeLib\{8292078F-F6E9-412B-8EB1-360C05C5ECE5}
             HKCR\TypeLib\{8292078F-F6E9-412B-8EB1-360C05C5ECE5}\1.0
             HKCR\TypeLib\{8292078F-F6E9-412B-8EB1-360C05C5ECE5}\1.0\0
             HKCR\TypeLib\{8292078F-F6E9-412B-8EB1-360C05C5ECE5}\1.0\0\win32
             HKCR\TypeLib\{8292078F-F6E9-412B-8EB1-360C05C5ECE5}\1.0\FLAGS
             HKCR\TypeLib\{8292078F-F6E9-412B-8EB1-360C05C5ECE5}\1.0\HELPDIR
             HKCR\TypeLib\{C62A9E79-2B52-439B-AF57-2E60BB06E86C}
             HKCR\TypeLib\{C62A9E79-2B52-439B-AF57-2E60BB06E86C}\1.0
             HKCR\TypeLib\{C62A9E79-2B52-439B-AF57-2E60BB06E86C}\1.0\0
             HKCR\TypeLib\{C62A9E79-2B52-439B-AF57-2E60BB06E86C}\1.0\0\win32
             HKCR\TypeLib\{C62A9E79-2B52-439B-AF57-2E60BB06E86C}\1.0\FLAGS
             HKCR\TypeLib\{C62A9E79-2B52-439B-AF57-2E60BB06E86C}\1.0\HELPDIR
             HKCR\Interface\{15FD8424-D12A-4C51-8C6C-D5D57B80F781}
             HKCR\Interface\{15FD8424-D12A-4C51-8C6C-D5D57B80F781}\ProxyStubClsid
             HKCR\Interface\{15FD8424-D12A-4C51-8C6C-D5D57B80F781}\ProxyStubClsid32
             HKCR\Interface\{15FD8424-D12A-4C51-8C6C-D5D57B80F781}\TypeLib
             HKCR\Interface\{15FD8424-D12A-4C51-8C6C-D5D57B80F781}\TypeLib#Version
             HKCR\Interface\{2447E305-5E90-42A8-BD1E-0BC333B807E1}
             HKCR\Interface\{2447E305-5E90-42A8-BD1E-0BC333B807E1}\ProxyStubClsid
             HKCR\Interface\{2447E305-5E90-42A8-BD1E-0BC333B807E1}\ProxyStubClsid32
             HKCR\Interface\{2447E305-5E90-42A8-BD1E-0BC333B807E1}\TypeLib
             HKCR\Interface\{2447E305-5E90-42A8-BD1E-0BC333B807E1}\TypeLib#Version
             HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}
             HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}\ProxyStubClsid
             HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}\ProxyStubClsid32
             HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}\TypeLib
             HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}\TypeLib#Version
             HKCR\Interface\{3CEB04AB-08AF-45F4-81B4-70D13C1F7B85}
             HKCR\Interface\{3CEB04AB-08AF-45F4-81B4-70D13C1F7B85}\ProxyStubClsid
             HKCR\Interface\{3CEB04AB-08AF-45F4-81B4-70D13C1F7B85}\ProxyStubClsid32
             HKCR\Interface\{3CEB04AB-08AF-45F4-81B4-70D13C1F7B85}\TypeLib
             HKCR\Interface\{3CEB04AB-08AF-45F4-81B4-70D13C1F7B85}\TypeLib#Version
             HKCR\Interface\{50D2FDCC-2707-49CB-8223-7FE0424909AA}
             HKCR\Interface\{50D2FDCC-2707-49CB-8223-7FE0424909AA}\ProxyStubClsid
             HKCR\Interface\{50D2FDCC-2707-49CB-8223-7FE0424909AA}\ProxyStubClsid32
             HKCR\Interface\{50D2FDCC-2707-49CB-8223-7FE0424909AA}\TypeLib
             HKCR\Interface\{50D2FDCC-2707-49CB-8223-7FE0424909AA}\TypeLib#Version
             HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
             HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\ProxyStubClsid
             HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\ProxyStubClsid32
             HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\TypeLib
             HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\TypeLib#Version
             HKCR\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}
             HKCR\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}\ProxyStubClsid
             HKCR\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}\ProxyStubClsid32
             HKCR\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}\TypeLib
             HKCR\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}\TypeLib#Version
             HKCR\Interface\{715FFD42-4E05-4EAB-9513-C8DAA5395AE2}
             HKCR\Interface\{715FFD42-4E05-4EAB-9513-C8DAA5395AE2}\ProxyStubClsid
             HKCR\Interface\{715FFD42-4E05-4EAB-9513-C8DAA5395AE2}\ProxyStubClsid32
             HKCR\Interface\{715FFD42-4E05-4EAB-9513-C8DAA5395AE2}\TypeLib
             HKCR\Interface\{715FFD42-4E05-4EAB-9513-C8DAA5395AE2}\TypeLib#Version
             HKCR\Interface\{759D6F7C-8D30-45B6-ABEA-FA51C190EED5}
             HKCR\Interface\{759D6F7C-8D30-45B6-ABEA-FA51C190EED5}\ProxyStubClsid
             HKCR\Interface\{759D6F7C-8D30-45B6-ABEA-FA51C190EED5}\ProxyStubClsid32
             HKCR\Interface\{759D6F7C-8D30-45B6-ABEA-FA51C190EED5}\TypeLib
             HKCR\Interface\{759D6F7C-8D30-45B6-ABEA-FA51C190EED5}\TypeLib#Version
             HKCR\Interface\{878CE013-7BA9-4650-A78C-B2234C0C1648}
             HKCR\Interface\{878CE013-7BA9-4650-A78C-B2234C0C1648}\ProxyStubClsid
             HKCR\Interface\{878CE013-7BA9-4650-A78C-B2234C0C1648}\ProxyStubClsid32
             HKCR\Interface\{878CE013-7BA9-4650-A78C-B2234C0C1648}\TypeLib
             HKCR\Interface\{878CE013-7BA9-4650-A78C-B2234C0C1648}\TypeLib#Version
             HKCR\Interface\{9A4A64A4-A2FB-48FA-9BBA-1AC50267695D}
             HKCR\Interface\{9A4A64A4-A2FB-48FA-9BBA-1AC50267695D}\ProxyStubClsid
             HKCR\Interface\{9A4A64A4-A2FB-48FA-9BBA-1AC50267695D}\ProxyStubClsid32
             HKCR\Interface\{9A4A64A4-A2FB-48FA-9BBA-1AC50267695D}\TypeLib
             HKCR\Interface\{9A4A64A4-A2FB-48FA-9BBA-1AC50267695D}\TypeLib#Version
             HKCR\Interface\{A7213D71-47E1-4832-92D7-D61DFE9F231F}
             HKCR\Interface\{A7213D71-47E1-4832-92D7-D61DFE9F231F}\ProxyStubClsid
             HKCR\Interface\{A7213D71-47E1-4832-92D7-D61DFE9F231F}\ProxyStubClsid32
             HKCR\Interface\{A7213D71-47E1-4832-92D7-D61DFE9F231F}\TypeLib
             HKCR\Interface\{A7213D71-47E1-4832-92D7-D61DFE9F231F}\TypeLib#Version
             HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
             HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\ProxyStubClsid
             HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\ProxyStubClsid32
             HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\TypeLib
             HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\TypeLib#Version
             HKCR\Interface\{CF82F350-E1C4-4916-AC12-BA73DB60AFB7}
             HKCR\Interface\{CF82F350-E1C4-4916-AC12-BA73DB60AFB7}\ProxyStubClsid
             HKCR\Interface\{CF82F350-E1C4-4916-AC12-BA73DB60AFB7}\ProxyStubClsid32
             HKCR\Interface\{CF82F350-E1C4-4916-AC12-BA73DB60AFB7}\TypeLib
             HKCR\Interface\{CF82F350-E1C4-4916-AC12-BA73DB60AFB7}\TypeLib#Version
             HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
             HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\ProxyStubClsid
             HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\ProxyStubClsid32
             HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\TypeLib
             HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\TypeLib#Version
             C:\Users\CCI Cleaning LLC\AppData\Roaming\WeatherDPA\Weather\WeatherDPA\Weather_XML
             C:\Users\CCI Cleaning LLC\AppData\Roaming\WeatherDPA\Weather\WeatherDPA
             C:\Users\CCI Cleaning LLC\AppData\Roaming\WeatherDPA\Weather\WeatherStartup.xml
             C:\Users\CCI Cleaning LLC\AppData\Roaming\WeatherDPA\Weather
             C:\Users\CCI Cleaning LLC\AppData\Roaming\WeatherDPA

          Rogue.Component/Trace
             HKU\S-1-5-21-2430150753-969689782-1605659421-1000\Software\49486221063458855318710333074462\Options
             HKU\S-1-5-21-2430150753-969689782-1605659421-1000\Software\49486221063458855318710333074462\Options#Aff
             HKU\S-1-5-21-2430150753-969689782-1605659421-1000\Software\49486221063458855318710333074462

          Adware.180solutions/Seekmo/Zango
             C:\USERS\CCI CLEANING LLC\APPDATA\LOCAL\TEMP\NST709F.TMP\INSTALL.DLL
             C:\USERS\CCI CLEANING LLC\APPDATA\LOCAL\TEMP\NSZ5553.TMP\INSTALL.DLL
             C:\USERS\CCI CLEANING LLC\APPDATA\LOCAL\TEMP\ZAN64E0.EXE
             C:\USERS\CCI CLEANING LLC\DESKTOP\HOTBAR.EXE
             C:\Windows\Prefetch\ZAN64E0.EXE-9BCB92A6.pf

          Adware.MyWebSearch-Installer
             C:\USERS\DAKOTA\DOWNLOADS\WEBFETTISETUP2.3.50.19.ZKFOX000(5).EXE
             C:\USERS\DAKOTA\DOWNLOADS\WEBFETTISETUP2.3.50.19.ZKFOX000(6).EXE
             C:\USERS\DAKOTA\DOWNLOADS\WEBFETTISETUP2.3.50.19.ZKFOX000(2).EXE
             C:\USERS\DAKOTA\DOWNLOADS\WEBFETTISETUP2.3.50.19.ZKFOX000(3).EXE
             C:\USERS\DAKOTA\DOWNLOADS\WEBFETTISETUP2.3.50.19.ZKFOX000(4).EXE
             C:\USERS\DAKOTA\DOWNLOADS\WEBFETTISETUP2.3.50.19.ZKFOX000.EXE
          Logged

          CBMatt

          • Mod & Malware Specialist


            • Prodigy

          • Sad and lonely...and loving every minute of it.
            • Thanked: 167
            • Yes
          • Experience: Experienced
          • OS: Windows 7
          Re: getting runDLL
          « Reply #4 on: November 19, 2008, 05:47:55 AM »
          Sorry for the long wait.  Things are very busy right now and we're a bit short-staffed, which is causing us to get more behind than usual.  Some recent server issues also contributed to this somewhat.  But we are doing our best to pick up the slack and help everyone out.  Are you still experiencing problems with malware?  If so, please follow these steps again:
          http://www.computerhope.com/forum/index.php/topic,46313.0.html

          I know you've already gone through the process and posted the logs, but malware changes and evolves, so we need to see if the state of your computer has changed at all.  It's difficult to instruct our users if we don't have the most up-to-date information.  Thank you for your understanding, and if you still need help, we'll be here to do what we can.

          Also, to ensure that we get the entire logs, please add them as attachments if you can.
          Logged
          Quote
          An undefined problem has an infinite number of solutions.
          —Robert A. Humphrey
          Pages: [1]   Go Up
          « previous next »