Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

RUNDLL error loading C:\WINDOWS\system32\spads.dll

This is a discussion on RUNDLL error loading C:\WINDOWS\system32\spads.dll within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. When I start up my computer, after windows has loaded, an error appears saying, 'Error loading C:\WINDOWS\system32\spads.dll The specified module


 
 
Thread Tools Search this Thread
Old 12-12-2007, 04:45 PM   #1
Guest
 
Join Date: Dec 2007
Posts: 1
OS:



When I start up my computer, after windows has loaded, an error appears saying, 'Error loading C:\WINDOWS\system32\spads.dll The specified module cannot be found.' The heading of the message says RUNDLL. I'm also having problems with high CPU usage. It jumps from 5% to 90%. I followed the 5 steps before posting a log. When I ran Panda ActiveScan it didn't find anything. This is what the Deckard's System Scanner reviled:

Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2007-12-12 17:18:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
46: 2007-12-12 22:18:23 UTC - RP46 - Deckard's System Scanner Restore Point
45: 2007-12-12 02:18:43 UTC - RP45 - Software Distribution Service 3.0
44: 2007-12-12 02:14:08 UTC - RP44 - Software Distribution Service 3.0
43: 2007-12-12 01:27:24 UTC - RP43 - Removed muvee autoProducer 4.5
42: 2007-12-12 01:26:33 UTC - RP42 - Removed muvee autoProducer unPlugged 1.2


-- First Restore Point --
1: 2007-11-07 23:42:33 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-12 17:19:44
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\arpwrmsg.exe
C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\svchost.exe
C:\hp\KBD\kbd.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\HP_Administrator\My Documents\dss.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = https://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.google.com/ie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-1.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: browser optimizer superiorads - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - C:\WINDOWS\system32\spads.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL
O2 - BHO: dcads - {F173E53F-E042-49b6-BD46-983E93DA1B17} - C:\WINDOWS\system32\nsf131D.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPWDSVC.EXE
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSVC - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVSCAN.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe


--
End of file - 12738 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S1 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

S0 Pml Driver HPZ12 - \systemroot\c:\windows\system32\hpzipm12.exe (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-12-09 11:55:44 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-12-07 20:10:40 570 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - HP_Administrator.job
2007-12-06 20:01:22 458 --a------ C:\WINDOWS\Tasks\EasyShare Registration Task.job


-- Files created between 2007-11-12 and 2007-12-12 -----------------------------

2007-12-11 21:04:19 0 d-------- C:\Program Files\SpywareBlaster
2007-12-11 20:38:00 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-10 19:29:58 40731 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2007-12-10 19:29:10 80118 --a------ C:\WINDOWS\system32\dcads-remove.exe
2007-12-09 11:58:09 0 d-------- C:\Program Files\iPod
2007-12-09 11:58:05 0 d-------- C:\Program Files\iTunes
2007-12-09 11:55:35 0 d-------- C:\Program Files\Apple Software Update
2007-12-09 11:55:12 0 d-------- C:\Program Files\Common Files\Apple
2007-12-09 11:55:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-07 09:32:37 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-07 09:01:00 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-06 20:07:49 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-12-04 08:50:32 0 d-------- C:\Program Files\Genesis
2007-12-04 08:33:05 0 d-------- C:\Program Files\PlayMP3z
2007-12-04 08:32:35 0 d-------- C:\Program Files\ContextTool
2007-11-30 11:32:12 73216 --a------ C:\WINDOWS\system32\nsf131D.dll
2007-11-21 21:34:45 0 d-------- C:\Documents and Settings\HP_Administrator\Incomplete
2007-11-21 21:34:30 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2007-11-21 21:34:03 0 d-------- C:\Program Files\LimeWire
2007-11-18 18:43:39 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Grisoft
2007-11-18 18:43:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-18 08:40:14 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer


-- Find3M Report ---------------------------------------------------------------

2007-12-12 17:19:53 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-12 17:14:07 0 d-------- C:\Program Files\Bonjour
2007-12-12 17:13:48 0 d-a------ C:\Program Files\Common Files\LightScribe
2007-12-12 17:13:46 0 d-------- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor
2007-12-12 17:13:15 0 d-------- C:\Program Files\Google
2007-12-12 16:26:54 11829 --a------ C:\logfile
2007-12-12 16:21:22 0 d-------- C:\Program Files\Common Files
2007-12-12 10:07:59 0 d-------- C:\Program Files\Norton Internet Security
2007-12-11 20:29:04 0 d-------- C:\Program Files\WildTangent
2007-12-11 20:27:40 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-11 20:27:24 0 d-------- C:\Program Files\Common Files\muvee Technologies
2007-12-11 20:26:41 0 d-------- C:\Program Files\muvee Technologies
2007-12-09 11:57:32 0 d-------- C:\Program Files\QuickTime
2007-12-08 17:17:01 0 d-------- C:\Program Files\Rhapsody
2007-12-08 17:10:43 0 d-------- C:\Program Files\GemMaster
2007-12-07 10:04:36 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2007-12-07 09:08:54 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-06 21:23:51 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Symantec
2007-11-10 17:00:28 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2007-11-10 08:55:30 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Sun
2007-11-10 08:27:24 0 d-------- C:\Program Files\Symantec
2007-11-10 08:26:56 0 d-------- C:\Program Files\SymNetDrv
2007-11-08 18:04:38 1156 --a------ C:\WINDOWS\mozver.dat
2007-11-08 17:51:54 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Yahoo!
2007-11-08 17:33:58 0 d-------- C:\Program Files\1701 A.D
2007-11-08 17:12:05 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Leadertech
2007-11-08 16:02:51 0 d-------- C:\Program Files\Atari
2007-11-08 15:51:26 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-08 15:51:24 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla
2007-11-08 15:50:20 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Google
2007-11-08 15:42:44 0 d-------- C:\Program Files\Yahoo!
2007-11-08 15:29:52 0 d-------- C:\Program Files\Kodak
2007-11-08 15:29:20 0 d-------- C:\Program Files\Common Files\Kodak
2007-11-08 15:24:11 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Macromedia
2007-11-08 01:04:38 0 d-------- C:\Program Files\MSXML 4.0
2007-11-07 20:15:49 0 d-------- C:\Program Files\Java
2007-10-17 12:23:24 10752 --a------ C:\WINDOWS\system32\WhoisCL.exe <Not Verified; NirSoft; WhoisCL>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
C:\Program Files\ContextTool\ContextTool-1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E015787-B1E3-404a-95DE-3E71E1FA0305}]
C:\WINDOWS\system32\spads.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F173E53F-E042-49b6-BD46-983E93DA1B17}]
11/30/2007 11:32 AM 73216 --a------ C:\WINDOWS\system32\nsf131D.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [08/03/2005 02:19 AM C:\WINDOWS\arpwrmsg.exe]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/08/2007 05:03 PM]
"URLLSTCK.exe"="c:\Program Files\Norton Internet Security\UrlLstCk.exe" [03/29/2005 07:03 PM]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [09/21/2005 12:41 PM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [11/10/2007 08:26 AM]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 09:59 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [11/14/2007 11:43 PM]
"spa_start"="C:\WINDOWS\system32\spads.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 07:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/16/2007 09:18 PM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 09:59 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [9/17/2007 9:19:14 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [12/4/2007 9:35:32 AM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [9/19/2007 4:33:46 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
C:\Program Files\DISC\DISCover.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]
C:\Program Files\DISC\DiscUpdateMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
"C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

*Newly Created Service* - GTNDIS5



-- End of Deckard's System Scanner: finished at 2007-12-12 17:20:41 ------------

Any help will be greatly appreciated. Thanks for your time.
Attached Files
File Type: txt extra.txt (24.1 KB, 19 views)
boeotus is offline  
Sponsored Links
Advertisement
 
Old 12-16-2007, 08:34 PM   #2
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Not sure if this will address the spiking CPU performance, but you do have several adware applications installed, and I can see what's causing the error message.

---------------------------------------------------------------------------------------------

P2P - I see you have P2P software ( Limewire ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

---------------------------------------------------------------------------------------------


I see you have AVG Anti-Spyware already. Please update it's definitions, and run a scan where I have placed it in this fix.

Run AVG Anti-Spyware
  • From the main screen, click on update, then click the Start
    update
    button.
  • After the update finishes (the status bar at the bottom will display "Update
    successful")
  • select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
  • Select "Do Not Automatically generate report after every scan"
  • Exit AVG Anti-Spyware. DO NOT scan yet.

---------------------------------------------------------------------------------------------

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • We'll use this later.

    ---------------------------------------------------------------------------------------------

    Please download HijackThis to your desktop

    Alternate link

    This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded.
    Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

    Upon install, HijackThis should open for you.

    Just close it for now.

    ---------------------------------------------------------------------------------------------

    Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

    ---------------------------------------------------------------------------------------------


    Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

    Browser Optimizer Dcads
    Browser Optimizer Superiorads
    ContextTool <<<adware bundled with PlayMP3z
    PlayMP3z <<<Bundles adware


    ---------------------------------------------------------------------------------------------



    Run a scan in HijackThis. Check each of the following and hit 'Fix checked' if they still exist (make sure not to miss any):

    O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-1.dll (file missing)
    O2 - BHO: browser optimizer superiorads - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - C:\WINDOWS\system32\spads.dll (file missing)
    O2 - BHO: dcads - {F173E53F-E042-49b6-BD46-983E93DA1B17} - C:\WINDOWS\system32\nsf131D.dll
    O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify




    Close HijackThis now.

    ---------------------------------------------------------------------------------------------

    Go to My Computer->Tools->Folder Options->View tab:
    * Under the Hidden files and folders heading, select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Also make sure there is no checkmark beside Hide file extensions for known file types
    * Click Yes to confirm and then click OK.

    ---------------------------------------------------------------------------------------------


    Delete the following if they exist:

    C:\Program Files\ContextTool
    C:\WINDOWS\system32\nsf131D.dll


    ---------------------------------------------------------------------------------------------

    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---------------------------------------------------------------------------------------------

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

Restart in normal mode.

---------------------------------------------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

J2SE Runtime Environment 5.0 Update 5

This is outdated, and a security risk by having it installed still. Unfortunately, Java does not uninstall previous version when you update, nor tell you that you should.

Leave Java(TM) 6 Update 3 alone, as it is the most recent.

---------------------------------------------------------------------------------------------

Next, establish an internet connection & perform an online scan using Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

---------------------------------------------------------------------------------------------

Run Deckard's System Scanner once again, and post it's log, main.txt

---------------------------------------------------------------------------------------------

Please return with logs from:

AVG Anti-Spyware
Kaspersky
DSS (main.txt)
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:37 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts