///Alpine91 Posted July 4, 2008 Report Share Posted July 4, 2008 Ok so yesterday my virus protection pops up and says rundll32 is trying to install itself. i said block installation but it just kept coming back. Then all my icons on my desktop and my startbar disappeared . I opened Task manager and there was 4 or 5 rundll32.exe processes. I ended all of them then went to Run and typed in explorer.exe to get my icons and startbar back. My computer is extremely slow now and about 85 percent of the CPU is being used, It was also very slow on shutdown and i had to shut it down manually by holding the start button. I tried doing some research and found that rundll32.exe isn't a virus, it's actually needed for your computer to run properly so deleteing that is out of the question. But i read that Malware and Trojan virus can attach themselves to rundll.exe and disguise themselves. Does anyone know what this is or how it can be fixed? I have done multiple spysweeps and windows Defender sweeps on all the user accounts on the PC and still no luck so far. :help: :help: Quote 1 DC lvl 4 15" 1 Hifonics BXi 1608D 3.2ft^3 Box tuned to 32-33Hz Knu Kolossus Fleks Kable 1/0 Knu Karma SS 8 Gauge Speaker Wire Kenwood eXcelon KDC-X493 Head Unit (coming soon) Kenwood mids + highs (coming soon) Build Link to comment Share on other sites More sharing options...
Guest Posted July 4, 2008 Report Share Posted July 4, 2008 rundll32.exe...isnt that used when you run that add/remove programs thing and various other OEM windows programs? try running CCleaner, or one of those free virus scanners like Norton, KVG (sp?), Zone Labs. Quote Link to comment Share on other sites More sharing options...
Guest Posted July 4, 2008 Report Share Posted July 4, 2008 (edited) just found some REALLY helpful links. try these FIRST http://ezinearticles.com/?How-to-Fix-Rundl...?&id=913723 Good shiznit ^^ http://www.theeldergeek.com/forum/index.php?showtopic=23335 edit: for that first link, basically it says "The process runs from your system directory C:\windows\system32. If it executes or runs from a different location it is most likely a virus or trojan horse." Edited July 4, 2008 by Krannyman92 Quote Link to comment Share on other sites More sharing options...
///Alpine91 Posted July 4, 2008 Author Report Share Posted July 4, 2008 rundll32.exe...isnt that used when you run that add/remove programs thing and various other OEM windows programs?try running CCleaner, or one of those free virus scanners like Norton, KVG (sp?), Zone Labs. I know that its involved with the control panel because ppl have deleted the rundll.exe then they couldn't access their control panel. I have tried a few free virus scanners but no luck so far. Quote 1 DC lvl 4 15" 1 Hifonics BXi 1608D 3.2ft^3 Box tuned to 32-33Hz Knu Kolossus Fleks Kable 1/0 Knu Karma SS 8 Gauge Speaker Wire Kenwood eXcelon KDC-X493 Head Unit (coming soon) Kenwood mids + highs (coming soon) Build Link to comment Share on other sites More sharing options...
///Alpine91 Posted July 4, 2008 Author Report Share Posted July 4, 2008 the problem with those free scanners is it only fixes 5 problems and u have to buy it to fix the rest. Quote 1 DC lvl 4 15" 1 Hifonics BXi 1608D 3.2ft^3 Box tuned to 32-33Hz Knu Kolossus Fleks Kable 1/0 Knu Karma SS 8 Gauge Speaker Wire Kenwood eXcelon KDC-X493 Head Unit (coming soon) Kenwood mids + highs (coming soon) Build Link to comment Share on other sites More sharing options...
razor5070 Posted July 5, 2008 Report Share Posted July 5, 2008 do this, Download hijackthis, Here Run it, Click i agree Click the "Do a system scan and save a logfile" button. copy then paste the logfile here. Quote Link to comment Share on other sites More sharing options...
///Alpine91 Posted July 5, 2008 Author Report Share Posted July 5, 2008 do this,Download hijackthis, Here Run it, Click i agree Click the "Do a system scan and save a logfile" button. copy then paste the logfile here. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:18:48 PM, on 7/4/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\zHotkey.exe C:\Windows\ModPS2Key.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\MySpace\IM\MySpaceIM.exe C:\Users\Tyler\winlogon.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\MySpace\IM\MySpaceIM.exe C:\Windows\system32\Taskmgr.exe C:\Windows\explorer.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Tyler\Desktop\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5656 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5656 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...TP&M=GT5656 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [showWnd] ShowWnd.exe O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Cm108Sound] RunDll32 cm108.cpl,CMICtrlWnd O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MSServer] "rundll32.exe" C:\Windows\system32\opnmLcba.dll,#1 O4 - HKLM\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun O4 - HKCU\..\Run: [MySpaceIM] "C:\Program Files\MySpace\IM\MySpaceIM.exe" O4 - HKCU\..\Run: [Windows Logon Applicationedc] C:\Users\Tyler\winlogon.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 7188 bytes Quote 1 DC lvl 4 15" 1 Hifonics BXi 1608D 3.2ft^3 Box tuned to 32-33Hz Knu Kolossus Fleks Kable 1/0 Knu Karma SS 8 Gauge Speaker Wire Kenwood eXcelon KDC-X493 Head Unit (coming soon) Kenwood mids + highs (coming soon) Build Link to comment Share on other sites More sharing options...
///Alpine91 Posted July 5, 2008 Author Report Share Posted July 5, 2008 (edited) how the fuck did a smiley get in that? ok don't mind the smiley in the log file. It's because where the smiley is there is supossed to be an 8 02 but when 8 and 0 are next to each other it makes 80 lol.... Edited July 5, 2008 by ///Alpine91 Quote 1 DC lvl 4 15" 1 Hifonics BXi 1608D 3.2ft^3 Box tuned to 32-33Hz Knu Kolossus Fleks Kable 1/0 Knu Karma SS 8 Gauge Speaker Wire Kenwood eXcelon KDC-X493 Head Unit (coming soon) Kenwood mids + highs (coming soon) Build Link to comment Share on other sites More sharing options...
///Alpine91 Posted July 5, 2008 Author Report Share Posted July 5, 2008 Well if anyone finds anything in the log file just post it up here and i will check back in the morning. I'm getting tired. Quote 1 DC lvl 4 15" 1 Hifonics BXi 1608D 3.2ft^3 Box tuned to 32-33Hz Knu Kolossus Fleks Kable 1/0 Knu Karma SS 8 Gauge Speaker Wire Kenwood eXcelon KDC-X493 Head Unit (coming soon) Kenwood mids + highs (coming soon) Build Link to comment Share on other sites More sharing options...
hotshot27 Posted July 5, 2008 Report Share Posted July 5, 2008 i had a similar problem with the rundll32 file, but it said mine was missing. what i got from all my research was that there are some viruses that work in teams and lay dormant until all parts are together and then it attacks. Mine was one of these parts of a mega virus. I tried several removal tools and eventually just took my important files off my hard drive and started from sctratch. I then took my files to a computer place and they checked them and said they were clean, i installed them on the clean version of windows and it was all good. then i re-installed my p2p software [morpheus and limewire] and it all came back. so i once again wiped it all and this time didn't use any filesharing software and i'm still running good today. long story short, try to not use p2p software without some damn good firewalls and virus software. Quote Current Setup: Factory HU with LOC mids/highs-Insignia components Sub- E8 in bass tube Amp- sae-1200d Show Setup: HU-Sony MEX-1HD (brings massive respect for sony) fronts - Infinity Kappa perfect comps rears- Infinity Kappa coax mid/high amp - Autotek 5600 Subs - 2 RE SE 15's Sub Amps - 2xSAE-1200D Box - 5cubes sealed Wire- Lots of Knu 1/0 SECOND SKIN Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.