Rundll32.exe error

You can't copy and paste it over from the flash drive?

I renamed it on the flash drive and copied and pasted it. It won't let me open it but when I selected 'run as 'it seemed to open but it isn't doing anything. Does this mean my situation is hopeless?

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

I tried doing that but am unable to open the program. If I double click I get an error message. That is pretty much the problem,whatever virus it is has made it almost impossible to access anything on the computer, it gives me a message saying the file doesn't exist.

Download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

Okay when I double click a box comes up in the corner which says the following:
Windows cannot find spools.exe This file is needed for opening files of type 'Application.'
Type the executable file to be used instead
C:\

I tired to circumvent it by right clicking and choosing "run as" and it flashed a black box for less than a second and then it closed.

Try this.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  
• Double click DDS.scr to run.
  
• When complete, two logs will open. Save both of the report to your Desktop.
  
• Copy and paste BOTH LOGS back here, use more than one post if needed.
  

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/25/2004 6:26:04 AM
System Uptime: 2/11/2010 5:37:18 PM (0 hours ago)

Motherboard: Compaq | | 07E8h
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | XU1 PROCESSOR | 2392/533mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 22.602 GiB free.
D: is CDROM (CDFS)
E: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: D-Link WDA-1320 Desktop Adapter
Device ID: ROOT\UNKNOWN\0000
Manufacturer: D-Link
Name: D-Link WDA-1320 Desktop Adapter
PNP Device ID: ROOT\UNKNOWN\0000
Service: A3AB

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: D-Link WDA-1320 Desktop Adapter
Device ID: ROOT\UNKNOWN\0001
Manufacturer: D-Link
Name: D-Link WDA-1320 Desktop Adapter #2
PNP Device ID: ROOT\UNKNOWN\0001
Service: A3AB

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe Acrobat 5.0
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 9 ActiveX
Adobe Illustrator CS
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 8.1.2
Adobe SVG Viewer 3.0
ArcSoft PhotoImpression 4
Calendar Creator 8.0
CalyxLoanBridge11
Camera Driver
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.6
Canon Utilities ZoomBrowser EX
CardRd81
CCScore
Citrix ICA Client
Compaq Help and Support Center
Compaq Management Agents
Compaq Remote Diagnostics Enabling Agent
CR2
Crown Print Monitor+
DT NetDocs Print Only
Easy Access Button Support
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
ESSTUTOR
essvatgt
essvcpt
ESSvpaht
ESSvpot
GoldMine 5.0
HiJackThis
HLPIndex
HLPPDOCK
HLPSFO
Intel(R) 845G Chipset Graphics Driver Software
Intel(R) PRO Ethernet Adapter and Software
Intel(R) PROSet II
Internet Explorer Q831167
Kodak EasyShare software
KONICA MINOLTA magicolor 2300 DL Printer Driver Software
KSU
Learn To Speak Spanish 8.0
LiveUpdate 1.80 (Symantec Corporation)
magicolor 2300 DL
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Office Professional Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Web Publishing Wizard 1.52
Microsoft WSE 2.0 SP3 Runtime
MSN Messenger 6.2
My Search Bar
Network Magic
Notifier
Ofoto Print@Home ActiveX Control
OfotoXMI
OTtBP
OTtBPSDK
Outlook Express Q823353
PaperPort 9.0
PhotoStitch
POINT
PokerStars
PrintMaster
QuickTime
RemoteCapture 2.6
Self-Teaching Program: MS Excel 97 and 2000
Self-Teaching Program: MS Windows 95 and 98
Self-Teaching Program: MS Word 97 and 2000
Serif PagePlus SE 1.0
Setup
Setup Compaq Software
SFR
SHASTA
Shockwave
SKIN0001
SKINXSDK
SoundMAX
SoundMAX WDM Driver
Starware
Starware Toolbar
Symantec AntiVirus Client
VPRINTOL
WebEx
WebFldrs XP
Windows Driver Package - Pure Networks, Inc. Network Magic Device Discovery Driver (02/08/2007 4.1.7039.0)
Windows Driver Package - Pure Networks, Inc. Network Magic Wireless Driver (02/08/2007 4.1.7039.0)
Windows Installer 3.1 (KB893803)
Windows Media Player Hotfix [See Q828026 for more information]
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB826939
Windows XP Hotfix - KB826942
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833407
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB839643
Windows XP Hotfix - KB839645
Windows XP Hotfix - KB840315
Windows XP Hotfix - KB840374
Windows XP Hotfix - KB841873
Windows XP Hotfix - KB842773
Windows XP Hotfix (SP2) Q819696
WIRELESS
Yahoo! Toolbar
Yahoo! Toolbar BETA

==== Event Viewer Messages From Past Week ========

2/4/2010 11:10:46 AM, error: SRService [104] - The System Restore initialization process failed.
2/4/2010 1:37:59 AM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: An internal error occurred.
2/4/2010 1:37:59 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Task Scheduler service to connect.
2/4/2010 1:37:59 AM, error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/4/2010 1:37:16 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

==== End Of File ===========================

DDS (Ver_09-12-01.01) - NTFSx86
Run by WHLI at 17:41:09.40 on Thu 02/11/2010
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.247.59 [GMT -8:00]


============== Running Processes ===============

C:\Windows\system32\svchost -k rpcss
C:\Windows\System32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Windows\System32\NMSSvc.exe
C:\Windows\System32\svchost.exe -k imgsvc
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\DOCUME~1\user1\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = c:\windows\system32\spywarewarning.mht
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://go.compaq.com/1Q00CDT/0409/bl7.asp
mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://as.starware.com/dp/search?product=ssearch&src_id=299&it=1097269628&client_id=10931183650000000101000768361&version=g_4.4.2
uURLSearchHooks: Yahoo! Toolbar BETA: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\drivers\services.exe
BHO: {32341e7e-c319-46de-91d0-e30bb1a3caba} - c:\windows\system32\urqRJBQH.dll
BHO: {87a8a3ba-5f5b-4b15-9cc3-745a08a40d65} - c:\windows\system32\fccYRKdd.dll
BHO: {6524fed4-9a48-b3f8-9244-573d2c4f5e2b}: {b2e5f4c2-d375-4429-8f3b-84a94def4256} - c:\windows\system32\vzbcgt.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Starware Toolbar: {fe6bc4ef-5676-484b-88ae-883323913256} - c:\progra~1\comet\bin\csietb.dll
TB: My &Search Bar: {0494d0d9-f8e0-41ad-92a3-14154ece70ac} - c:\program files\myway\mybar\1.bin\MYBAR.DLL
TB: Yahoo! Toolbar BETA: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {74CC49F7-EB32-4A08-B204-948962A6E3DB} - No File
EB: {7E66936C-FEA0-4984-AD26-7B6661AC5B2E} - No File
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
EB: Starware: {90c61707-c8f8-43db-a25c-c1f4b18ee41e} - c:\progra~1\comet\bin\csband.dll
uRunServices: [IEUpdate] c:\windows\system32\actmoviej.exe
mRun: [BMdf887a8c] Rundll32.exe "c:\windows\system32\qjvwvgux.dll",s
mRun: [[system]] c:\windows\system32\drivers\services.exe
mRun: [winlogon] c:\documents and settings\user1\svchost.exe
mRun: [dcbb4910] rundll32.exe "c:\windows\system32\chavoqxa.dll",b
mRunServices: [CPQDFWAG] c:\windows\cpqdiag\CpqDfwAg.exe
mRunServices: [IEUpdate] c:\windows\system32\actmoviej.exe
dRun: [ntuser] c:\windows\system32\drivers\spools.exe
dRun: [autoload] c:\documents and settings\localservice\cftmon.exe
dRun: [[system]] c:\windows\system32\drivers\services.exe
dRun: [winlogon] c:\documents and settings\localservice\svchost.exe
StartupFolder: c:\documents and settings\user1\start menu\programs\startup\userinit.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe1
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-explorer: ForceActiveDesktopOn = 1 (0x1)
uPolicies-system: Wallpaper =
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\MSMSGS.EXE
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.imgfarm.com/images/nocache/funwebproducts/ei/FunBuddyIconsFWBInitialSetup1.0.0.8.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?39380.7089814815
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\puresp3.dll
Notify: igfxcui - igfxsrvc.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: urqRJBQH - urqRJBQH.dll
Notify: __c00B1101 - c:\windows\system32\__c00B1101.dat
AppInit_DLLs: jymgfahr.dll
SEH: {32341e7e-c319-46de-91d0-e30bb1a3caba} - c:\windows\system32\urqRJBQH.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\fccYRKdd
SubSystems: Windows = basefmok32

============= SERVICES / DRIVERS ===============

R1 ClntMgmt;Compaq Client Management Driver;c:\windows\system32\drivers\Clntmgmt.sys [2004-7-25 54222]
R2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [2003-9-2 20064]
R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2003-5-2 30208]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2007-5-24 547744]
S3 NAVAP;NAVAP;c:\progra~1\symant~1\symant~1\NAVAP.sys [2003-5-2 224256]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20060727.049\NAVENG.sys [2006-7-31 79240]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20060727.049\NAVEX15.sys [2006-7-31 828808]
S4 CpqDfwWebAgent;Compaq Remote Diagnostics Enabling Agent;c:\windows\cpqdiag\CPQDFWAG.EXE [2004-7-25 212992]
S4 cpqWebDmi;Compaq DMI Web Agent;c:\progra~1\compaq\compaq~1\cpqweb~1\WebDmi.exe [2004-7-25 24576]
S4 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\symant~1\symant~1\Rtvscan.exe [2003-5-21 610304]

============== File Associations ===============

exefile=c:\windows\system32\drivers\spools.exe "%1" %*

=============== Created Last 30 ================

2010-02-04 17:39:53 0 d-----w- c:\program files\TrendMicro
2010-02-02 20:24:27 0 d-----w- c:\windows\Favorites
2010-02-02 18:53:55 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-02-02 18:25:54 294 --sh--w- c:\windows\system32\axqovahc.ini
2010-02-02 18:25:43 78848 ----a-w- c:\windows\system32\chavoqxa.dll
2010-02-02 18:06:44 103424 ----a-w- c:\windows\system32\vzbcgt.dll
2010-02-02 18:06:44 103424 ----a-w- c:\windows\system32\ohbecgbu.dll
2010-02-02 18:04:51 294 --sh--w- c:\windows\system32\mngtbwxt.ini
2010-02-02 18:04:41 78848 ----a-w- c:\windows\system32\txwbtgnm.dll

==================== Find3M ====================

2010-02-12 01:39:48 0 ----a-w- C:\MSN Password Cracker.exe
2010-02-12 01:39:43 41780 --sha-w- c:\windows\system32\ddKRYccf.ini2
2010-02-11 17:37:29 27648 ----a-w- c:\windows\system32\__c00B1101.dat
2010-02-04 21:30:50 306 ----a-w- C:\xcrashdump.dat
2010-02-02 21:00:27 19456 ----a-w- C:\Website Hacker.exe
2010-02-02 18:40:19 0 ----a-w- C:\Norton Anti-Virus 2005 Enterprise Crack.exe
2001-08-18 05:36:58 4096 --sha-w- c:\windows\system32\1112.dat
2008-05-28 19:02:35 97280 --sh--r- c:\windows\system32\adsndso.exe
2008-06-12 15:37:48 41472 --sha-w- c:\windows\system32\Crypt16_v00.dll
2008-07-01 23:59:03 41472 --sha-w- c:\windows\system32\Crypt_16.dll
2008-06-02 17:12:49 40960 --sha-w- c:\windows\system32\drivers\Crypt_16.dll

============= FINISH: 17:43:54.70 ===============

Hello.
Bad news and good news.

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

Actually, this doesn't suprise me at all...
I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed! This is somewhat suicidal in today's digital world.

Good news though, the log shows me why you can't run any exe files, the malware has been messing with your registry, it's changed an .exe file association, so we'll need to change it back to normal.

Please download exeHelper from one of the two links.
Link 1
Link 2

• Double-click on exeHelper.com or exeHelper.scr to run the fix.
  
• A black window should pop up, press any key to close once the fix is completed.
  
• Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
  

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

exeHelper by Raktor
Build 20091220
Run at 14:16:59 on 02/12/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Deleting file C:\Windows\System32\~.exe
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Okay, file association reset, can you run OTL now?

No the black box just pops up momentarily and then it"s gone.

Okay, rename OTL and run the .exe extension, and change to .scr