Rundll32 Error

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Rundll32 Error9th July 2011, 3:20 am

I feel like my pc is infected because I got this error while restarting google chrome:

"Windows host process (Rundll32) has stopped
working. To protect the computer Data Execution
Prevention has closed Windows host process (Rundll32)."

I need help. Thanks.

Re: Rundll32 Error9th July 2011, 6:30 pm

Bump

Re: Rundll32 Error9th July 2011, 6:38 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
******************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
********************************************
Rundll32 Error Mbamicontw5

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*********************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

Re: Rundll32 Error9th July 2011, 7:18 pm

I already have Kaspersky.... I don't know if SAS Will interfere with it.

MBAM: Waiting for scan....
D.D.S: Posting Log File

And here's something funny: When I opened it Kaspersky gave me a warning that it isn't used very often and It said

D.D.S: Doesn't Do Squat. Lol!

Re: Rundll32 Error9th July 2011, 7:18 pm

DDS:

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 7.0.6001.18000
Run by LisaMarie at 15:12:29 on 2011-07-09
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4060.852 [GMT -4:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskeng.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
c:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\FastUserSwitching.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\HWManager.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnProxy.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\OSDForm.exe
C:\Users\LisaMarie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LisaMarie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\LisaMarie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LisaMarie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LisaMarie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LisaMarie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LisaMarie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LisaMarie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LisaMarie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LisaMarie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LisaMarie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LisaMarie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LisaMarie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\LisaMarie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LisaMarie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=crossfire&pf=cndt
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=crossfire&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=crossfire&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=crossfire&pf=cndt
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [HPSmartCenterBoot] _C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe
uRun: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [Google Update] "C:\Users\LisaMarie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
mRun: [HP KEYBOARD] "C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE"
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [Buttons & OSDs control application gen2] "C:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\FastUserSwitching.exe"
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [UCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{40AD0AB2-6F7D-45B8-A961-6A27DD916DC1} : DhcpNameServer = 192.168.1.1
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun-x64: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
mRun-x64: [HP KEYBOARD] "C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE"
mRun-x64: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun-x64: [Buttons & OSDs control application gen2] "C:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\FastUserSwitching.exe"
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun-x64: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [UCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun-x64: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun-x64: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun-x64: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\LisaMarie\AppData\Roaming\Mozilla\Firefox\Profiles\v8fr91ye.default\
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Users\LisaMarie\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Users\LisaMarie\AppData\Local\Roblox\Versions\version-5ce51d8367464075\NPRobloxProxy.dll
FF - plugin: C:\Users\LisaMarie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\LisaMarie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-9-26 27632]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-11-2 365336]
R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2008-10-18 21296]
R2 HP Touch Screen Enhance;HP Touch Screen Enhance;C:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE [2008-7-10 100864]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-30 366640]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-7-3 2337144]
R3 ACPIService;Buttons and OSDs ACPI driver gen2;C:\Windows\system32\DRIVERS\OSDACPI.SYS --> C:\Windows\system32\DRIVERS\OSDACPI.SYS [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-7-3 93184]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
.
=============== Created Last 30 ================
.
2011-07-08 06:29:06 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ACFDE8C8-F8CC-4985-A191-C241F922B1C3}\mpengine.dll
2011-07-08 00:11:55 -------- d-----w- C:\Program Files (x86)\Cheat Engine 6.1
2011-07-08 00:06:49 -------- d-----w- C:\ProgramData\PopCap Games
2011-07-07 20:00:36 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2011-07-07 15:20:42 -------- d-----w- C:\Program Files (x86)\AMX Mod X
2011-07-07 13:48:31 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-07 13:32:44 -------- d-----w- C:\Users\LisaMarie\AppData\Local\Mozilla
2011-07-07 13:15:17 -------- d-----w- C:\Users\LisaMarie\AppData\Roaming\IMVU
2011-07-07 13:14:34 -------- d-----w- C:\Users\LisaMarie\AppData\Roaming\IMVUClient
2011-07-06 18:00:26 -------- d-----w- C:\Program Files (x86)\Half-Life Model Viewer
2011-07-04 07:03:08 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-07-04 07:03:08 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-07-04 07:03:08 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-07-04 07:03:08 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-07-04 07:03:08 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-07-04 07:03:08 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-07-04 07:03:08 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-07-04 07:03:08 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-07-04 07:03:08 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-07-04 07:03:08 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-07-03 18:16:23 -------- d-----w- C:\Users\LisaMarie\AppData\Roaming\TeamViewer
2011-07-03 17:07:39 -------- d-----w- C:\Program Files (x86)\TeamViewer
2011-07-03 15:01:48 -------- d-----w- C:\Program Files (x86)\VIPdesk
2011-07-03 07:15:41 49160 ----a-w- C:\Windows\System32\infocardcpl.cpl
2011-07-03 07:15:41 37384 ----a-w- C:\Windows\SysWow64\infocardcpl.cpl
2011-07-03 07:15:35 11264 ----a-w- C:\Windows\System32\icardres.dll
2011-07-03 07:15:34 11264 ----a-w- C:\Windows\SysWow64\icardres.dll
2011-07-03 07:15:32 781344 ----a-w- C:\Windows\SysWow64\PresentationNative_v0300.dll
2011-07-03 07:15:32 167432 ----a-w- C:\Windows\System32\infocardapi.dll
2011-07-03 07:15:32 1168928 ----a-w- C:\Windows\System32\PresentationNative_v0300.dll
2011-07-03 07:15:31 97800 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2011-07-03 07:15:31 622080 ----a-w- C:\Windows\SysWow64\icardagt.exe
2011-07-03 07:15:31 1383936 ----a-w- C:\Windows\System32\icardagt.exe
2011-07-03 07:15:22 126520 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2011-07-03 07:15:22 105016 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2011-07-03 07:06:25 158720 ----a-w- C:\Windows\SysWow64\mscorier.dll
2011-07-03 07:06:25 158208 ----a-w- C:\Windows\System32\mscorier.dll
2011-07-03 07:06:23 76288 ----a-w- C:\Windows\System32\mscories.dll
2011-07-03 07:06:22 83968 ----a-w- C:\Windows\SysWow64\mscories.dll
2011-07-03 07:03:00 2048 ----a-w- C:\Windows\SysWow64\winrsmgr.dll
2011-07-03 07:03:00 2048 ----a-w- C:\Windows\System32\winrsmgr.dll
2011-07-02 17:38:12 442368 ----a-w- C:\Windows\System32\winhttp.dll
2011-07-02 17:38:12 378368 ----a-w- C:\Windows\SysWow64\winhttp.dll
2011-07-02 17:37:57 28160 ----a-w- C:\Windows\System32\drivers\en-US\http.sys.mui
2011-07-02 17:37:36 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2011-07-02 17:37:36 179712 ----a-w- C:\Windows\System32\srvsvc.dll
2011-07-02 17:37:36 12288 ----a-w- C:\Windows\System32\sscore.dll
2011-07-02 17:37:35 17920 ----a-w- C:\Windows\SysWow64\netevent.dll
2011-07-02 17:37:35 17920 ----a-w- C:\Windows\System32\netevent.dll
2011-07-02 08:36:06 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
2011-07-02 08:36:06 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll
2011-07-02 08:36:06 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
2011-07-02 08:36:05 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll
2011-07-02 08:00:48 316416 ----a-w- C:\Windows\System32\msshsq.dll
2011-07-02 08:00:48 231936 ----a-w- C:\Windows\SysWow64\msshsq.dll
2011-07-02 07:31:03 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-07-02 07:24:41 32768 ----a-w- C:\Windows\System32\nshhttp.dll
2011-07-02 07:24:41 24064 ----a-w- C:\Windows\SysWow64\nshhttp.dll
2011-07-02 07:24:40 610304 ----a-w- C:\Windows\System32\drivers\http.sys
2011-07-02 07:24:40 33792 ----a-w- C:\Windows\System32\httpapi.dll
2011-07-02 07:24:39 31232 ----a-w- C:\Windows\SysWow64\httpapi.dll
2011-07-02 07:18:21 101376 ----a-w- C:\Windows\System32\MSNP.ax
2011-07-02 07:18:20 80896 ----a-w- C:\Windows\SysWow64\MSNP.ax
2011-07-02 07:18:18 375808 ----a-w- C:\Windows\System32\psisdecd.dll
2011-07-02 07:18:18 293376 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-07-02 07:18:18 289792 ----a-w- C:\Windows\System32\psisrndr.ax
2011-07-02 07:18:18 217088 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-07-02 00:45:42 -------- d-----w- C:\Users\LisaMarie\AppData\Local\Roblox
2011-07-01 16:49:57 -------- d-----w- C:\Users\LisaMarie\AppData\Local\Apple Computer
2011-07-01 16:48:18 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-07-01 16:48:18 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2011-07-01 16:48:18 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-07-01 16:47:39 -------- d-----w- C:\Program Files\iPod
2011-07-01 16:47:38 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-07-01 16:47:38 -------- d-----w- C:\Program Files\iTunes
2011-07-01 16:47:38 -------- d-----w- C:\Program Files (x86)\iTunes
2011-07-01 16:47:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-07-01 16:47:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-07-01 16:47:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-07-01 16:47:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-07-01 16:47:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-07-01 16:47:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-07-01 16:47:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-07-01 16:45:45 -------- d-----w- C:\Users\LisaMarie\AppData\Local\Apple
2011-07-01 16:43:03 -------- d-----w- C:\Program Files\Bonjour
2011-07-01 16:43:03 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-07-01 08:27:55 3547136 ----a-w- C:\Windows\System32\mf.dll
2011-07-01 08:27:54 2868224 ----a-w- C:\Windows\SysWow64\mf.dll
2011-07-01 08:27:35 372736 ----a-w- C:\Windows\System32\unregmp2.exe
2011-07-01 08:27:35 1486848 ----a-w- C:\Program Files\Windows Media Player\setup_wm.exe
2011-07-01 08:27:35 1418752 ----a-w- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
2011-07-01 08:27:34 310784 ----a-w- C:\Windows\SysWow64\unregmp2.exe
2011-07-01 08:23:35 791552 ----a-w- C:\Windows\System32\localspl.dll
2011-07-01 08:22:57 189952 ----a-w- C:\Windows\System32\t2embed.dll
2011-07-01 08:20:48 594944 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2011-07-01 08:19:00 990096 ----a-w- C:\Windows\System32\winresume.efi
2011-07-01 08:19:00 979344 ----a-w- C:\Windows\System32\winresume.exe
2011-07-01 08:19:00 20880 ----a-w- C:\Windows\System32\kdusb.dll
2011-07-01 08:19:00 18832 ----a-w- C:\Windows\System32\kd1394.dll
2011-07-01 08:19:00 18320 ----a-w- C:\Windows\System32\kdcom.dll
2011-07-01 08:19:00 1075600 ----a-w- C:\Windows\System32\winload.efi
2011-07-01 08:19:00 1062800 ----a-w- C:\Windows\System32\winload.exe
2011-07-01 08:17:59 27136 ----a-w- C:\Program Files\Movie Maker\WMM2EXT.dll
2011-07-01 08:16:15 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-07-01 08:16:15 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-07-01 08:14:40 202752 ----a-w- C:\Windows\System32\wkssvc.dll
2011-07-01 08:13:56 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-07-01 08:12:54 176640 ----a-w- C:\Windows\System32\Faultrep.dll
2011-07-01 08:07:18 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-07-01 08:07:14 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-06-30 20:17:44 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-06-30 20:17:44 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2011-06-30 20:16:15 -------- d-----w- C:\ProgramData\Kaspersky Lab Setup Files
2011-06-30 19:53:52 -------- d-----w- C:\Users\LisaMarie\AppData\Roaming\Malwarebytes
2011-06-30 19:53:38 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-30 19:53:37 -------- d-----w- C:\ProgramData\Malwarebytes
2011-06-30 19:53:34 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-30 19:53:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-06-30 19:47:20 -------- d-----w- C:\Program Files (x86)\MSSOAP
2011-06-30 19:47:20 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap
2011-06-30 19:47:19 -------- d-----w- C:\Program Files\BitDefender
2011-06-30 19:44:24 -------- d-----w- C:\Users\LisaMarie\AppData\Roaming\QuickScan
2011-06-30 19:43:52 -------- d-----w- C:\ProgramData\BitDefender
2011-06-30 19:43:52 -------- d-----w- C:\Program Files\Common Files\BitDefender
2011-06-30 19:43:21 431176 ----a-w- C:\Windows\System32\drivers\bdfsfltr.sys
2011-06-30 19:43:20 46542 ----a-w- C:\ProgramData\bdinstall.bin
2011-06-30 19:07:27 242 ----a-w- C:\BdUninstallTool2011.06.30-03.07.27.reg
2011-06-30 18:59:02 -------- d-----w- C:\Users\LisaMarie\Bluetooth Software
2011-06-30 18:58:28 -------- d-----w- C:\Users\LisaMarie\AppData\Local\TouchSmartData
2011-06-30 18:58:01 -------- d-----w- C:\Users\LisaMarie\AppData\Local\VirtualStore
2011-06-30 18:56:09 218112 ----a-w- C:\Windows\System32\wintrust.dll
2011-06-30 18:56:09 171520 ----a-w- C:\Windows\SysWow64\wintrust.dll
2011-06-30 18:56:06 98304 ----a-w- C:\Windows\SysWow64\cabview.dll
2011-06-30 18:56:06 104960 ----a-w- C:\Windows\System32\cabview.dll
2011-06-30 18:55:17 -------- d-----w- C:\Users\LisaMarie\AppData\Roaming\HP TCS
2011-06-30 18:50:10 -------- d-sh--we C:\Documents and Settings
2011-06-30 18:22:23 -------- d-----w- C:\Users\LisaMarie\AppData\Local\Symantec
2011-06-30 18:00:27 -------- d-----w- C:\Users\LisaMarie\AppData\Local\Deployment
2011-06-30 18:00:27 -------- d-----w- C:\Users\LisaMarie\AppData\Local\Apps
.
==================== Find3M ====================
.
2011-05-18 13:24:12 2760704 ----a-w- C:\Windows\System32\win32k.sys
2011-05-10 12:06:08 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2011-05-10 12:06:08 4517664 ----a-w- C:\Windows\System32\usbaaplrc.dll
2011-05-02 16:35:51 975360 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-02 15:58:28 738816 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 15:25:27 344576 ----a-w- C:\Windows\System32\schannel.dll
2011-04-29 14:54:10 276992 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-04-29 13:12:26 176128 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 13:12:20 144896 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-29 13:11:56 135168 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-29 13:11:55 274432 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-29 13:11:52 105984 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-21 15:29:00 1032704 ----a-w- C:\Windows\System32\wininet.dll
2011-04-21 15:24:26 86528 ----a-w- C:\Windows\System32\ieencode.dll
2011-04-21 15:00:34 833024 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-04-21 14:57:48 78336 ----a-w- C:\Windows\SysWow64\ieencode.dll
2011-04-21 13:59:55 485376 ----a-w- C:\Windows\System32\html.iec
2011-04-21 13:42:48 407552 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-04-21 13:34:37 1383424 ----a-w- C:\Windows\System32\mshtml.tlb
2011-04-21 13:28:42 389632 ----a-w- C:\Windows\SysWow64\html.iec
2011-04-21 13:08:37 1383424 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-04-14 14:45:13 97792 ----a-w- C:\Windows\System32\drivers\dfsc.sys
.
============= FINISH: 15:16:16.07 ===============

Re: Rundll32 Error9th July 2011, 7:18 pm

Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/30/2011 5:47:08 PM
System Uptime: 7/6/2011 1:25:57 AM (86 hours ago)
.
Motherboard: PEGATRON CORPORATION | | Maureen
Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz | CPU 1 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 582 GiB total, 445.053 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.977 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP6: 6/30/2011 2:00:50 PM - Windows Update
RP7: 6/30/2011 2:56:12 PM - Windows Update
RP8: 6/30/2011 3:43:28 PM - Scripted restore
RP9: 6/30/2011 4:17:01 PM - Installed Kaspersky Internet Security 2011.
RP10: 7/1/2011 4:06:42 AM - Windows Update
RP11: 7/1/2011 12:43:26 PM - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
RP12: 7/1/2011 12:43:45 PM - Device Driver Package Install: Apple Network adapters
RP13: 7/1/2011 12:47:13 PM - Installed iTunes
RP14: 7/1/2011 6:22:54 PM - Windows Update
RP15: 7/2/2011 3:00:33 AM - Windows Update
RP16: 7/2/2011 10:49:08 PM - Scheduled Checkpoint
RP17: 7/3/2011 3:00:46 AM - Windows Update
RP18: 7/3/2011 11:01:17 AM - Installed VIPdesk Scan Utility
RP19: 7/4/2011 3:00:13 AM - Windows Update
RP20: 7/6/2011 2:27:15 AM - Windows Update
RP21: 7/7/2011 12:06:02 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP22: 7/7/2011 4:00:08 PM - Installed Steam
RP23: 7/7/2011 4:37:40 PM - Removed Steam
RP24: 7/8/2011 2:28:15 AM - Windows Update
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
AMX Mod X Installer 1.8.1
Apple Application Support
Apple Software Update
Big Pack 8.4
Buttons & OSDs control application gen2
Cheat Engine 6.1
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
DirectX for Managed Code Update (Summer 2004)
Earth's Special Forces
Google Chrome
Google Talk Plugin
Half-Life
Half-Life Model Viewer 1.25
Host OpenAL (ADI)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP KEYBOARD V1.5.4.0
HP MediaSmart DVD
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Total Care Advisor
HP Touch Optimizer
HP Touch Screen Enhance Service
HP TouchSmart
HP TouchSmart 360 Tour
HP TouchSmart Basic Tutorial
HP TouchSmart Calendar
HP TouchSmart Music Tutorial
HP TouchSmart Music/Photo/Video
HP TouchSmart Notes
HP TouchSmart Video Tutorials
HP TouchSmart Webcam
HP Update
HPAsset component for HP Active Support Library
HPTCSSetup
IMVU Avatar Chat Software
Java(TM) 6 Update 7
Kaspersky Internet Security 2011
LabelPrint
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft Live Search Toolbar
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SOAP Toolkit 3.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 5.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
Naruto Naiteki Kensei
Power2Go
PowerDirector
Python 2.5.2
QuickTime
Roblox for LisaMarie
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
SoundMAX
SPORE Creature Creator Trial Edition
TeamViewer 6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VIPdesk Scan Utility
.
==== Event Viewer Messages From Past Week ========
.
7/2/2011 8:11:58 AM, Error: EventLog [6008] - The previous system shutdown at 8:06:34 AM on 7/2/2011 was unexpected.
7/2/2011 4:28:37 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
7/2/2011 4:28:37 AM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

Re: Rundll32 Error9th July 2011, 8:23 pm

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7053

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

7/9/2011 4:23:05 PM
mbam-log-2011-07-09 (16-23-05).txt

Scan type: Full scan (C:\|)
Objects scanned: 346513
Time elapsed: 1 hour(s), 12 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Re: Rundll32 Error9th July 2011, 10:59 pm

I already have Kaspersky.... I don't know if SAS Will interfere with it.

No. It will not interfere.

When I opened it Kaspersky gave me a warning that it isn't used very often and It said
D.D.S: Doesn't Do Squat. Lol!.

Actually, that is correct. It's just a diagnostic tool. There's something weird about Kaspersky giving you that warning.

Download OTL to your desktop.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code:

:OTL
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
BHO-X64: IEVkbdBHO - No File
BHO-X64: link filter bho - No File
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

:folders 
C:\ProgramData\PopCap Games

:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
*********************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
************************************************************
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

Re: Rundll32 Error9th July 2011, 11:35 pm

Otl said: Could not create file in C:\Windows\System32\Etc\Hosts or something.
now otl is stuck at "resetting hosts file. do not interrupt" what do i do?

Re: Rundll32 Error10th July 2011, 12:32 am

CakeSwish wrote:

Otl said: Could not create file in C:\Windows\System32\Etc\Hosts or something.
now otl is stuck at "resetting hosts file. do not interrupt" what do i do?

Abort that action and continue with the rest.

Re: Rundll32 Error11th July 2011, 7:52 pm

Results of screen317's Security Check version 0.99.17
Windows Vista (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Kaspersky Internet Security 2011
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.3.181.34
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Windows Defender MSASCui.exe
Kaspersky Lab Kaspersky Internet Security 2011 avp.exe
``````````End of Log````````````

Do you still need that OTL log? and how do I abort that action?

Re: Rundll32 Error11th July 2011, 7:53 pm

Sorry for not replying - I have been at work alot and just haven't gotten the time to reply.

Re: Rundll32 Error11th July 2011, 10:35 pm

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
***************************************************

Do you still need that OTL log? and how do I abort that action?.

No, not at the moment. Just don't bother running the script. I would like to see the ComboFix log when you get time to run it.

Re: Rundll32 Error11th July 2011, 10:52 pm

I am doing combofix right now, while installing java......Is java going to interfere in any way?

Re: Rundll32 Error11th July 2011, 11:04 pm

CakeSwish wrote:

I am doing combofix right now, while installing java......Is java going to interfere in any way?

No. It won't interfere.

Re: Rundll32 Error11th July 2011, 11:16 pm

ComboFix 11-07-11.02 - LisaMarie 07/11/2011 18:56:47.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4060.1331 [GMT -4:00]
Running from: c:\users\LisaMarie\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-06-11 to 2011-07-11 )))))))))))))))))))))))))))))))
.
.
2011-07-11 23:11 . 2011-07-11 23:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-11 22:54 . 2011-07-11 22:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-07-11 22:50 . 2011-07-11 22:51 -------- d-----w- C:\32788R22FWJFW
2011-07-11 20:03 . 2011-07-11 20:03 -------- d-----w- c:\program files (x86)\Valve
2011-07-11 19:32 . 2011-07-11 19:32 -------- d-----w- c:\program files (x86)\uTorrent
2011-07-09 23:31 . 2011-07-09 23:31 -------- d-----w- C:\_OTL
2011-07-08 06:29 . 2011-06-20 12:57 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ACFDE8C8-F8CC-4985-A191-C241F922B1C3}\mpengine.dll
2011-07-08 00:11 . 2011-07-08 00:11 -------- d-----w- c:\program files (x86)\Cheat Engine 6.1
2011-07-08 00:06 . 2011-07-08 00:09 -------- d-----w- c:\programdata\PopCap Games
2011-07-07 20:00 . 2011-07-07 20:17 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-07-07 15:20 . 2011-07-07 15:20 -------- d-----w- c:\program files (x86)\AMX Mod X
2011-07-07 13:48 . 2011-07-07 13:48 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-06 18:00 . 2011-07-06 18:00 -------- d-----w- c:\program files (x86)\Half-Life Model Viewer
2011-07-04 07:03 . 2009-11-08 14:55 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-07-04 07:03 . 2009-11-08 14:55 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-07-04 07:03 . 2009-11-08 14:55 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-07-04 07:03 . 2009-11-08 14:55 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-07-04 07:03 . 2009-11-08 14:55 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-07-04 07:03 . 2009-11-08 14:55 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-07-04 07:03 . 2009-11-08 14:55 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-07-04 07:03 . 2009-11-08 14:55 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-07-04 07:03 . 2009-11-08 14:55 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-07-04 07:03 . 2009-11-08 14:55 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-07-03 17:07 . 2011-07-03 17:07 -------- d-----w- c:\program files (x86)\TeamViewer
2011-07-03 15:01 . 2011-07-03 15:01 -------- d-----w- c:\program files (x86)\VIPdesk
2011-07-03 07:15 . 2008-06-20 01:16 49160 ----a-w- c:\windows\system32\infocardcpl.cpl
2011-07-03 07:15 . 2008-06-20 01:14 37384 ----a-w- c:\windows\SysWow64\infocardcpl.cpl
2011-07-03 07:15 . 2008-06-20 01:16 11264 ----a-w- c:\windows\system32\icardres.dll
2011-07-03 07:15 . 2008-06-20 01:14 11264 ----a-w- c:\windows\SysWow64\icardres.dll
2011-07-03 07:15 . 2008-06-20 01:17 1168928 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2011-07-03 07:15 . 2008-06-20 01:16 167432 ----a-w- c:\windows\system32\infocardapi.dll
2011-07-03 07:15 . 2008-06-20 01:14 781344 ----a-w- c:\windows\SysWow64\PresentationNative_v0300.dll
2011-07-03 07:15 . 2008-06-20 01:16 1383936 ----a-w- c:\windows\system32\icardagt.exe
2011-07-03 07:15 . 2008-06-20 01:14 97800 ----a-w- c:\windows\SysWow64\infocardapi.dll
2011-07-03 07:15 . 2008-06-20 01:14 622080 ----a-w- c:\windows\SysWow64\icardagt.exe
2011-07-03 07:15 . 2008-06-20 01:17 126520 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-07-03 07:15 . 2008-06-20 01:14 105016 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2011-07-03 07:06 . 2008-07-27 18:03 158720 ----a-w- c:\windows\SysWow64\mscorier.dll
2011-07-03 07:06 . 2008-07-27 18:01 158208 ----a-w- c:\windows\system32\mscorier.dll
2011-07-03 07:06 . 2008-07-27 18:01 76288 ----a-w- c:\windows\system32\mscories.dll
2011-07-03 07:06 . 2008-07-27 18:03 83968 ----a-w- c:\windows\SysWow64\mscories.dll
2011-07-03 07:03 . 2009-10-09 21:56 2048 ----a-w- c:\windows\SysWow64\winrsmgr.dll
2011-07-03 07:03 . 2009-10-09 21:35 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-07-02 17:38 . 2009-08-24 12:24 442368 ----a-w- c:\windows\system32\winhttp.dll
2011-07-02 17:38 . 2009-08-24 12:16 378368 ----a-w- c:\windows\SysWow64\winhttp.dll
2011-07-02 17:37 . 2009-11-03 22:42 28160 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2011-07-02 17:37 . 2010-09-06 16:24 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2011-07-02 17:37 . 2010-09-06 15:59 179712 ----a-w- c:\windows\system32\srvsvc.dll
2011-07-02 17:37 . 2010-09-06 15:59 12288 ----a-w- c:\windows\system32\sscore.dll
2011-07-02 17:37 . 2010-09-06 16:23 17920 ----a-w- c:\windows\SysWow64\netevent.dll
2011-07-02 17:37 . 2010-09-06 15:57 17920 ----a-w- c:\windows\system32\netevent.dll
2011-07-02 08:36 . 2011-03-03 15:06 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-07-02 08:36 . 2011-03-03 14:56 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll
2011-07-02 08:36 . 2011-03-03 13:01 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll
2011-07-02 08:36 . 2011-03-03 13:25 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-07-02 08:00 . 2010-09-20 12:14 316416 ----a-w- c:\windows\system32\msshsq.dll
2011-07-02 08:00 . 2010-09-20 09:25 231936 ----a-w- c:\windows\SysWow64\msshsq.dll
2011-07-02 07:31 . 2011-07-02 07:31 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-07-02 07:24 . 2010-02-20 23:44 32768 ----a-w- c:\windows\system32\nshhttp.dll
2011-07-02 07:24 . 2010-02-20 23:39 24064 ----a-w- c:\windows\SysWow64\nshhttp.dll
2011-07-02 07:24 . 2010-02-20 23:42 33792 ----a-w- c:\windows\system32\httpapi.dll
2011-07-02 07:24 . 2010-02-20 21:40 610304 ----a-w- c:\windows\system32\drivers\http.sys
2011-07-02 07:24 . 2010-02-20 23:37 31232 ----a-w- c:\windows\SysWow64\httpapi.dll
2011-07-02 07:18 . 2010-04-14 18:33 101376 ----a-w- c:\windows\system32\MSNP.ax
2011-07-02 07:18 . 2010-04-14 17:46 80896 ----a-w- c:\windows\SysWow64\MSNP.ax
2011-07-02 07:18 . 2010-04-14 18:35 375808 ----a-w- c:\windows\system32\psisdecd.dll
2011-07-02 07:18 . 2010-04-14 18:35 289792 ----a-w- c:\windows\system32\psisrndr.ax
2011-07-02 07:18 . 2010-04-14 17:47 293376 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-07-02 07:18 . 2010-04-14 17:47 217088 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-07-01 16:48 . 2011-07-01 16:48 -------- dc----w- c:\windows\system32\DRVSTORE
2011-07-01 16:48 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-07-01 16:48 . 2008-04-17 16:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-07-01 16:48 . 2008-04-17 16:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-07-01 16:45 . 2011-07-01 16:45 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-07-01 16:43 . 2011-07-01 16:43 -------- d-----w- c:\program files\Common Files\Apple
2011-07-01 16:43 . 2011-07-01 16:43 -------- d-----w- c:\program files\Bonjour
2011-07-01 16:43 . 2011-07-01 16:43 -------- d-----w- c:\program files (x86)\Bonjour
2011-07-01 16:42 . 2011-07-01 16:47 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-07-01 16:42 . 2011-07-01 16:42 -------- d-----w- c:\programdata\Apple
2011-07-01 08:27 . 2009-06-10 12:23 3547136 ----a-w- c:\windows\system32\mf.dll
2011-07-01 08:27 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\SysWow64\mf.dll
2011-07-01 08:27 . 2009-09-10 15:48 1486848 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2011-07-01 08:27 . 2009-09-10 15:48 372736 ----a-w- c:\windows\system32\unregmp2.exe
2011-07-01 08:27 . 2009-09-10 15:21 1418752 ----a-w- c:\program files (x86)\Windows Media Player\setup_wm.exe
2011-07-01 08:27 . 2009-09-10 15:21 310784 ----a-w- c:\windows\SysWow64\unregmp2.exe
2011-07-01 08:23 . 2009-04-23 13:17 791552 ----a-w- c:\windows\system32\localspl.dll
2011-07-01 08:22 . 2010-08-26 16:27 189952 ----a-w- c:\windows\system32\t2embed.dll
2011-07-01 08:20 . 2010-01-25 08:37 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-07-01 08:19 . 2011-02-27 15:53 18320 ----a-w- c:\windows\system32\kdcom.dll
2011-07-01 08:19 . 2011-02-27 15:53 1075600 ----a-w- c:\windows\system32\winload.efi
2011-07-01 08:19 . 2011-02-27 15:53 990096 ----a-w- c:\windows\system32\winresume.efi
2011-07-01 08:19 . 2011-02-27 15:53 979344 ----a-w- c:\windows\system32\winresume.exe
2011-07-01 08:19 . 2011-02-27 15:53 20880 ----a-w- c:\windows\system32\kdusb.dll
2011-07-01 08:19 . 2011-02-27 15:53 18832 ----a-w- c:\windows\system32\kd1394.dll
2011-07-01 08:19 . 2011-02-27 15:53 1062800 ----a-w- c:\windows\system32\winload.exe
2011-07-01 08:17 . 2010-06-17 16:29 150528 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe
2011-07-01 08:16 . 2011-05-02 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-07-01 08:16 . 2011-05-02 12:00 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-07-01 08:14 . 2009-06-10 12:25 202752 ----a-w- c:\windows\system32\wkssvc.dll
2011-07-01 08:13 . 2010-10-28 13:17 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-01 08:12 . 2008-09-18 04:56 147456 ----a-w- c:\windows\SysWow64\Faultrep.dll
2011-07-01 08:07 . 2011-05-24 23:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-06-30 20:17 . 2011-07-11 23:11 -------- d-----w- c:\programdata\Kaspersky Lab
2011-06-30 20:17 . 2011-06-30 20:17 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2011-06-30 20:16 . 2011-06-30 20:16 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-06-30 19:53 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-30 19:53 . 2011-06-30 19:53 -------- d-----w- c:\programdata\Malwarebytes
2011-06-30 19:53 . 2011-06-30 19:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-30 19:53 . 2011-05-29 13:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-30 19:47 . 2011-06-30 19:47 -------- d-----w- c:\program files (x86)\MSSOAP
2011-06-30 19:47 . 2011-06-30 19:47 -------- d-----w- c:\program files\BitDefender
2011-06-30 19:43 . 2011-06-30 19:47 -------- d-----w- c:\programdata\BitDefender
2011-06-30 19:43 . 2011-06-30 19:47 -------- d-----w- c:\program files\Common Files\BitDefender
2011-06-30 19:43 . 2011-03-24 19:36 431176 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2011-06-30 19:43 . 2011-06-30 19:47 46542 ----a-w- c:\programdata\bdinstall.bin
2011-06-30 19:07 . 2011-06-30 19:08 242 ----a-w- C:\BdUninstallTool2011.06.30-03.07.27.reg
2011-06-30 18:56 . 2009-12-23 12:43 171520 ----a-w- c:\windows\SysWow64\wintrust.dll
2011-06-30 18:56 . 2009-12-23 12:39 218112 ----a-w- c:\windows\system32\wintrust.dll
2011-06-30 18:56 . 2010-01-15 00:04 98304 ----a-w- c:\windows\SysWow64\cabview.dll
2011-06-30 18:56 . 2010-01-13 18:34 104960 ----a-w- c:\windows\system32\cabview.dll
2011-06-30 18:54 . 2011-07-02 07:21 -------- d-----w- c:\program files (x86)\Microsoft Works
2011-06-30 18:53 . 2011-07-07 20:39 -------- d-----w- c:\users\LisaMarie
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 12:06 . 2011-05-10 12:06 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-05-10 12:06 . 2011-05-10 12:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-10-17 972080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe" [2007-02-15 119296]
"HP KEYBOARD"="c:\program files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE" [2008-09-27 468992]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2008-07-25 1310720]
"Buttons & OSDs control application gen2"="c:\program files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\FastUserSwitching.exe" [2008-12-04 208896]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]
"UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-10-18 1152296]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-10-18 189736]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-03 365336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"OTL"="c:\users\LisaMarie\Downloads\OTL.exe" [2011-07-09 579584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-5-14 1026600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\sbhook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-09-26 27632]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2008-10-18 21296]
S2 HP Touch Screen Enhance;HP Touch Screen Enhance;c:\program files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE [2008-07-11 100864]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PCD5SRVC{8AAF211B-043E02A9-05040000}
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1392130336-3676169900-190515075-1000Core.job
- c:\users\LisaMarie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-30 18:01]
.
2011-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1392130336-3676169900-190515075-1000UA.job
- c:\users\LisaMarie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-30 18:01]
.
2011-07-05 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 16:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-06 153624]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-06 225816]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-06 199704]
"SoundMAX"="c:\program files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" [2008-07-26 3858432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=crossfire&pf=cndt
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=crossfire&pf=cndt
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\LisaMarie\AppData\Roaming\Mozilla\Firefox\Profiles\v8fr91ye.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-HPSmartCenterBoot - _c:\program files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-OsdMaestro - c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
AddRemove-NNK - c:\program files (x86)\Valve\Half-Life\nnk\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Control]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@SACL=
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@SACL=
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
@SACL=
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@SACL=
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@SACL=
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2011-07-11 19:14:46
ComboFix-quarantined-files.txt 2011-07-11 23:14
.
Pre-Run: 463,778,160,640 bytes free
Post-Run: 463,127,146,496 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 085DB6C8F540C941F7D5544A12134FBA

Theres the combofix log file

Re: Rundll32 Error11th July 2011, 11:20 pm

I did another Security Check just to make sure I updated java right.

Results of screen317's Security Check version 0.99.17
Windows Vista (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Kaspersky Internet Security 2011
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 26
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.3.181.34
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Windows Defender MSASCui.exe
Kaspersky Lab Kaspersky Internet Security 2011 avp.exe
``````````End of Log````````````

Re: Rundll32 Error11th July 2011, 11:22 pm

Hmm..... It looks like I did it wrong. I'm sure I ran the Java remover and installed the java from majorgeeks :l

Re: Rundll32 Error12th July 2011, 1:06 am

P2P - I see you have P2P software installed on your machine (uTorrent). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
************************************************
Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

Folder::
c:\programdata\PopCap Games
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
I don't need to see the log from this script.

*****************************************************
Your Service Pack for Vista is out-of-date. Please make a note to update it soon.

Hmm..... It looks like I did it wrong. I'm sure I ran the Java remover and installed the java from majorgeeks :l.

Not a problem. Just uninstall Java(TM) 6 Update 7

Please download Rooter and Save it to your desktop.

Double click it to start the tool.Vista and Windows7 run as administrator.
Click Scan.
Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

Re: Rundll32 Error12th July 2011, 1:36 am

Popcap is a virus?

Re: Rundll32 Error12th July 2011, 1:41 am

Okay - I will uninstall uTorrent, but I am interested in how Popcap Games is a virus - I got the game "Plants vs. Zombies" But I'm not sure how its infected because Malwarebytes' Antimalware and Kaspersky haven't detected anything.

Re: Rundll32 Error12th July 2011, 2:04 am

Popcap is a virus?.

It is related to Popcap Loader which is adware. See the links below. It's your choice.

ADW Pop A

PopCap Loader

Re: Rundll32 Error12th July 2011, 6:07 am

My computer randomly froze while doing the CFScript.txt, first, the explorer windows (Like C: was open) froze up.... then the whole computer froze up and I haven't restarted it because I need too sleep so.... I am posting this on my laptop and I will be back tommorow.

Re: Rundll32 Error12th July 2011, 5:13 pm

Hello superdave... I got this message when I booted the computer up.

"
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

"

Is that from OTL? Btw the title of it is "07092011_193158"

Re: Rundll32 Error12th July 2011, 6:10 pm

I'm afraid it has gotten worse, My browsers sound is not playing. In the volume mixer there is NO Google Chrome process, I have reinstalled google chrome, flash, and nothing works. And this happens with my back-up browser (Mozilla Firefox) and Internet Explorer. I don't know what to do.

Re: Rundll32 Error12th July 2011, 6:48 pm

While I was looking through my Kaspersky Firewall, I found something weird.....

c:\32788r22fwjfw\license\iexplore.exe

Re: Rundll32 Error12th July 2011, 7:04 pm

Is that from OTL?

Yes, that's from OTL.

While I was looking through my Kaspersky Firewall, I found something weird.....

c:\32788r22fwjfw\license\iexplore.exe.

I'm quite sure that's part of ComboFix.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.

Re: Rundll32 Error12th July 2011, 8:10 pm

I'm doing the Super-Anti Spyware Scan right now. So far none detected, it will be done in 5 minutes..... Are there any other threat other than Pop Cap? And do you know why the sound for browsers have stopped working? I can play sound just fine with windows media player, but It's not working when I play youtube videos and etc, I have uninstalled Google chrome, but it's happening for all my browsers. I have reinstalled Adobe Flash player, and have checked out the registry, but to no avail. Sad tearing

Re: Rundll32 Error12th July 2011, 9:21 pm

It has found 86 Adware.TrackingCookies, no big deal, but hopefully theres 1 virus thats blocking the sound.

Re: Rundll32 Error12th July 2011, 9:52 pm

And do you know why the sound for browsers have stopped working? I can play sound just fine with windows media player, but It's not working when I play youtube videos and etc

It could have something to do with your drivers but if WMP is working fine then it has to be something to do with your browsers. Malware does not normally target the sound.

have checked out the registry, but to no avail

Please do not mess around in the Registry.

It has found 86 Adware.TrackingCookies, no big deal, but hopefully theres 1 virus thats blocking the sound..

I would like to see the log.

Re: Rundll32 Error12th July 2011, 10:08 pm

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/12/2011 at 05:44 PM

Application Version : 4.55.1000

Core Rules Database Version : 7400
Trace Rules Database Version: 5212

Scan type : Complete Scan
Total Scan Time : 01:49:13

Memory items scanned : 582
Memory threats detected : 0
Registry items scanned : 14863
Registry threats detected : 0
File items scanned : 174638
File threats detected : 86

Adware.Tracking Cookie
.imrworldwide.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.dmtracker.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.xiti.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.yieldmanager.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
accounts.youtube.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.msnportal.112.2o7.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.r1-ads.ace.advertising.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.game-advertising-online.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.www.burstnet.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.burstnet.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.burstnet.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.statcounter.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
C:\Users\LisaMarie\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisamarie@atdmt[1].txt
C:\Users\LisaMarie\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisamarie@liveperson[1].txt
C:\Users\LisaMarie\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisamarie@liveperson[3].txt
C:\Users\LisaMarie\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisamarie@sales.liveperson[2].txt

Re: Rundll32 Error12th July 2011, 10:15 pm

AVENGER

Download The Avenger by Swandog46 from here.
Unzip/extract it to a folder on your desktop.
Double click on avenger.exe to run The Avenger.
Click OK.
Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
Click the Execute button.
You will be asked No script has been entered. Do you want to execute a rootkit scan only?.
Click Yes.
You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
Click Yes.
Your PC will now be rebooted.
After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
Please post this log in your next reply.

Re: Rundll32 Error12th July 2011, 10:23 pm

CLEANUP.EXE Started on bootup.

This application appeared

It was used by more than 1000 participants of Kaspersky Security Network.

0% Users Trust this application.

is this a part of avenger?

Re: Rundll32 Error12th July 2011, 10:32 pm

I'm guessing my computer fell asleep while kaspersky was showing that warning and kaspersky automatically blocked it....but its still in my C:\ Drive. should I run it?

Re: Rundll32 Error12th July 2011, 10:42 pm

CakeSwish wrote:

I'm guessing my computer fell asleep while kaspersky was showing that warning and kaspersky automatically blocked it....but its still in my C:\ Drive. should I run it?

Yes, please.

Re: Rundll32 Error12th July 2011, 11:08 pm

It just deleted itself and other files related to it in the C:\ Drive.

Re: Rundll32 Error13th July 2011, 12:24 am

I would like to try something. Those are strange messages that you're getting Kaspersky. Please download MSE from the link below. Please choose the one applicable to your OS. Install it and then disable Kaspersky. Now try running Avenger.

Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
Microsoft Security Essentials for Windows XP

Re: Rundll32 Error13th July 2011, 6:34 pm

....Hello! I am in progress of downloading Microsoft Security Essentials, but my browsers don't show up in the "Mixer" and I've tryed so many fixes, do you think you could help me?

Re: Rundll32 Error13th July 2011, 7:36 pm

but my browsers don't show up in the "Mixer" and I've tryed so many fixes, do you think you could help me?.

I don't quite understand this. Could you please explain?

Re: Rundll32 Error13th July 2011, 9:50 pm

My browsers are muted. I cannot hear any sound from them. I've tried so many fixes, but the sound just won't turn on, no it's not my sound drivers, because they work fine on like WMP.... I have tryed reinstalling Google Chrome, but not firefox or internet explorer, and have tried reinstalling Flash Player, but no luck....My browsers aren't showing in "Mixer" because whenever I had this problem I would right click on Sound > Mixer > (Browser) and whalah. I unmuted it. but It doesn't appear in the sound mixer anymore. usually when this happens someone muted the Google Chrome in mixer so I just un-mute it. but it doesn't show up now.

Re: Rundll32 Error13th July 2011, 11:45 pm

My browsers are muted. I cannot hear any sound from them. I've tried so many fixes, but the sound just won't turn on

I'm trying to fix your Rundll32Error. I don't feel that the sound problem is malware related. Did you install MSE and disable Kaspersky AV?

Re: Rundll32 Error16th July 2011, 1:15 pm

Sorry - I've been at work and trying to fix that stupid sound error. Finally fixed it.... I went to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32

I couldn't see any keys but "Default". Didn't wanna mess with that. so I checked permissions and all my permissions were denied. I allowed all of them and bam. sound is back. I didn't do this myself. I think a virus did it. I don't use registry editor unless I check the "Run" to see if viruses are completely gone.

Re: Rundll32 Error16th July 2011, 7:21 pm

So, what's the status of your computer now? Still getting the rundll32 error?

Re: Rundll32 Error17th July 2011, 1:39 pm

No, it's doing fine, but sometimes when I put 3 o's in "google" it takes me to 1939.com or something. malwarebytes gives me a warning and says it blocked avp.exe which is kaspersky, which is blocking the site...so

Re: Rundll32 Error17th July 2011, 10:02 pm

but sometimes when I put 3 o's in "google" it takes me to 1939.com or something

I tried ooo and 000 but it just takes me to a bunch of sites with these figures.
Could you please try to run The Avenger again as well as this one below?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the Rundll32 Error EsetOnline

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the Rundll32 Error EsetStart

button.
•Accept any security warnings from your browser.
•Check Rundll32 Error EsetScanArchives

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push Rundll32 Error EsetListThreats

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the Rundll32 Error EsetBack

button.
•Push Rundll32 Error EsetFinish

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Re: Rundll32 Error18th July 2011, 7:00 pm

I dont know if someone closed it, because my family gets on this computer, but this is the only log I found:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=b1a972a2ef272f40ab6b7ff033c13604
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-18 04:35:00
# local_time=2011-07-18 12:35:00 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1280 16777215 100 0 1449841 1449841 0 0
# compatibility_mode=5892 16776573 100 100 0 147600011 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=180635
# found=0
# cleaned=0
# scan_time=5595

Re: Rundll32 Error18th July 2011, 10:53 pm

The ESET scan looks good. Please try to run this again.

AVENGER

Download The Avenger by Swandog46 from here.
Unzip/extract it to a folder on your desktop.
Double click on avenger.exe to run The Avenger.
Click OK.
Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
Click the Execute button.
You will be asked No script has been entered. Do you want to execute a rootkit scan only?.
Click Yes.
You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
Click Yes.
Your PC will now be rebooted.
After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
Please post this log in your next reply.

Rundll32 Error

descriptionRundll32 Error9th July 2011, 3:20 am

descriptionRe: Rundll32 Error9th July 2011, 6:30 pm

descriptionRe: Rundll32 Error9th July 2011, 6:38 pm

descriptionRe: Rundll32 Error9th July 2011, 7:18 pm

descriptionRe: Rundll32 Error9th July 2011, 7:18 pm

descriptionRe: Rundll32 Error9th July 2011, 7:18 pm

descriptionRe: Rundll32 Error9th July 2011, 8:23 pm

descriptionRe: Rundll32 Error9th July 2011, 10:59 pm

descriptionRe: Rundll32 Error9th July 2011, 11:35 pm

descriptionRe: Rundll32 Error10th July 2011, 12:32 am

descriptionRe: Rundll32 Error11th July 2011, 7:52 pm

descriptionRe: Rundll32 Error11th July 2011, 7:53 pm

descriptionRe: Rundll32 Error11th July 2011, 10:35 pm

descriptionRe: Rundll32 Error11th July 2011, 10:52 pm

descriptionRe: Rundll32 Error11th July 2011, 11:04 pm

descriptionRe: Rundll32 Error11th July 2011, 11:16 pm

descriptionRe: Rundll32 Error11th July 2011, 11:20 pm

descriptionRe: Rundll32 Error11th July 2011, 11:22 pm

descriptionRe: Rundll32 Error12th July 2011, 1:06 am

descriptionRe: Rundll32 Error12th July 2011, 1:36 am

descriptionRe: Rundll32 Error12th July 2011, 1:41 am

descriptionRe: Rundll32 Error12th July 2011, 2:04 am

descriptionRe: Rundll32 Error12th July 2011, 6:07 am

descriptionRe: Rundll32 Error12th July 2011, 5:13 pm

descriptionRe: Rundll32 Error12th July 2011, 6:10 pm

descriptionRe: Rundll32 Error12th July 2011, 6:48 pm

descriptionRe: Rundll32 Error12th July 2011, 7:04 pm

descriptionRe: Rundll32 Error12th July 2011, 8:10 pm

descriptionRe: Rundll32 Error12th July 2011, 9:21 pm

descriptionRe: Rundll32 Error12th July 2011, 9:52 pm

descriptionRe: Rundll32 Error12th July 2011, 10:08 pm

descriptionRe: Rundll32 Error12th July 2011, 10:15 pm

descriptionRe: Rundll32 Error12th July 2011, 10:23 pm

descriptionRe: Rundll32 Error12th July 2011, 10:32 pm

descriptionRe: Rundll32 Error12th July 2011, 10:42 pm

descriptionRe: Rundll32 Error12th July 2011, 11:08 pm

descriptionRe: Rundll32 Error13th July 2011, 12:24 am

descriptionRe: Rundll32 Error13th July 2011, 6:34 pm

descriptionRe: Rundll32 Error13th July 2011, 7:36 pm

descriptionRe: Rundll32 Error13th July 2011, 9:50 pm

descriptionRe: Rundll32 Error13th July 2011, 11:45 pm

descriptionRe: Rundll32 Error16th July 2011, 1:15 pm

descriptionRe: Rundll32 Error16th July 2011, 7:21 pm

descriptionRe: Rundll32 Error17th July 2011, 1:39 pm

descriptionRe: Rundll32 Error17th July 2011, 10:02 pm

descriptionRe: Rundll32 Error18th July 2011, 7:00 pm

descriptionRe: Rundll32 Error18th July 2011, 10:53 pm

descriptionRe: Rundll32 Error

Rundll32 Error9th July 2011, 3:20 am

Re: Rundll32 Error9th July 2011, 6:30 pm

Re: Rundll32 Error9th July 2011, 6:38 pm

Re: Rundll32 Error9th July 2011, 7:18 pm

Re: Rundll32 Error9th July 2011, 7:18 pm

Re: Rundll32 Error9th July 2011, 7:18 pm

Re: Rundll32 Error9th July 2011, 8:23 pm

Re: Rundll32 Error9th July 2011, 10:59 pm

Re: Rundll32 Error9th July 2011, 11:35 pm

Re: Rundll32 Error10th July 2011, 12:32 am

Re: Rundll32 Error11th July 2011, 7:52 pm

Re: Rundll32 Error11th July 2011, 7:53 pm

Re: Rundll32 Error11th July 2011, 10:35 pm

Re: Rundll32 Error11th July 2011, 10:52 pm

Re: Rundll32 Error11th July 2011, 11:04 pm

Re: Rundll32 Error11th July 2011, 11:16 pm

Re: Rundll32 Error11th July 2011, 11:20 pm

Re: Rundll32 Error11th July 2011, 11:22 pm

Re: Rundll32 Error12th July 2011, 1:06 am

Re: Rundll32 Error12th July 2011, 1:36 am

Re: Rundll32 Error12th July 2011, 1:41 am

Re: Rundll32 Error12th July 2011, 2:04 am

Re: Rundll32 Error12th July 2011, 6:07 am

Re: Rundll32 Error12th July 2011, 5:13 pm

Re: Rundll32 Error12th July 2011, 6:10 pm

Re: Rundll32 Error12th July 2011, 6:48 pm

Re: Rundll32 Error12th July 2011, 7:04 pm

Re: Rundll32 Error12th July 2011, 8:10 pm

Re: Rundll32 Error12th July 2011, 9:21 pm

Re: Rundll32 Error12th July 2011, 9:52 pm

Re: Rundll32 Error12th July 2011, 10:08 pm

Re: Rundll32 Error12th July 2011, 10:15 pm

Re: Rundll32 Error12th July 2011, 10:23 pm

Re: Rundll32 Error12th July 2011, 10:32 pm

Re: Rundll32 Error12th July 2011, 10:42 pm

Re: Rundll32 Error12th July 2011, 11:08 pm

Re: Rundll32 Error13th July 2011, 12:24 am

Re: Rundll32 Error13th July 2011, 6:34 pm

Re: Rundll32 Error13th July 2011, 7:36 pm

Re: Rundll32 Error13th July 2011, 9:50 pm

Re: Rundll32 Error13th July 2011, 11:45 pm

Re: Rundll32 Error16th July 2011, 1:15 pm

Re: Rundll32 Error16th July 2011, 7:21 pm

Re: Rundll32 Error17th July 2011, 1:39 pm

Re: Rundll32 Error17th July 2011, 10:02 pm

Re: Rundll32 Error18th July 2011, 7:00 pm

Re: Rundll32 Error18th July 2011, 10:53 pm

Re: Rundll32 Error