Rundll32 Error

While I was looking through my Kaspersky Firewall, I found something weird.....

c:\32788r22fwjfw\license\iexplore.exe

Is that from OTL?

Yes, that's from OTL.

While I was looking through my Kaspersky Firewall, I found something weird.....

c:\32788r22fwjfw\license\iexplore.exe.

I'm quite sure that's part of ComboFix.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.

I'm doing the Super-Anti Spyware Scan right now. So far none detected, it will be done in 5 minutes..... Are there any other threat other than Pop Cap? And do you know why the sound for browsers have stopped working? I can play sound just fine with windows media player, but It's not working when I play youtube videos and etc, I have uninstalled Google chrome, but it's happening for all my browsers. I have reinstalled Adobe Flash player, and have checked out the registry, but to no avail.

It has found 86 Adware.TrackingCookies, no big deal, but hopefully theres 1 virus thats blocking the sound.

And do you know why the sound for browsers have stopped working? I can play sound just fine with windows media player, but It's not working when I play youtube videos and etc

It could have something to do with your drivers but if WMP is working fine then it has to be something to do with your browsers. Malware does not normally target the sound.

have checked out the registry, but to no avail

Please do not mess around in the Registry.

It has found 86 Adware.TrackingCookies, no big deal, but hopefully theres 1 virus thats blocking the sound..

I would like to see the log.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/12/2011 at 05:44 PM

Application Version : 4.55.1000

Core Rules Database Version : 7400
Trace Rules Database Version: 5212

Scan type : Complete Scan
Total Scan Time : 01:49:13

Memory items scanned : 582
Memory threats detected : 0
Registry items scanned : 14863
Registry threats detected : 0
File items scanned : 174638
File threats detected : 86

Adware.Tracking Cookie
.imrworldwide.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.dmtracker.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.xiti.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.yieldmanager.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
accounts.youtube.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.msnportal.112.2o7.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.r1-ads.ace.advertising.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.game-advertising-online.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.www.burstnet.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.burstnet.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.burstnet.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.statcounter.com [ C:\Users\LisaMarie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
C:\Users\LisaMarie\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisamarie@atdmt[1].txt
C:\Users\LisaMarie\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisamarie@liveperson[1].txt
C:\Users\LisaMarie\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisamarie@liveperson[3].txt
C:\Users\LisaMarie\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisamarie@sales.liveperson[2].txt

CLEANUP.EXE Started on bootup.

This application appeared

It was used by more than 1000 participants of Kaspersky Security Network.

0% Users Trust this application.

is this a part of avenger?

I'm guessing my computer fell asleep while kaspersky was showing that warning and kaspersky automatically blocked it....but its still in my C:\ Drive. should I run it?

CakeSwish wrote:

I'm guessing my computer fell asleep while kaspersky was showing that warning and kaspersky automatically blocked it....but its still in my C:\ Drive. should I run it?

Yes, please.

It just deleted itself and other files related to it in the C:\ Drive.

I would like to try something. Those are strange messages that you're getting Kaspersky. Please download MSE from the link below. Please choose the one applicable to your OS. Install it and then disable Kaspersky. Now try running Avenger.

Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
Microsoft Security Essentials for Windows XP

....Hello! I am in progress of downloading Microsoft Security Essentials, but my browsers don't show up in the "Mixer" and I've tryed so many fixes, do you think you could help me?

but my browsers don't show up in the "Mixer" and I've tryed so many fixes, do you think you could help me?.

I don't quite understand this. Could you please explain?

My browsers are muted. I cannot hear any sound from them. I've tried so many fixes, but the sound just won't turn on, no it's not my sound drivers, because they work fine on like WMP.... I have tryed reinstalling Google Chrome, but not firefox or internet explorer, and have tried reinstalling Flash Player, but no luck....My browsers aren't showing in "Mixer" because whenever I had this problem I would right click on Sound > Mixer > (Browser) and whalah. I unmuted it. but It doesn't appear in the sound mixer anymore. usually when this happens someone muted the Google Chrome in mixer so I just un-mute it. but it doesn't show up now.

My browsers are muted. I cannot hear any sound from them. I've tried so many fixes, but the sound just won't turn on

I'm trying to fix your Rundll32Error. I don't feel that the sound problem is malware related. Did you install MSE and disable Kaspersky AV?

Sorry - I've been at work and trying to fix that stupid sound error. Finally fixed it.... I went to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32

I couldn't see any keys but "Default". Didn't wanna mess with that. so I checked permissions and all my permissions were denied. I allowed all of them and bam. sound is back. I didn't do this myself. I think a virus did it. I don't use registry editor unless I check the "Run" to see if viruses are completely gone.

So, what's the status of your computer now? Still getting the rundll32 error?

No, it's doing fine, but sometimes when I put 3 o's in "google" it takes me to 1939.com or something. malwarebytes gives me a warning and says it blocked avp.exe which is kaspersky, which is blocking the site...so

but sometimes when I put 3 o's in "google" it takes me to 1939.com or something

I tried ooo and 000 but it just takes me to a bunch of sites with these figures.
Could you please try to run The Avenger again as well as this one below?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

I dont know if someone closed it, because my family gets on this computer, but this is the only log I found:


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=b1a972a2ef272f40ab6b7ff033c13604
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-18 04:35:00
# local_time=2011-07-18 12:35:00 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1280 16777215 100 0 1449841 1449841 0 0
# compatibility_mode=5892 16776573 100 100 0 147600011 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=180635
# found=0
# cleaned=0
# scan_time=5595