Results 1 to 6 of 6
  1. #1
    Member
    Join Date
    Feb 2005
    Location
    Pennsylvania
    Posts
    19
    Points
    2

    Default Rundll32.exe, cant delete temp inter files, PLEASE HELP!!!

    Hi,

    I have been having a problem. A month or so back I got a virus I think was called virtool.destart.A. I got this virus because my AVG would not update and AVG support wasn't really helping me with the problem and so I was without any Anti-Virus for about a week. I did end up downloading Bullguard though. Bullguard found this virus and removed it. Shortly after this incident but not immediately, I noticed that when I tried to click the delete files button under temporary internet files it would freeze. I would have to click end program. And it would say "Rundll32.exe is not responding." Then it would say "You chose to end the noresponsive program, Run a DLL as an App." Then I would click send error report.

    Recently, about 2 weeks ago, I noticed that when I clicked ctrl alt delete or the task manager it's like all the little tabs are gone. The only thing it will show me is the running processes. It used to have a tab where I could check the CPU usage and memory and a tab for the running programs.

    Now, only running processes. Before I got high speed internet I noticed that almost every website I went to was ending up having a little yellow alert error icon on the bottom left hand side. I would have to refresh it a couple times and then it would work. But, now with the high speed I have noticed that the problem with that seems to be gone. I have look around a little bit for info on this rundll32.exe thing and am not sure if it is the problem. I have found some evidence that the problem might be connected to it being used as a mask for the real problem. I don't know. Will someone please help me?!?!? :cry: :? :wink:

    Thanks a lot!

  2. #2
    Member Oddjob's Avatar
    Join Date
    May 2004
    Location
    London, U.K.
    Posts
    1,981
    Points
    248

    Default

    Hi kingzkid

    The "rundll32.exe" is a process which executes DLL's and places their libraries into the memory so they can be used more efficiently by applications. It's important for the stable and secure running of your computer BUT it is also a process which is registered as the W32.Miroot.Worm.

    To start you off please go here............

    http://www.help2go.com/article217.ht...rder=0&thold=0

    and follow all procedures fully and carefully.

    If still not fixed post a HijackThis log using the "postreply" button at the foot of this thread and someone will advise further.
    PLEASE DONATE. Help keep our site alive without ads.

    Help keep your computer protected. Read this > http://www.help2go.com/article152.html

  3. #3
    Member Spyware Fighter Grim322's Avatar
    Join Date
    Apr 2004
    Location
    Glendale, Arizona
    Posts
    3,026
    Points
    718

    Default

    I'm not sure what the problem was with AVG auto udates, it seems to be OK now. But if you run into it again, you can do a manual update as follows:

    Right click on the AVG icon in the lower right of screen
    Click on "AVG Free online services"
    On the AVG home page, click on "get AVG update" (left side of screen)
    Click on the update file (it comes as a bin file)
    Save it where you can find it
    After it downloads, you must put it into a folder, I created a folder named "AVG updates"
    Now start the AVG program
    Click on "control center"
    Click on "update manager", then "properties"
    Uncheck the box next to "don't ask for update source", click "apply" and "OK"
    Click on "update" and pick folder as your source
    Navigate to the correct folder and it will update.

    Automatic is easier, but it can be done Charlie

  4. #4
    Member
    Join Date
    Feb 2005
    Location
    Pennsylvania
    Posts
    19
    Points
    2

    Default My Hijack This Log

    Logfile of HijackThis v1.99.1
    Scan saved at 1:56:56 PM, on 2/25/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\keyhook.exe
    C:\Program Files\BullGuard Software\BullGuard 5.0\BullGuard.exe
    C:\Program Files\Trillian\trillian.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Ashley\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [BullGuard 5.0] C:\Program Files\BullGuard Software\BullGuard 5.0\BullGuard.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - Startup: Trillian.lnk = ?
    O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: RoboForm &2 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Aces Up! by pogo - http://game3.pogo.com/applet-6.1.0.3...-ob-assets.cab
    O16 - DPF: Animal Ark by pogo - http://playweb06.pogo.com/applet-6.0...-ob-assets.cab
    O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet-6.1.0....-ob-assets.cab
    O16 - DPF: Canasta by pogo - http://canasta.pogo.com/applet-6.0.4...-ob-assets.cab
    O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.1.2.2...-ob-assets.cab
    O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet...-ob-assets.cab
    O16 - DPF: Dominoes by pogo - http://game5.pogo.com/applet-6.1.3.2...-ob-assets.cab
    O16 - DPF: EZ Win Bingo by pogo - http://game1.pogo.com/applet-6.1.2.2...-ob-assets.cab
    O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/applet-6.0.4.3...-ob-assets.cab
    O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-6....-ob-assets.cab
    O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet-6.0...-ob-assets.cab
    O16 - DPF: High Stakes Poker by pogo - http://game6.pogo.com/applet-6.0.4.3...-ob-assets.cab
    O16 - DPF: Jigsaw Detective by pogo - http://game3.pogo.com/applet-6.1.0.3...-ob-assets.cab
    O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-6.0.4.37/...-ob-assets.cab
    O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab
    O16 - DPF: Mah Jong Garden by pogo - http://game4.pogo.com/applet-6.0.4.3...-ob-assets.cab
    O16 - DPF: Multiline Slots by pogo - http://game6.pogo.com/applet-6.0.4.3...-ob-assets.cab
    O16 - DPF: Pai Gow by pogo - http://game3.pogo.com/applet-6.1.0.3...-ob-assets.cab
    O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab
    O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-6....-ob-assets.cab
    O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.0.4.3...-ob-assets.cab
    O16 - DPF: Pinochle by pogo - http://game4.pogo.com/applet-6.1.1.2...-ob-assets.cab
    O16 - DPF: Pirate's Gold by pogo - http://swashbucks.pogo.com/applet-6....-ob-assets.cab
    O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet-6.0.4.3...-ob-assets.cab
    O16 - DPF: Poppit TM by pogo - http://game5.pogo.com/applet-6.1.1.2...-ob-assets.cab
    O16 - DPF: Showbiz Slots 2 by pogo - http://showbiz2.pogo.com/applet-6.1....-ob-assets.cab
    O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab
    O16 - DPF: Spider Solitaire by pogo - http://game4.pogo.com/applet-6.0.4.3...-ob-assets.cab
    O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet-6....-ob-assets.cab
    O16 - DPF: Sweet Tooth TM by pogo - http://sweettooth.pogo.com/applet-6....-ob-assets.cab
    O16 - DPF: Texas Hold'em Poker by pogo - http://game4.pogo.com/applet-6.0.4.3...-ob-assets.cab
    O16 - DPF: Top Down Baseball Challenge by pogo - http://game1.pogo.com/applet-6.1.2.2...-ob-assets.cab
    O16 - DPF: Tri-Peaks by pogo - http://game4.pogo.com/applet-6.0.4.3...-ob-assets.cab
    O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet-6.1.3....-ob-assets.cab
    O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.1.2.2...-ob-assets.cab
    O16 - DPF: Video Poker by pogo - http://vpoker.pogo.com/applet-6.0.3....-ob-assets.cab
    O16 - DPF: Word Whomp by pogo - http://game5.pogo.com/applet-6.0.4.3...-ob-assets.cab
    O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.1.1.2...-ob-assets.cab
    O16 - DPF: WordJong by pogo - http://wordjong.pogo.com/applet-6.0....-ob-assets.cab
    O16 - DPF: World Class Solitaire by pogo - http://game4.pogo.com/applet-6.1.1.2...-ob-assets.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
    O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/game...s/y/pyt1_x.cab
    O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll
    O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/u...2/sdcregie.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {35B7E48B-9D81-4C6C-9578-5FD4F620D886} (InstallShield Setup Player 2K2) - https://www.opinionsquare.com/Config/setup.exe
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-17.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {7936F65B-5993-4CB3-96E2-E2DB0B781E10} - http://download.kerclink.com:8080/KERclinkInstall.cab
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - https://secure.stamps.com/download/u...ile=stamps.cab
    O16 - DPF: {F992FDC0-DAA7-4774-B01C-E9DFF19FE0FE} (Invoke Solutions MILive Participant Control(MR)) - http://online.invokesolutions.com/ev...203/MILive.cab

  5. #5
    Member
    Join Date
    Feb 2005
    Location
    Pennsylvania
    Posts
    19
    Points
    2

    Default Windows Update

    Also, I forgot about this until now and figured I should tell you. When I run Windows Automatic Updates it will Update okay except it will not UPDATE this: Security Update for Windows XP (KB885836) I have tried contacting Microsoft about this and they replied once but the problem was not resolved. Anyone have any ideas???? THANKS!!!

  6. #6
    Administrator Help2Go Administrator Canuck's Avatar
    Join Date
    May 2003
    Location
    Edmonton, Alberta, Canada
    Posts
    9,817
    Points
    2034

    Default

    Have you tried doing a manual download? Go here http://www.microsoft.com/downloads/d...displaylang=en and see if that works for you. Meanwhile, the H2G Detective doesn't indicate any major problems but I'll transfer your HJT log to the Spyware Help forum and see if they can spot anything. If they are unable to help, ask them to transfer you back to Q&A.