TechSpot

Rundll32 Error

By Hysterical
Mar 14, 2010
  1. I have an Acer desktop running, window vista. It was running fine until recently, and out of nowhere everytime i start my computer there is rundll32 error. As i start my computer, the screen turns black momentary around 3 times continuously and after that it shows rundll32 error. I have tried scanning with norton 360, malewarebyte's' Anti-malware and superAntispyware. I even tried using Registry Mechanic and removing registry. After it has not fixed the problem, i have restored all my registry. I have even updated my graphic card which is Navida GeForce 7050. With rundll32 error, window often doesn't respond and often require me to restart the computer

    please help
     
  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Never, ever use any registry tools. Period.

    How?

    Please, post EXACT error, you're getting.
     
  3. Hysterical

    Hysterical TS Rookie Topic Starter Posts: 27

    Registry tool has restore function
    Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549b0e1, faulting module NVCPL.DLL, version 8.17.11.9621, time stamp 0x4b4c0de2, exception code 0xc0000005, fault offset 0x00052a5c, process id 0x7a4, application start

    from event viewer
     
  4. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    It doesn't matter. Registry tools are no recommended and that's a whole story.

    Does the same thing happen, when you boot to Safe Mode?
     
  5. Hysterical

    Hysterical TS Rookie Topic Starter Posts: 27

    The error doesn't appear.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    OK then.
    Most likely, we can find workaround.
    NVCPL.DLL - Intializes the clock and memory settings on nVidia based graphics cards. Enable if you overclock your card
    Means, it doesn't have to run as a startup, unless you overclock your video card.

    Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
    No installation required.
    Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
    Go File>Save, and save it as AutoRuns.txt file to know location.
    You must select Text from drop-down menu as a file type:

    [​IMG]

    Attach the file to your next reply.
     
  7. Hysterical

    Hysterical TS Rookie Topic Starter Posts: 27

    here is the autorun data
     

    Attached Files:

  8. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    I don't see nvcpl.dll among startups, but only two entries as shell extension.
    Let's see, if disabling them will help.

    Re-run Autoruns.
    Scroll down to:
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved"
    In that section find two entries:
    + "NvCpl DesktopContext Class"
    + "Play on my TV helper"

    UN-check both and restart computer.
     
  9. Hysterical

    Hysterical TS Rookie Topic Starter Posts: 27

    problem still occuring here's a image of the specific detail of the problem
     

    Attached Files:

  10. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Do you have on-board video, or separate video card?
    Where did you get new driver from?
     
  11. Sean Courtney

    Sean Courtney TS Rookie

    Are you sure this isnt a Vista OS issue? If you google "has stopped working" your will see thousands of people having this problem in as many catagories. I think it has to do with file sharing or something unique to Vista. It has caused many people a lot of trouble.There is a workaround I applied and it seems thus far to have worked, cant remember where exactly I found it.

    Anyway just a thought, but do google as I suggest and check out these types of problems
     
  12. Hysterical

    Hysterical TS Rookie Topic Starter Posts: 27

    i spend a couple of hours searching on google searching for stuff

    @broni my video is on-board (i think). It came with my computer, i haven't apply physical change to my computer yet, and i don't remember installing any program either when this problem occured. I only upgraded my graphic card on nvidia website after this error has occured
     
  13. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Go Start>Run (Start Search in Vista), type in:
    msconfig
    Click OK (hit Enter in Vista).

    Click on Startup tab.
    Click Disable all
    IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

    Click Services tab.
    Put checkmark in Hide all Microsoft services
    Click Disable all.

    Click OK.
    Restart computer in Normal Mode.

    NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
    If you use Windows firewall, you're fine.

    Same problem?
     
  14. Hysterical

    Hysterical TS Rookie Topic Starter Posts: 27

    no problem occured
     
  15. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Yeah, this is what I thought.
    Some startup, or some process, which doesn't start in Safe Mode is causing havoc.
    Re-enable all startups and services you previously disabled.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Attach the "C:\ComboFix.txt" to your next repy.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  16. Hysterical

    Hysterical TS Rookie Topic Starter Posts: 27

    I can't disable tea time on spybot the instruction is wrong

    and what about superAntispyware and Malwarebyte' Anti-Malware and HijackThis (i don't have these in startups)
     
  17. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    No.

    Disable TeaTimer, as it'll interfere with the cleaning process:
    Right click Spybot's TeaTimer System Tray Icon.
    Click Exit Spybot-S&D Resident.
    TeaTimer closes.
    NOTE. If on re-boot, Spybot inquires about registry change(s), allow it.

    Alternatively, I suggest, you uninstall Spybot since it's a tool of the past.

    ...and you have to disable your AV program.

    Did you re-enable all disabled items in "msconfig"?
     
  18. Hysterical

    Hysterical TS Rookie Topic Starter Posts: 27

    Edit: Here it is the log
     

    Attached Files:

  19. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    OK, we have some infection present here.

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\users\Huang\AppData\Local\Temp\7GPoazFJrzwN.sys
    c:\users\Huang\AppData\Local\Temp\6117423.09-25-2009
    c:\users\Huang\AppData\Local\Temp\C0ETgT9.syS
    c:\users\Huang\AppData\Local\Temp\iLgV2lN.syS
    c:\users\Huang\AppData\Local\Temp\O3nlVp1.syS
    c:\users\Huang\AppData\Local\Temp\X1KjeKnD1xlw.sys
    c:\windows\system32\XDva219.sys
    c:\windows\system32\XDva224.sys
    c:\windows\system32\XDva225.sys
    c:\windows\system32\XDva259.sys
    c:\windows\system32\XDva279.sys
    c:\windows\system32\XDva302.sys
    c:\windows\system32\XDva309.sys
    
    
    Folder::
    
    Driver::
    7GPoazFJrzwN.sys
    8Z7GKwtsfrl3.sys
    ByakkoDrive
    C0ETgT9.syS
    iLgV2lN.syS
    O3nlVp1.syS
    X1KjeKnD1xlw.sys
    XDva219
    XDva224
    XDva225
    XDva259
    XDva279
    XDva302
    XDva309
    
    
    Registry::
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ByakkoDriver]
    
    
    RegLockDel::
    
    

    3. Save the above as CFScript.txt

    4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  20. Hysterical

    Hysterical TS Rookie Topic Starter Posts: 27

    Here is the update one with changes
     

    Attached Files:

  21. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Good :)

    Does the error still pop-up?
     
  22. Hysterical

    Hysterical TS Rookie Topic Starter Posts: 27

    yes it continues to pop up D: every time the screen turns black an error would appear and the error appear 3 times
     
  23. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    OK....

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start>"Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall"
    Click OK (Vista users - press Enter).
    Restart computer.

    =====================================================================

    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scans.***


    STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 2.
    Post fresh HijackThis log.
    NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  24. Hysterical

    Hysterical TS Rookie Topic Starter Posts: 27

    i did like a malware thingie scan 2 days ago should is scan again
     
  25. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Please do. Quick scan doesn't take long.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...