Rundll32.exe error

[kevstar]

Hi specialists,

Ok, here's the problem I've got with my computer. When I start my computer I got several rundll32.exe (0xc0000005) errors. I searched this forum and noticed that there are several same problems with this error but it seems they are not identical.

I tried some virusscanner such as Mcaffee and AVG. Also used hitman pro but none of them all solves the problem.

Another problem is that I can't use my controlpanel anymore. When I click ' by example' add/remove software I get this strange rundll32 error again.
I read the preliminary removal instructions and tried to remove McAffee, but that doesn't work cause the error.

I attached my HJT-log.

Please help !!

Thanks in advance,

Kevin
the Netherlands

 

[xxdanielxx]

alright looks like we have some work to do

Please download VundoFix.exe
to your desktop

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click Yes
• Once you click yes, your desktop will go blank as it starts removing the Vundo.
• When completed, it will prompt that it will reboot your computer, click Ok
• Please attach the C:\vundofix.txt & a new HijackThis log.

Note: it is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." When VundoFix appears at reboot.

===================================

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version. Then reboot into safe mode by rebooting then start tapping the F8 key you will get the advance option select safe mode then load run the program
• Once the program has loaded, select "Perform Full Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

==================================

Download and scan with SUPERAntiSpyware Free for Home Users

• Double-click SUPERAntiSpyware.exe and use the default settings for installation.
• An icon will be created on your desktop. Double-click that icon to launch the program.
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
• Under "Configuration and Preferences", click the Preferences button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
  • Scan for tracking cookies.
  • Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen.
• Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
• On the left, make sure you check C:\Fixed Drive.
• On the right, under "Complete Scan", choose Perform Complete Scan.
• Click "Next" to start the scan. Please be patient while it scans your computer.
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
• Make sure everything has a checkmark next to it and click "Next".
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
• If asked if you want to reboot, click "Yes".
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Please copy and paste the Scan Log results in your next reply.
• Click Close to exit the program.

 

[kevstar]

Fixed the problem. Thanks for helping.

Kevin P.

 

[Bobbye]

You should scan with HijackThis again and post a new logs. There were a lot of files that needed removing.

 

[kevstar]

Ooops, sorry.. Will post a new log in a few minutes.

 

[kevstar]

Ok guys, here's a new logfile.

 

[xxdanielxx]

We need to delete a service first.

open Notepad, then copy the codes belows in the quote box:

@echo off
sc stop "avg8emc"
sc delete "avg8emc"
sc stop "avg8wd"
sc delete "avg8wd"
del service.cmd and exit

then paste them into the notepad file, name the file fix.cmd and change the "Save as Type" to "All File", then save it to your desktop.

Locate the file you just created on the desktop, and double-click to run it.


ok can you post the MBAM log and the SAS log

open hijackthis and place a check next to the item below

O2 - BHO: (no name) - {4F549932-AA0A-43B0-92BF-610AFE73FAB7} - C:\WINDOWS\system32\opnooNeE.dll (file missing)
O2 - BHO: (no name) - {833AE189-F38C-46B6-B02A-18DBEBB50349} - C:\WINDOWS\system32\byXPHbBQ.dll (file missing)
O2 - BHO: (no name) - {E126805E-4A10-49B5-86AB-741286A4B7DA} - C:\WINDOWS\system32\efccBQHy.dll (file missing)
O2 - BHO: (no name) - {ED71602F-B2F6-470F-943F-0DA300E034D8} - C:\WINDOWS\system32\opnlIayw.dll (file missing)
O4 - HKLM\..\Run: [BMe70b46b9] Rundll32.exe "C:\WINDOWS\system32\nahrdlon.dll",s
O4 - HKLM\..\Run: [e4387525] rundll32.exe "C:\WINDOWS\system32\pabmlxke.dll",b
O4 - HKCU\..\Run: [01117964667348514065999782645839] C:\Program Files\Antivirus 2009\av2009.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\qcntotdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rrwnw64p.exe
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: byXPHbBQ - byXPHbBQ.dll (file missing)
O20 - Winlogon Notify: fccdecab - fccdecab.dll (file missing)
O20 - Winlogon Notify: opnlIayw - opnlIayw.dll (file missing)

then click on fix items now close hijackthis and reboot into safe mode you can do this by rebooting then start taping the F8 then select safe mode

uninstall the software be low

Antivirus 2009
PartyGaming


Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighb
  
  

  C:\WINDOWS\system32\nahrdlon.dll
  C:\WINDOWS\system32\pabmlxke.dll
  C:\Program Files\Antivirus 2009
  C:\WINDOWS\system32\qcntotdm.exe
  C:\WINDOWS\system32\rrwnw64p.exe

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please attach the contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

then post a fresh hijackthis log

 

[kevstar]

Ok, there we go. I posted some logs from SAS MBAM en OTMovit.

In save mode i couldnt delete these two programs:

Antivirus 2009
PartyGaming

Maybe i already deleted them.

 

[xxdanielxx]

Open MBAM and and click on the Quarantined tab and delete everything there. Do the same with SAS. Then reboot and post a fresh Hijackthis log

 

[kevstar]

A fresh hijackThis log....

 

[xxdanielxx]

run hijackthis and place a check next to the items below

O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe (file missing)

=================================

Now run the online scan below

TrendMicro™ HouseCall Java Scan

• Please go HERE to run the Trend Micro™ HouseCall Scan.
• Click Scan now. It's free!
• Read and put a Check next to Yes I accept the terms of use.
• Click the Launching HouseCall>> button.
• Under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
• You may receive a Security Warning about the TrendMicro Java applet, click YES.
• Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
• Please be patient while it installs, updates, and scans your system.
• Once the scan is complete, it will take you to the summary page.
• Under Cleanup options, choose clean all detected infections automatically.
• Click the Clean now>> button.
• If anything was found you may be prompted to run the scan again, you can just close the browser window.