Rundll32.exe error

By kevstar
Aug 3, 2008
  1. Hi specialists,

    Ok, here's the problem i've got with my computer. When i start my computer i got several rundll32.exe (0xc0000005) errors. I searched this forum and noticed that there are several same problems with this error but it seems they are not identical.

    I tried some virusscanner such as Mcaffee and AVG. Also used hitman pro but none of them all solves the problem.

    Another problem is that i can't use my controlpanel anymore. When i click ' by example' add/remove software i get this strange rundll32 error again.
    I read the preliminary removal instructions and tried to remove McAffee, but that doesn't work cause the error.

    I attached my HJT-log.

    Please help !!

    Thanks in advance,

    the Netherlands

    Attached Files:

  2. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    alright looks like we have some work to do

    Please download VundoFix.exe
    to your desktop
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click Yes
    • Once you click yes, your desktop will go blank as it starts removing the Vundo.
    • When completed, it will prompt that it will reboot your computer, click Ok
    • Please attach the C:\vundofix.txt & a new HijackThis log.

    Note: it is possible that VundoFix encountered a file it could not remove.
    In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." When VundoFix appears at reboot.


    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version. Then reboot into safe mode by rebooting then start tapping the F8 key you will get the advance option select safe mode then load run the program
    • Once the program has loaded, select "Perform Full Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.
  3. kevstar

    kevstar TS Rookie Topic Starter

    Fixed the problem. Thanks for helping.

    Kevin P.
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You should scan with HijackThis again and post a new logs. There were a lot of files that needed removing.
  5. kevstar

    kevstar TS Rookie Topic Starter

    Ooops, sorry.. Will post a new log in a few minutes.
  6. kevstar

    kevstar TS Rookie Topic Starter

    Ok guys, here's a new logfile.
  7. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    We need to delete a service first.

    open Notepad, then copy the codes belows in the quote box:

    then paste them into the notepad file, name the file fix.cmd and change the "Save as Type" to "All File", then save it to your desktop.

    Locate the file you just created on the desktop, and double-click to run it.

    ok can you post the MBAM log and the SAS log

    open hijackthis and place a check next to the item below

    O2 - BHO: (no name) - {4F549932-AA0A-43B0-92BF-610AFE73FAB7} - C:\WINDOWS\system32\opnooNeE.dll (file missing)
    O2 - BHO: (no name) - {833AE189-F38C-46B6-B02A-18DBEBB50349} - C:\WINDOWS\system32\byXPHbBQ.dll (file missing)
    O2 - BHO: (no name) - {E126805E-4A10-49B5-86AB-741286A4B7DA} - C:\WINDOWS\system32\efccBQHy.dll (file missing)
    O2 - BHO: (no name) - {ED71602F-B2F6-470F-943F-0DA300E034D8} - C:\WINDOWS\system32\opnlIayw.dll (file missing)
    O4 - HKLM\..\Run: [BMe70b46b9] Rundll32.exe "C:\WINDOWS\system32\nahrdlon.dll",s
    O4 - HKLM\..\Run: [e4387525] rundll32.exe "C:\WINDOWS\system32\pabmlxke.dll",b
    O4 - HKCU\..\Run: [01117964667348514065999782645839] C:\Program Files\Antivirus 2009\av2009.exe
    O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\qcntotdm.exe
    O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rrwnw64p.exe
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -
    O20 - Winlogon Notify: byXPHbBQ - byXPHbBQ.dll (file missing)
    O20 - Winlogon Notify: fccdecab - fccdecab.dll (file missing)
    O20 - Winlogon Notify: opnlIayw - opnlIayw.dll (file missing)

    then click on fix items now close hijackthis and reboot into safe mode you can do this by rebooting then start taping the F8 then select safe mode

    uninstall the software be low

    Antivirus 2009

    Please download the OTMoveIt2 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighb

      C:\Program Files\Antivirus 2009
    • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please attach the contents in your next reply.
    • Close OTMoveIt2
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    then post a fresh hijackthis log
  8. kevstar

    kevstar TS Rookie Topic Starter

    Ok, there we go. I posted some logs from SAS MBAM en OTMovit.

    In save mode i couldnt delete these two programs:

    Antivirus 2009

    Maybe i already deleted them.
  9. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    Open MBAM and and click on the Quarantined tab and delete everything there. Do the same with SAS. Then reboot and post a fresh Hijackthis log
  10. kevstar

    kevstar TS Rookie Topic Starter

    A fresh hijackThis log....
  11. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    run hijackthis and place a check next to the items below

    O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe (file missing)


    Now run the online scan below

    TrendMicro™ HouseCall Java Scan
    • Please go HERE to run the Trend Micro™ HouseCall Scan.
    • Click Scan now. It's free!
    • Read and put a Check next to Yes I accept the terms of use.
    • Click the Launching HouseCall>> button.
    • Under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
    • You may receive a Security Warning about the TrendMicro Java applet, click YES.
    • Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
    • Please be patient while it installs, updates, and scans your system.
    • Once the scan is complete, it will take you to the summary page.
    • Under Cleanup options, choose clean all detected infections automatically.
    • Click the Clean now>> button.
    • If anything was found you may be prompted to run the scan again, you can just close the browser window.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...