Rundll32.exe Application Error

[TheNoob101]

Okay thanks for helping. I am using Zonealarm firewall.I have avg antivirus free,SUPERantispyware, and spyware doctor

 

[Blind Dragon]

one thing we may try is right click on the zone alarm icon in system tray -> restore zone alarm -> find the program in the list and make sure there is green checks next to it

 

[TheNoob101]

Yep there are.

 

[Blind Dragon]

Lets look at a few things - I just had an idea

Highjackthis Instructions

• Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE
• Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
• After installing, the program launches automatically, select Scan now and save a log
• After the scan is complete please attach your log onto the forums using the paper clip icon above your reply.

 

[TheNoob101]

Here is the log.

 

[Blind Dragon]

I'll start putting some instructions together - this is my specialty - you have some malware on there. Don't know if it will completely solve the problem, but at least I can get you clean

 

[TheNoob101]

Okay,thanks ill wait for it to come.

 

[Blind Dragon]

Remove bad HijackThis entries

• Run HijackThis
• Click on the System Scan Only button
• Put a check beside all of the items listed below (if present):
  
  R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
  O1 - Hosts: 72.18.196.155 www.webcheats.com.br
  O1 - Hosts: 72.18.196.155 webcheats.com.br
  O1 - Hosts: 72.18.196.155 www.cheatsbrasil.com
  O1 - Hosts: 72.18.196.155 cheatsbrasil.com
  O1 - Hosts: 72.18.196.155 www.cheatsbrasil.com.br
  O1 - Hosts: 72.18.196.155 cheatsbrasil.com.br
  O1 - Hosts: 72.18.196.155 www.bothack.net
  O1 - Hosts: 72.18.196.155 bothack.net
  O1 - Hosts: 72.18.196.155 www.cheatstotal.net
  O1 - Hosts: 72.18.196.155 cheatstotal.net
  O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O3 - Toolbar: (no name) - {4AD56E6F-7074-41EE-8A40-583C2C76EFCD} - (no file)
  O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} -
  O20 - Winlogon Notify: wvuvutr - wvuvutr.dll (file missing)

• Close all open windows and browsers/email, etc...
• Click on the "Fix Checked" button
• When completed, close the application.

-----------------------------------------------------------------------------------

Download the HostsXpert 4.2 - Hosts File Manager.

• Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
• Run HostsXpert 4.2 - Hosts File Manager from its new home
• Click on "File Handling".
• Click on "Restore MS Hosts File".
• Click OK on the Confirmation box.
• Click on "Make Read Only?"
• Click the X to exit the program.
• Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

--------------------------------------------------------------------------

Malwarebytes' Anti-Malware

• 
  Please download Malwarebytes' Anti-Malware from from Here or Here
  
• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please attach this log with your reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

-------------------------------------------------------------------

Update your Java Runtime Environment

• 
  First try going to Start -> Control Panel -> double click Java
  
• Select the Update Tab at the top of the Java console
• Click the Check for Updates button at the bottom
• If it finds the newer version (Java 6 Update 7) Follow the on screen instructions (uncheck the yahoo toolbar option)
• After it installs the newest version Go back to Control Panel -> Add/remove programs (programs and features in vista)
• Uninstall any older versions of Java

If for some reason you couldn't update through the above instructions.
Update your Java Runtime Environment

• Click the following link
  Java Runtime Environment 6 Update 7
• The 5th option down is the one you want (click Download)
• Check the box to agree to terms of service
• Check the box for your operating system and click 'Download selected'at the bottom
• After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
• Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_07 folder

----------------------------------------------------------------------------

Now run a fresh scan with hijackthis

Attach here:
1) MBAM log
2) Fresh Hijackthis log

 

[TheNoob101]

I just got a popup from AVG.
It says:Multiple Threat Detection
Infections list:
C:\system volume
information\_restore{A7E71E0D-2C8D-4DCA-B14A-C0B065D1E3D5}\RP583\A0237872.dll
Threat name: adware generic2.ACBR
detected to open

File name:C:\System Volume Information\_restore{A7E71E0D-2C8D-4DCA-B14A-C0B065D1E3D5}\RP583\A0237873

[ ] Remove threat as Power User

[Remove Threats] [Ignore] [Help]

I don't know if I should remove because of Volume.
What should i do?
Details shows this is malwarebytes. Says there is Trojan on it

 

[Blind Dragon]

yea, a lot of the tools we use can get detected as threats because they access the same files as the malicious programs. Not a big deal - ignore malwarebytes being detected - but let it remove the volume information one - that is your old restore point which we will clear in a little bit

 

[TheNoob101]

Details said both were MalwareBytes.

 

[Blind Dragon]

ok, then just ignore both - Avast just went through this same thing but I think they already corrected the error - AVG is just a step behind

 

[TheNoob101]

Okay scan finished,here are the logs.
For the Java uninstalling There is Java 6 update 2
and a Java 6 update 7

 

[Blind Dragon]

ok, good work - uninstall java 6 update 2

Disable AVG realtime protection by right clicking it in the system tray and disabling

Combofix

• Download Combofix to your desktop.
• Double click combofix.exe & follow the prompts.
• A window will open with a warning.
• When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt

 

[TheNoob101]

There is no option for disabling the real time protection.

 

[Blind Dragon]

what about resident sheild

 

[TheNoob101]

Yep ill turn that off
BTW Uninstalling the Java 6 update 2 thing cant it says fatal error and didnt remove it
It says:Internal error 2753. RegUtils

Another popup says Fatal error during installation.

Also after opening Combofix spyware doctor blocked it saying there is a trojan.
Another popup comes it says:Windows cannot open fileV.cfexe
To open this, windows needs to know what program created it.Windows can go online to look for it automatically, or you can manually select from a list of programs on your computer.
[ ] use web to find
[ ] choose from list

 

[Blind Dragon]

http://download.microsoft.com/download/e/9/d/e9d80355-7ab4-45b8-80e8-983a48d5e1bd/msicuu2.exe

run the microsoft installer cleanup utility - uninstall it with this

1. From within Spyware Doctor, click the "OnGuard" button on the left side.
2. Uncheck "Activate OnGuard".

 

[TheNoob101]

Where do i find microsoft installer cleanup utility

 

[Blind Dragon]

Just click the link to it that i provided and it should pop up for you to save it to your desktop

 

[TheNoob101]

Ok, I installed it. Now what? <- sorry for asking i'm really dumb at this

 

[Blind Dragon]

it's been a while since I used it - let me download it too, and I'll give you instructions in a sec

 

[TheNoob101]

Alright thanks =D

 

[Blind Dragon]

First you double click the installer -> close all open windows-> follow the prompts to install -> if vista you may need to right click and select run as admin instead -> select you agree to the license terms -> click Next -> yes you are ready -> Finish


Then navigate to C:\Program Files\Windows Installer Cleanup Utility\msicuu.exe <- doubleclick on this file

 

[TheNoob101]

Okay all done.Do I proceed with Combofixer?