Results 1 to 2 of 2

Thread: Please I need help with rundll32.exe - application error... HiJackThis log included.

  1. 07-10-2008, 05:30 PM #1
    David x
    David x is offline Junior Member
    Join Date
    Oct 2006
    Posts
    4

    Please I need help with rundll32.exe - application error... HiJackThis log included.

    Hello there techs and people,

    Please... I really really need help with this "rundll32.exe" thing, it's really annoying and it keep on poping up after I log on my computer or restarted and it's poping up once in a while while browsing the net.









    I've noticed that my system is running much slower than usual and this "rundll32" thing is really driving me crazy. So here I am asking for you nice people for helps. Thank you so much in advanced and your your is greately appreciated.

    HiJackThis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:25:49 PM, on 7/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\HiJackThis\Analyzer.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/s...onse/index.jsp
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: {850d08b5-1fa3-2e0b-d3d4-b1e0ed2cb518} - {815bc2de-0e1b-4d3d-b0e2-3af15b80d058} - C:\WINDOWS\system32\gezgtk.dll
    O2 - BHO: (no name) - {BBB38ECA-C54A-4021-B1CA-9E249B8F21EB} - C:\WINDOWS\system32\ljJYOgee.dll
    O2 - BHO: (no name) - {E91C2855-AC7E-4ED9-B488-0F78FAE8AD2D} - C:\WINDOWS\system32\pmnoLfcy.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [e816ed85] rundll32.exe "C:\WINDOWS\system32\wyrhjkba.dll",b
    O4 - HKLM\..\Run: [BMeb25de19] Rundll32.exe "C:\WINDOWS\system32\tcygmdgv.dll",s
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: pmnoLfcy - C:\WINDOWS\SYSTEM32\pmnoLfcy.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
    O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

    --
    End of file - 3805 bytes
    Reply With Quote Reply With Quote
  2. 07-13-2008, 10:06 PM #2
    jholland1964's Avatar
    jholland1964
    jholland1964 is offline Administrator
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    80
    Posts
    4,079
    First of all David, you have two posts running with the exact same question and log so I am going to delete one of them.
    You have definite malware showing in the log posted. Please go to this LINK
    Follow ALL of the steps there exactly as given. Once you have completed all those steps then come back here with all the requested logs and a NEW HJT log and we will proceed from there.
    Judy
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules