Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rundll.exe shutdown error and browser popups


  • This topic is locked This topic is locked
2 replies to this topic

#1 dazeofwar

dazeofwar

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 21 March 2009 - 04:22 PM

Hello all. This is my first post so please forgive any mistakes on my part. My problem is that I have started to receive a Rundll32.exe error every time I shutdown or reboot my PC which occurred sometime this week I believe. I am also now encountering many popups when I surf the web (Chrome version 1.0.154.48). AdAware & Spybot scans do not fix the problem and Avast does not find anything when I run a virus scan of my entire system.

I have downloaded and installed Hijackthis and the DDS tool. Please find my DDS.txt content pasted below and I have also attached the Attach.txt file to this post. Let me know if you have any questions or if I have missed anything. Thanks in advance for your assistance with this issue. Have a good day!


DDS (Ver_09-03-16.01) - NTFSx86
Run by JJF at 16:02:29.12 on Sat 03/21/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1385 [GMT -5:00]

AV: avast! antivirus 4.8.1335 [VPS 090320-0] *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\JJF\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Alwil Software\Avast4\ashLogV.exe
C:\Documents and Settings\JJF\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\JJF\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\JJF\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1033
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {ff951d08-27e9-b67a-9f44-42a355e5b963}: {369b5e55-3a24-44f9-a76b-9e7280d159ff} - c:\windows\system32\ivfuhc.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {900ea03a-71f7-4934-b746-d37f8610fd7b} - c:\windows\system32\vulefake.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Steam]
uRun: [Google Update] "c:\documents and settings\jjf\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [EPSON Stylus CX4800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy media creator 7\drag to disc\DrgToDsc.exe"
mRun: [Auto EPSON Stylus CX4800 Series on JJF2] c:\windows\system32\spool\drivers\w32x86\3\e_fatiada.exe /p39 "auto epson stylus cx4800 series on jjf2" /o15 "\\jjf2\EPSONSty" /M "Stylus CX4800"
mRun: [Auto EPSON Stylus CX4800 Series on JJF2 (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\e_fatiada.exe /p48 "auto epson stylus cx4800 series on jjf2 (copy 1)" /o16 "\\jjf2\JJF2Print" /M "Stylus CX4800"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [sagafutesa] Rundll32.exe "c:\windows\system32\lejafigu.dll",s
mRun: [CPM6390c8d6] Rundll32.exe "c:\windows\system32\yuteheni.dll",a
mRun: [60a3fb4a] rundll32.exe "c:\windows\system32\zehuzuhu.dll",b
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
AppInit_DLLs: c:\windows\system32\hipozoli.dll c:\windows\system32\yuteheni.dll ivfuhc.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yuteheni.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\yuteheni.dll
LSA: Notification Packages = scecli c:\windows\system32\hipozoli.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jjf\applic~1\mozilla\firefox\profiles\mwkq3ohp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - plugin: c:\documents and settings\jjf\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\jjf\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-27 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-3-21 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-21 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-3-21 138680]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 951632]
R3 SaiH8000;SaiH8000;c:\windows\system32\drivers\SaiH8000.sys [2004-7-30 136832]
S3 adxapie;adxapie;\??\c:\docume~1\jjf\locals~1\temp\adxapie.sys --> c:\docume~1\jjf\locals~1\temp\adxapie.sys [?]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-3-21 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-3-21 352920]
UnknownUnknown LGDDCDevice;LGDDCDevice; [x]
UnknownUnknown LGII2CDevice;LGII2CDevice; [x]

=============== Created Last 30 ================

2009-03-21 16:00 <DIR> --d----- c:\temp\DDS
2009-03-21 15:55 <DIR> --d----- C:\HJT
2009-03-21 15:44 58,368 a------- c:\windows\system32\~.exe
2009-03-21 15:30 <DIR> --d----- c:\program files\Trend Micro
2009-03-21 15:27 <DIR> --d----- c:\temp\Trend Micro
2009-03-21 08:10 128,000 a--sh--- c:\windows\system32\ivfuhc.dll
2009-03-20 20:10 1,791,160 ---sh--- c:\windows\system32\uhuzuhez.ini
2009-03-20 20:10 129,536 a--sh--- c:\windows\system32\osdfsm.dll
2009-03-13 23:15 26,624 a------- c:\windows\system32\LGDispDrv.dll
2009-03-13 23:15 <DIR> --d----- c:\program files\LG Soft India
2009-03-13 22:59 <DIR> --d----- c:\temp\LG
2009-03-12 18:57 61,440 a------- c:\windows\system32\ISUSPM.cpl
2009-03-11 14:28 <DIR> --d----- c:\program files\Seagate
2009-03-11 14:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Seagate
2009-03-02 13:57 <DIR> --d----- c:\temp\Glary Utilities

==================== Find3M ====================

2009-03-21 08:10 95,232 a--sh--- c:\windows\system32\zijodope.dll
2009-03-21 08:10 128,000 a--sh--- c:\windows\system32\piyekoha.dll
2009-03-21 08:10 90,112 a--sh--- c:\windows\system32\sukozeme.dll
2009-03-20 20:10 95,744 a--sh--- c:\windows\system32\yuteheni.dll
2009-03-20 20:10 129,536 a--sh--- c:\windows\system32\retelosi.dll
2009-03-20 20:10 90,624 a--sh--- c:\windows\system32\zehuzuhu.dll
2009-03-09 10:40 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-09 10:37 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-17 10:37 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-01-07 12:28 453,152 a------- c:\windows\system32\NVUNINST.EXE
2009-01-03 22:09 7,538 a------- c:\windows\system32\ealregsnapshot1.reg
2007-11-20 13:47 22,328 a------- c:\docume~1\jjf\applic~1\PnkBstrK.sys
0000-00-00 00:00 57,856 a--sh--- c:\windows\system32\hipozoli.dll
0000-00-00 00:00 57,856 a--sh--- c:\windows\system32\lejafigu.dll
0000-00-00 00:00 57,856 a--sh--- c:\windows\system32\vulefake.dll
2008-09-12 09:31 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091220080913\index.dat
2008-10-02 13:31 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100220081003\index.dat

============= FINISH: 16:03:46.71 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 dazeofwar

dazeofwar
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 22 March 2009 - 09:49 AM

Can someone please look at my log files? I really need some help with this issue. Thanks!

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:17 AM

Posted 26 March 2009 - 08:40 PM

Received assistance here http://www.bleepingcomputer.com/forums/t/213044/web-is-very-slow-and-i-have-popups-now/ and posted a new HiJack This topic here: http://www.bleepingcomputer.com/forums/t/213817/infected-with-trojanvundoh-and-trojanbho/

Therefore, this topic is closed.

~ OB
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users