Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Experiencing Rundll error windows on start up


  • This topic is locked This topic is locked
13 replies to this topic

#1 Kou_Kagerou

Kou_Kagerou

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas, for now
  • Local time:10:01 AM

Posted 20 July 2010 - 09:22 PM

A few days ago my BF clicked on a pop-up he believed was a virus alert from AVG.

Since then we have been catching and deleting Trojan and Rouge threats with a newly installed version of AVG (because it locked up a few programs and that was one of them). In addition, we have been catching and deleting other infected files detected by Malwarebytes' Anti-Malware and SUPERAntiSpywar Free Edition (SAS FE was also a program affected by the infection. It could not update).

Now I get two error windows on start up:

RUNDLL
"error lading C:\WINDOWS\adnemec.dll. The specified module could not be found"

and

RUNDLL
"error lading C:\WINDOWS\epemeyud.dll. The specified module could not be found"

Can anyone tell me what I need to do in order to fix these errors and stop them from popping up? I have a sinking suspicion this is just the tip of the ice berg.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:01 PM

Posted 20 July 2010 - 11:12 PM

Hello Kou:
Its not unusual to receive such an error after using specialized fix tools.

A "Cannot find...", "Could not run...", "Error loading... or "specific module could not be found" message is usually related to malware that was set to run at startup but has been deleted. Windows is trying to load this file but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan. However, an associated orphaned registry entry remains and is telling Windows to load the file when you boot up. Since the file no longer exists, Windows will display an error message. You need to remove this registry entry so Windows stops searching for the file when it loads.

To resolve this, download Autoruns, search for the related entry and then delete it.

Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if you're not sure how to do this.)
Open the folder and double-click on autoruns.exe to launch it.
Please be patient as it scans and populates the entries.
When done scanning, it will say Ready at the bottom.
Scroll through the list and look for a startup entry related to the file(s) in the error message.
Right-click on the entry and choose delete.
Reboot your computer and see if the startup error returns.
Credit to quietman7


Next run TFC by OT
Please download TFC by Old Timer and save it to your desktop.
alternate download link
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Kou_Kagerou

Kou_Kagerou
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas, for now
  • Local time:10:01 AM

Posted 21 July 2010 - 12:34 PM

Autoruns has spotted something and I am in the process of deleting and rebooting.

The link for TFC seems to be down. Is there another site I can DL this from?

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:01 PM

Posted 21 July 2010 - 03:52 PM

Try this instead. are you redircts and whatever gone??

Please download ATF Cleaner by Atribune & save it to your desktop. alternate download link
  • Close all open browsers before using, especially FireFox. <-Important!!!
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Notes: On Vista, "Windows Temp" is disabled. To empty Temp, ATF-Cleaner must be Run As Administrator.
The Prefetch cleaning feature has been disabled for Vista Users. Tabs for applications that are not installed are grayed out.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Kou_Kagerou

Kou_Kagerou
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas, for now
  • Local time:10:01 AM

Posted 21 July 2010 - 04:28 PM

Autoruns located a dll file and deleted it but the error messages are still popping up.

I used the ATF Cleaner.

Redirects still occur, but less frequently at the moment.

#6 Kou_Kagerou

Kou_Kagerou
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas, for now
  • Local time:10:01 AM

Posted 21 July 2010 - 04:38 PM

MBAM log is as follows:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4336

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/21/2010 4:34:58 PM
mbam-log-2010-07-21 (16-34-58).txt

Scan type: Quick scan
Objects scanned: 125272
Time elapsed: 5 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:01 PM

Posted 21 July 2010 - 06:34 PM

Hello, you are still seeing these?
RUNDLL
"error lading C:\WINDOWS\adnemec.dll. The specified module could not be found"

RUNDLL
"error lading C:\WINDOWS\epemeyud.dll. The specified module could not be found"



If still redirecting>>>
Change your DNS Servers:
  • Go to Posted Image > Run... and in the open box, type: cmd
  • Press OK or Hit Enter.
  • At the command prompt, type or copy/paste: ipconfig /flushdns
  • Hit Enter.
  • You will get a confirmation that the flush was successful.
  • Close the command box.
If the above commands did not resolve the problem, the next thing to try is to reset your network settings and Configure TCP/IP to use DNS.
  • Go to Posted Image > Control Panel, and choose Network Connections.
  • Right-click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties.
  • Double-click on Internet Protocol (TCP/IP) or highlight it and select Properties.
  • Under the General tab, write down any settings in case you should need to change them back.
  • Select the button that says "Obtain an IP address automatically" or make sure the DNS server IP address is the same as provided by your ISP.
  • Select the button that says "Obtain DNS servers automatically".
  • If unknown Preferred or Alternate DNS servers are listed, uncheck the box that says "Use the following DNS server address".
  • Click OK twice to get out of the properties screen and restart your computer. If not prompted to reboot go ahead and reboot manually.
-- Vista users can refer to How to Change TCP/IP settings

CAUTION: It's possible that your ISP (Internet Service Provider) requires specific DNS settings here. Make sure you know if you need these settings or not BEFORE you make any changes or you may lose your Internet connection. If you're sure you do not need a specific DNS address,
then you may proceed.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Kou_Kagerou

Kou_Kagerou
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas, for now
  • Local time:10:01 AM

Posted 21 July 2010 - 07:26 PM

Oh... wow. It won't let me go to Properties.

I completed the first set of instructions that made me flush the dns, but after rebooting and getting those error windows again I went to the next set of instructions.

I Right click Local Area Connection and hit Properties and a window pops up that says:

Network Connections
An unexpected error occurred.

Even if I double click the Local Area Connection icon and hit the Properties button it tells me the same thing.

#9 Kou_Kagerou

Kou_Kagerou
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas, for now
  • Local time:10:01 AM

Posted 22 July 2010 - 06:26 AM

I thought I should mention that yes, I'm still having the RUNDLL errors pop up (both of them). I'm sorry I didn't mention sooner. Not being able to access the Properties tab has me a little freaked out.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:01 PM

Posted 22 July 2010 - 01:56 PM

Ok, we are going to have to get a bit deeper in here to see what is up.

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Kou_Kagerou

Kou_Kagerou
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas, for now
  • Local time:10:01 AM

Posted 22 July 2010 - 06:10 PM

GMER started scanning but has now spent more than 45 mins on an entry (listed on the left side of window, opposite of "Save..." and "Copy" buttons) called \Cdfs. Has GMER been known to take that long?

Button above "Copy" says "Stop", so I gather that GMER is still scanning as opposed to being finished and waiting for me.

I am posting from my PSP so it is still scanning the problem machine. Do I stop GMER and post what I have so far?

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:01 PM

Posted 22 July 2010 - 07:09 PM

GMER scans vary highly in the amount of time they take to run. While a scan time as long as yours is uncommon, it's not unheard of. Often you can reduce the amount of time the scan takes by ensuring that only your system drive (usually C:\ ) is being scanned, and by unchecking "IAT/EAT" in the scan options.


From our quietman7
Generally speaking, the speed and ability to complete an anti-virus or anti-malware scan depends on a variety of factors.
  • The program itself and how its scanning engine is designed to scan: using a signature database vs heuristic scanning or a combination of both.
  • Options to scan for spyware, adware, riskware and potentially unwanted programs (PUPS).
  • Options to scan memory, boot sectors, registry and alternate data streams (ADS).
  • Type of scan performed: Deep, Quick or Custom scanning.
  • What action has to be performed when malware is detected.
  • A computer's hard drive size.
  • Disk used capacity (number of files to include temporary files) that have to be scanned.
  • Types of files (.exe, .dll, .sys, .cab, archived, compressed, packed, email, etc) that are scanned.
  • Whether external drives are included in the scan.
  • Competition for and utilization of system resources by the scanner.
  • Other running processes and programs in the background.
  • Interference from malware.
  • Interference from the user.
To speed up your scans, uninstall unnecessary programs, clean out the temporary files or use ATF Cleaner first, temporarily disable any other real-time protection tools, close all open programs and do not use the computer during the scan.

Note: It is not unusual for an anti-virus or anti-malware scanner to be suspicious of some compressed, archived, .cab and packed files because they have difficulty reading what is inside them. These kind of files often trigger alerts by security software using heuristic detection because they are resistant to scanning (difficult to read). This resistance may also result in some scanners to stall (hang) on these particular types of files. Certain files in the System Volume Information Folder like the Tracking.log (created by the Distributed Link Tracking Service to store maintenance information) have also been reported as a source causing some scanners to hang.

As for GMER, in addition to what Blade Zephon recommends, make sure Show All is unchecked. In some case you may also need to uncheck Devices and Sections along with the other items noted but we usually recommend that when GMER will not run or keeps crashing.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Kou_Kagerou

Kou_Kagerou
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas, for now
  • Local time:10:01 AM

Posted 22 July 2010 - 10:57 PM

Managed to complete all steps exept GMER section. More details in my new post, but the last attempt to scan ended in a blue screen. Computer seems fine so far though. I did have all necessary sections unchecked in accordance to the steps set forth in the Preparations Guide regarding making a GMER log.

#14 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,960 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:01 PM

Posted 24 July 2010 - 01:23 AM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/333978/properties-for-network-connections-locked-rundll-error-windows-open-on-start-up-and-webpages-redirect/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users