Topic: Rundll32.exe Error and More.
View Single Post
  #2  
Old June 5th, 2008, 02:53 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
  
Join Date: Dec 2004
Posts: 52,284
Welcome to CTH Nicholas_Roge,

Some serious enough infection showing here. Let's get some more details and then start some repairs.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.


Right click Here and select Save Target As (Firefox Save Link As) and save UnHookExec.inf to your Desktop.

Then right-click on UnHookExec.inf and select Install. You may only see a desktop flicker as the changes are made. Though a different technique might be in use there, this may allow use of .exe files without other problems.

-------------------------

Download Deckard's System Scanner (dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):

"%userprofile%\desktop\dss.exe" /config

When the DSS Configuration display opens click the "Check All" button (if the "Uncheck All" button shows, click that, then click "Check All"). Next, Under Main Log, uncheck the following:

System Restore
Temp Cleanup
Process Modules

Then under Options, place a check next to the following:

Backup Registry Hives

Don't make any other changes at this time. Then click the "Scan!" button to start the scan.

Once the scan has completed a textbox will appear - copy/paste those contents back here (main.txt). Also a second text file, extra.txt, will show as minimized in your Task Bar. Maximize/Open this, and copy/paste those contents back here along with the main.txt please. (The logs can also be found in the C:\Deckard\System Scanner folder)

You can use extra posts here if needed for that.


If you run into .exe issues running Deckards that way, instead Open Notepad (Start - Run, type Notepad then press OK), and copy the following and paste it into the open Notepad textbox.

Code:
Dim Wshshell, Desk
Set Wshshell = Wscript.CreateObject("Wscript.shell")
Desk = Wshshell.RegRead("HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop") & "\"
Wshshell.run Chr(34)  & Desk  & "dss.exe" & Chr(34) & " /config"
Save this to your desktop as "dssrun.vbs"

Be sure to include the "" quotes in the name. Then click on dssrun.vbs and the Deckards display should open.