Tech Support Forum - View Single Post

jt9435 · 08-09-2008, 06:46 PM

Here we go, I am having a problem with a rundll32.exe error, I am unable to open the clock on the computer, also the add/remove programs, and the cmd box, I get the same type of error with each one. For example when I go to start > Run> cmd I get an error that says at the top---cmd.exe - Application Error
The application failed to initialize properly (0xc0000005).
A couple of weeks ago, running the virus scans I noticed a virus popping up called Trojan.Vundo, I think I have that under control, but the main problem is what is listed above. I have followed every step throughout the 5 steps before posting a log, and need to let you know that I cannot access step one, to remove the malicious programs through add/remove programs, as it wont load either. The only other problem I am having which I am not sure if you can help me with is when I go into IE and try to get to hotmail.com it says to make the computer accept cookies, but when I go in to do it, they are already accepted. If you could help with this I would appreciate it as well, if not no problem.

Deckard's System Scanner v20071014.68
Run by Josh and Angie on 2008-08-09 20:30:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
35: 2008-08-10 00:30:16 UTC - RP35 - Deckard's System Scanner Restore Point
34: 2008-08-09 22:27:33 UTC - RP34 - Removed EasyCleaner
33: 2008-08-09 18:26:17 UTC - RP33 - Installed RegSweep
32: 2008-08-09 05:13:11 UTC - RP32 - System Checkpoint
31: 2008-08-08 00:55:53 UTC - RP31 - System Checkpoint

-- First Restore Point --
1: 2008-07-19 16:11:22 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 254 MiB (512 MiB recommended).

-- HijackThis (run as Josh and Angie.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:11 PM, on 8/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\RegSweep\RegSweep.exe
C:\Documents and Settings\Josh and Angie\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Josh and Angie.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.onlineregister.com/bvg/?B...49&TMRT=LD0044
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {16EC00C6-90B4-4956-BE82-96A007727458} - (no file)
O2 - BHO: (no name) - {4BEE6973-0E81-4A95-9EA9-C84766231D14} - (no file)
O2 - BHO: (no name) - {513247F0-FB97-455D-A4C2-5F8B1725345C} - (no file)
O2 - BHO: (no name) - {54C855A2-C964-EFC8-4DB0-E3BC6F7DB0CD} - (no file)
O2 - BHO: (no name) - {54C855A7-C963-E3B1-4DC5-96BC1F7AB0C6} - (no file)
O2 - BHO: (no name) - {54C855D7-C962-EBBB-4DC4-94BC6E79B0C8} - (no file)
O2 - BHO: (no name) - {55C855A5-C961-EBB9-4DC4-92BC697FB0CF} - (no file)
O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6BC9B5C0-5E90-433C-AD71-49128D0A9D20} - (no file)
O2 - BHO: (no name) - {6E63A308-8ADE-4AA0-A253-035A0DDAFABB} - (no file)
O2 - BHO: (no name) - {7502B650-F67C-4FCD-BC29-65E95B3623E4} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7A2FAC49-3EEE-485E-9376-B0DEDA6ABF79} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: (no name) - {A2405E88-1B24-4569-866C-2492FD40AA57} - (no file)
O2 - BHO: (no name) - {B282E1E3-AECA-44E2-9DA8-22F347D37114} - (no file)
O2 - BHO: {21f33f4a-3530-de49-9544-859d91f53a3c} - {c3a35f19-d958-4459-94ed-0353a4f33f12} - C:\WINDOWS\system32\qynvnc.dll
O2 - BHO: (no name) - {C5E84927-CFF0-4CA3-A068-02E7C01C1E7C} - (no file)
O2 - BHO: (no name) - {D58FA9CB-84C7-4774-AB6A-815A9A3839ED} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [BMc3c7117e] Rundll32.exe "C:\WINDOWS\system32\jkblowmo.dll",s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RegSweep] C:\Program Files\RegSweep\RegSweep.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BySoft FreeRAM] C:\Program Files\BySoft FreeRAM\FreeRAM.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...bs/tgctlsr.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - AppInit_DLLs: qynvnc.dll
O20 - Winlogon Notify: fccCTklJ - fccCTklJ.dll (file missing)
O20 - Winlogon Notify: ssqPiFvs - ssqPiFvs.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe

--
End of file - 7480 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>

S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 SymIM (Symantec Network Security Intermediate Filter Service) - c:\windows\system32\drivers\symim.sys (file missing)
S3 SymIMMP - c:\windows\system32\drivers\symim.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-08-09 18:30:00 366 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (JTSPC-Josh Thompson).job
2008-08-09 14:26:36 404 --a------ C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job
2005-04-10 16:49:26 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 1.job

-- Files created between 2008-07-09 and 2008-08-09 -----------------------------

2008-08-09 20:32:45 0 d-------- C:\Program Files\Trend Micro
2008-08-09 20:20:27 0 d------c- C:\ie-spyad_zo
2008-08-09 20:13:04 0 d-------- C:\Program Files\SpywareBlaster
2008-08-09 18:43:36 0 d-------- C:\Program Files\Panda Security
2008-08-09 14:32:37 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-08-09 14:26:31 0 d-------- C:\Documents and Settings\Josh and Angie\Application Data\RegSweep
2008-08-09 14:26:18 0 d-------- C:\Program Files\RegSweep
2008-08-09 14:19:00 0 d-------- C:\WINDOWS\LastGood
2008-08-05 16:11:45 0 d-------- C:\Program Files\Lavasoft
2008-08-05 16:11:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-05 16:08:18 0 dr-h----- C:\Documents and Settings\Josh and Angie\Recent
2008-08-05 16:05:58 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-04 18:53:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-08-04 17:46:56 0 d-------- C:\Program Files\BySoft FreeRAM
2008-08-02 11:45:06 110080 --a------ C:\WINDOWS\system32\fvjkdk.dll
2008-08-02 11:44:57 110080 --a------ C:\WINDOWS\system32\jsxspfpl.dll
2008-08-02 11:40:20 93184 --a------ C:\WINDOWS\system32\jkblowmo.dll
2008-08-02 11:28:40 110080 --a------ C:\WINDOWS\system32\ztzhzr.dll
2008-08-02 11:28:31 110080 --a------ C:\WINDOWS\system32\hyrgqojk.dll
2008-08-02 11:25:32 93184 --a------ C:\WINDOWS\system32\rljmthxc.dll
2008-08-01 11:36:40 0 d-------- C:\Documents and Settings\Josh and Angie\.housecall6.6
2008-08-01 11:25:56 83456 --a------ C:\WINDOWS\system32\rrtgvdys.dll
2008-08-01 11:24:51 110080 --a------ C:\WINDOWS\system32\qynvnc.dll
2008-08-01 11:24:13 110080 --a------ C:\WINDOWS\system32\gyljlrtg.dll
2008-08-01 11:23:49 93184 --a------ C:\WINDOWS\system32\wxjwwpsy.dll
2008-08-01 11:22:53 870617 --ahs---- C:\WINDOWS\system32\KQYIOqru.ini2
2008-07-29 13:59:22 93696 --a------ C:\WINDOWS\system32\otkkqcmx.dll
2008-07-29 13:57:58 876321 --ahs---- C:\WINDOWS\system32\AHiSvyay.ini2
2008-07-28 19:18:59 0 d-------- C:\Documents and Settings\Josh and Angie\Application Data\Mozilla
2008-07-28 16:59:18 0 d-------- C:\Program Files\Abexo
2008-07-28 15:53:11 895124 --ahs---- C:\WINDOWS\system32\UxHOYcfe.ini2
2008-07-27 13:43:15 867379 --ahs---- C:\WINDOWS\system32\GQrBKRqr.ini2
2008-07-26 20:08:07 0 d-------- C:\Documents and Settings\Josh and Angie\Application Data\CyberLink
2008-07-26 18:05:06 0 d-------- C:\WINDOWS\Logs
2008-07-26 17:59:12 0 d-------- C:\Program Files\Conduit
2008-07-26 16:33:01 0 --a------ C:\Documents and Settings\Josh and Angie\jagex_runescape_preferences.dat
2008-07-26 16:32:42 0 d-------- C:\WINDOWS\.jagex_cache_32
2008-07-26 16:23:52 0 d-------- C:\Documents and Settings\Josh and Angie\Application Data\DMCache
2008-07-26 15:46:10 93184 --a------ C:\WINDOWS\system32\ityfpfno.dll
2008-07-26 15:45:12 345 --ahs---- C:\WINDOWS\system32\iOpYacdd.ini2
2008-07-26 15:39:50 0 d-------- C:\WINDOWS\system32\kBin02
2008-07-26 15:39:19 77 --a------ C:\Documents and Settings\Josh and Angie\6752.bat
2008-07-26 15:39:17 36352 --a------ C:\Documents and Settings\Josh and Angie\services.exe
2008-07-26 15:24:46 0 d-------- C:\Documents and Settings\Josh and Angie\Application Data\LimeWire
2008-07-19 22:53:25 0 d-------- C:\Program Files\AVG
2008-07-19 19:33:02 0 d-------- C:\VundoFix Backups
2008-07-19 18:10:22 868765 --ahs---- C:\WINDOWS\system32\dMlUuBeg.ini2
2008-07-19 16:36:29 0 d-------- C:\Temp
2008-07-19 13:09:10 0 d-------- C:\Program Files\Advanced Spyware Remover
2008-07-19 12:28:47 0 d-------- C:\Documents and Settings\LocalService\Application Data\Mozilla
2008-07-18 21:17:49 1977 --ahs---- C:\WINDOWS\system32\cfMpYcfe.ini2
2008-07-17 09:37:06 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-07-17 09:37:06 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-17 09:37:06 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-07-17 09:37:06 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-17 09:37:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-07-17 09:37:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-07-17 09:37:06 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-17 09:37:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-07-17 09:37:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-07-17 09:37:05 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-17 09:37:05 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-17 09:37:05 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-17 09:37:05 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-07-17 09:37:05 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-17 09:37:05 598016 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-17 09:37:05 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-17 09:37:05 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-07-17 09:37:05 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-17 09:08:10 60582204 --a----c- C:\SYM_REGISTRY_BACKUP.reg
2008-07-17 08:51:31 851490 --ahs---- C:\WINDOWS\system32\AacKmnmp.ini2
2008-07-16 08:27:06 726589 --ahs---- C:\WINDOWS\system32\CbJmWvut.ini2
2008-07-11 18:24:52 0 d-------- C:\Program Files\twc
2008-07-11 18:23:00 0 d-------- C:\Program Files\HERACTSTG
2008-07-10 18:40:59 0 d--hs---- C:\found.001

-- Find3M Report ---------------------------------------------------------------

2008-08-05 16:05:58 0 d-------- C:\Program Files\Common Files
2008-08-05 15:38:21 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-04 18:00:29 0 d-------- C:\Documents and Settings\Josh and Angie\Application Data\FrostWire
2008-07-26 18:21:54 0 d-------- C:\Documents and Settings\Josh and Angie\Application Data\Real
2008-07-19 22:18:15 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-11 18:24:18 0 d-------- C:\Program Files\Common Files\supportsoft
2008-07-07 15:34:55 0 d-------- C:\Documents and Settings\Josh and Angie\Application Data\Macromedia
2008-07-07 15:34:55 0 d-------- C:\Documents and Settings\Josh and Angie\Application Data\Adobe
2008-07-07 15:34:29 0 d-------- C:\Documents and Settings\Josh and Angie\Application Data\Move Networks
2008-07-05 12:32:01 0 d-------- C:\Documents and Settings\Josh and Angie\Application Data\WeatherBug
2008-07-04 16:52:19 0 d-------- C:\Documents and Settings\Josh and Angie\Application Data\Symantec
2008-06-29 22:13:51 0 d-------- C:\Program Files\MSXML 4.0
2008-06-26 21:22:09 0 d-------- C:\Documents and Settings\Josh and Angie\Application Data\Ludia
2008-06-26 11:19:27 0 d-------- C:\Documents and Settings\Josh and Angie\Application Data\PlayFirst
2008-06-25 18:48:40 0 d-------- C:\Documents and Settings\Josh and Angie\Application Data\WinRAR
2008-06-23 10:51:57 0 d-------- C:\Documents and Settings\Josh and Angie\Application Data\ViquaSoft
2008-06-22 18:49:08 4096 --a------ C:\WINDOWS\d3dx.dat
2008-06-21 14:50:36 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2008-06-20 20:55:17 0 d-------- C:\Documents and Settings\Josh and Angie\Application Data\funkitron
2008-06-15 18:13:57 0 d-------- C:\Program Files\Communities.com
2008-06-12 09:29:18 0 d-------- C:\Documents and Settings\Josh and Angie\Application Data\Sonic

-- Registry Dump ---------------------------------------------------------------

-- End of Deckard's System Scanner: finished at 2008-08-09 20:34:05 ------------

Thanks for your help
Josh