fix rundll32 exe blunder with records office
Hi
A few weeks ago, I got a virus (Security Essentials 2010). I ran a bunch of spyware/malware detectors and eventually cleaned it out. Now, however, services.exe slowly uses up more and more physical memory (not CPU usage though, strangely). This happens every time a reboot, along with a message from rundll32.exe telling me that it couldn't find ehatezivano.dll.
What's going on?
Here is my HijackThis log in case it turns out to be malware or some such.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:08 PM, on 2/25/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Christopher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Christopher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Christopher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Christopher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\Christopher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Christopher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Christopher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Christopher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Christopher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Steam\steam.exe
C:\Documents and Settings\Christopher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Rar$EX00.219\procexp.exe
C:\Documents and Settings\Christopher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O1 – Hosts: ::1 localhost
O2 – BHO: (no name) – {02478D38-C3F9-4efb-9B51-7695ECA05670} – (no file)
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 – BHO: WormRadar.com IESiteBlocker.NavFilter – {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} – C:\Program Files\AVG\AVG8\avgssie.dll
O2 – BHO: Windows Live Sign-in Helper – {9030D464-4C02-4ABF-8ECC-5164760863C6} – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58-01DD-4d91-8333-CF10577473F7} – C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 – BHO: Google Toolbar Notifier BHO – {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} – C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 – BHO: Google Dictionary Compression sdch – {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} – C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 – BHO: Browser Address Error Redirector – {CA6319C0-31B7-401E-A518-A07C3DB8F777} – C:\Program Files\Dell\BAE\BAE.dll
O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 – Toolbar: Veoh Browser Plug-in – {D0943516-5076-4020-A3B5-AEFAF26AB263} – C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 – Toolbar: Google Toolbar – {2318C2B1-4965-11d4-9B18-009027A5CD4F} – C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 – HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 – HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: nwiz.exe /installquiet
O4 – HKLM\..\Run: rundll32.exe nvHotkey.dll,Start
O4 – HKLM\..\Run: RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: C:\WINDOWS\OEM02Mon.exe
O4 – HKLM\..\Run: "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 – HKLM\..\Run: "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 – HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 – HKLM\..\Run: stsystra.exe
O4 – HKLM\..\Run: C:\WINDOWS\system32\KADxMain.exe
O4 – HKLM\..\Run: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 – HKLM\..\Run: "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 – HKLM\..\Run: c:\dell\dsca.exe 3
O4 – HKLM\..\Run: C:\Dell\E-Center\EULALauncher.exe
O4 – HKLM\..\Run: C:\WINDOWS\system32\taskswitch.exe
O4 – HKLM\..\Run: C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 – HKLM\..\Run: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 – HKLM\..\Run: C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 – HKLM\..\Run: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 – HKLM\..\Run: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 – HKLM\..\Run: C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 – HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 – HKLM\..\Run: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 – HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 – HKLM\..\Run: rundll32.exe "C:\WINDOWS\ehatezivano.dll",Startup
O4 – HKLM\..\Run: "C:\Program Files\iTunes\iTunesHelper.exe"
O4 – HKCU\..\Run: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 – HKCU\..\Run: "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 – HKCU\..\Run: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 – HKCU\..\Run: [Google Update] "C:\Documents and Settings\Christopher\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 – HKCU\..\Run: [Free Ram Optimizer] C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
O4 – HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 – Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 – Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O18 – Protocol: linkscanner – {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} – C:\Program Files\AVG\AVG8\avgpp.dll
O20 – Winlogon Notify: avgrsstarter – C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 – Service: Apple Mobile Device – Apple Inc. – C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 – Service: Ares Chatroom server (AresChatServer) – Ares Development Group – C:\Program Files\Ares\chatServer.exe
O23 – Service: AVG Free8 E-mail Scanner (avg8emc) – AVG Technologies CZ, s.r.o. – C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 – Service: AVG Free8 WatchDog (avg8wd) – AVG Technologies CZ, s.r.o. – C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 – Service: Bonjour Service – Apple Inc. – C:\Program Files\Bonjour\mDNSResponder.exe
O23 – Service: DSBrokerService – Unknown owner – C:\Program Files\DellSupport\brkrsvc.exe
O23 – Service: Intel(R) PROSet/Wireless Event Log (EvtEng) – Intel Corporation – C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 – Service: Google Software Updater (gusvc) – Google – C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 – Service: iPod Service – Apple Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: PnkBstrA – Unknown owner – C:\WINDOWS\system32\PnkBstrA.exe
O23 – Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) – Intel Corporation – C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 – Service: RoxMediaDB9 – Sonic Solutions – C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 – Service: Roxio Hard Drive Watcher 9 (RoxWatch9) – Sonic Solutions – C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 – Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) – Intel Corporation – C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 – Service: stllssvr – MicroVision Development, Inc. – C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 – Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) – Intel(R) Corporation – C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
–
End of file – 12616 bytes I am trying to fix a friends laptop for her, she recently contracted some rogue software, 'antispyware xp 2009' and managed to do something to her registry files in the removal process…
At this point it runs perfectly in safe mode… no problems with sound, video or drivers ect. but on the normal desktop nothing will run, i get the error message 'rundll32.exe is missing' and then the .EXE file assosciation panal comes up..
Although the system came with a recovery dvd the system does not have a cd or dvd drive… i have tried to import the contents of the recovery dvd on an external hard drive and mount the .ISO file on a virtual drive but i get an error message 'can't init vccd'
I have tried searching the dvd for rundll32 but it comes up with no files matching search
My initial idea was to simply replace the rundll32 file as there doesn't seem to be any other problems and if worse comes to worst then reinstall the whole operating system but with no external dvd drive i'm having trouble doing either.
So my questions are:
Is there a simple solution here i've missed?
Is there a way to access the .iso contents and extract the rundll32 file?
Can i simply download the rundll32 file from somewhere on the net?
Why does the system work fine in safe mode and not in normal, does this mean that it is not actually a genuine error but more likely something to do with the rogue software that was removed?
I also have another laptop (vista) with a dvd drive if its any help, as well as a wireless network..
Any ideas would be much appreciated, this has got me stumped…
Source:S32evnt1 Dll Error
Tags: rundll32 error, windows error