tivia Posted July 29, 2010 ID:292196 Share Posted July 29, 2010 hi all. new to this site. got a wee problem. rundll. iv run my anti virus and malwarebytes, but can get rid of it, not that clued up on the pc, but im getting there lol. any help would be great. thanks Link to post Share on other sites More sharing options...
noknojon Posted July 29, 2010 ID:292199 Share Posted July 29, 2010 Welcome tivia -I am sorry but "rundll" as such is not an infection - Are there any other details you can lay upon us please -"Error Loading C:\windows\system 32\bridge.dll " is the kind of rundll error message that you can get. Is yours similar or ....Thank You -EDIT -The only advice I can give to your request is to download CCleaner Slim http://www.piriform.com/ccleaner/builds from this link -Install the program - Under Internet Explorer , Untick - Cookies, Index.Dat Files, Auto Complete Form History -Under System, Untick - ChkDsk Fragments, DNS Cache, Startmenu Shortcuts, Desktop Shortcuts Click on Run Cleaner and this will remove the Temp Files built up in your computer - Link to post Share on other sites More sharing options...
tivia Posted July 29, 2010 Author ID:292202 Share Posted July 29, 2010 hi and thank you, well it only pops up when i start up pc. so what i'll do is shut down and get the details when i restart, then i'll post it on here. thanks for your help Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 29, 2010 Root Admin ID:292203 Share Posted July 29, 2010 Update and Scan with Malwarebytes' Anti-MalwareStart MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.Update Malwarebytes' Anti-Malware Select the Update tabClick Update[*]When the update is complete, select the Scanner tab[*]Select Perform quick scan, then click Scan.[*]When the scan is complete, click OK, then Show Results to view the results.[*]Be sure that everything is checked, and click Remove Selected.[*]When completed, a log will open in Notepad. please copy and paste the log into your next reply If you accidently close it, the log file is saved here and will be named like this:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txtThen post back the MBAM log. Link to post Share on other sites More sharing options...
tivia Posted July 29, 2010 Author ID:292208 Share Posted July 29, 2010 thank you, im running malwarebytes, but as i do my antivir guard keeps poping up with TR/agent2.ctor trojan which looks like it stops the scan Link to post Share on other sites More sharing options...
tivia Posted July 29, 2010 Author ID:292210 Share Posted July 29, 2010 its stoped, scan is running ok Link to post Share on other sites More sharing options...
tivia Posted July 29, 2010 Author ID:292215 Share Posted July 29, 2010 www.malwarebytes.orgDatabase version: 4365Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870229/07/2010 10:13:50mbam-log-2010-07-29 (10-13-50).txtScan type: Quick scanObjects scanned: 187664Time elapsed: 34 minute(s), 47 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 9Registry Values Infected: 0Registry Data Items Infected: 1Folders Infected: 9Files Infected: 5Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\.pox (Rogue.FixTool) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\pofile (Rogue.FixTool) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportMgmtService.exe (Security.Hijack) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportService.exe (Security.Hijack) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe (Security.Hijack) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra73.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.Folders Infected:C:\Program Files\Perfect Optimizer (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.C:\Program Files\Perfect Optimizer\Backup (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.C:\Program Files\Perfect Optimizer\Backup\Application (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.C:\Program Files\Perfect Optimizer\Backup\Registry (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.C:\Program Files\Perfect Optimizer\Backup\Registry\FirstBackup (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.C:\Program Files\Perfect Optimizer\Backup\Registry\FullBackup (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.C:\Program Files\Perfect Optimizer\Backup\Service (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.C:\Program Files\Perfect Optimizer\Temp (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.C:\WINDOWS\system32\l0wsec (Trojan.Zbot) -> Quarantined and deleted successfully.Files Infected:C:\Program Files\Perfect Optimizer\PerfectOptimizer.ini (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.C:\WINDOWS\system32\l0wsec\l0cal.ds (Trojan.Zbot) -> Quarantined and deleted successfully.C:\WINDOWS\system32\l0wsec\us3r.ds (Trojan.Zbot) -> Quarantined and deleted successfully.C:\Documents and Settings\MORAY\Local Settings\Temp\0.10347532664131698.exe (Trojan.Dropper) -> Quarantined and deleted successfully.C:\Documents and Settings\MORAY\Local Settings\Temp\0.7203963989774138.exe (Trojan.Dropper) -> Quarantined and deleted successfully. Link to post Share on other sites More sharing options...
tivia Posted July 29, 2010 Author ID:292216 Share Posted July 29, 2010 hope that is what was needed Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 29, 2010 Root Admin ID:292219 Share Posted July 29, 2010 Yes, if you're still having issues then please follow the directions below as we don't work on Malware here in this forum. I just wanted to make sure you were able to run our scanner.Someone will work with you one on one to assist you in that forum.Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here. One of the expert helpers there will give you one-on-one assistance when one becomes available.After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someon has replied to your post.Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org Link to post Share on other sites More sharing options...
tivia Posted July 29, 2010 Author ID:292226 Share Posted July 29, 2010 thanks for your help guys . Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 29, 2010 Root Admin ID:292240 Share Posted July 29, 2010 No problem, you're quite welcome. Link to post Share on other sites More sharing options...
Recommended Posts