Hey, I was searching through the internet for an answer to my problem, and I tried everything to remove or fix the RUNDLL32.EXE that's causing all these windows pop up from nowhere and the only thing that has done it is unplugging the modem from my computer. But I want to use the internet so I tried Spyware Doctor, Lavasoft, Spyhunter, HiJackThis and a tool to remove the Worm32 from the file, but all without positive results. Now I have to deal with some windows that tell me that some dlls are missing like the khdus.dll (or something like that). My computer specs are these: Windows XP Professional, Pentium IV 1.7 GHz, 512 ram. The RUNDLL32.EXE appears in the system32 folder with a different icon that the other .exe file have and it's size is 32.5 kb exactly. What it does: I can see the RUNDLL32.EXE opens in the tasklist manager, then a popup opens from the EMOTICONS website (these guys are behind everything, I'm sure), and then I close both the rundll32.exe and the popup, but no matter what they reappear. I tried removing the file, for I read that in XP the rundll32.exe is useless, but another one is created 5 seconds later.
In HiJackThis I get this:
Logfile of HijackThis v1.99.1
Scan saved at 12:03:19, on 04/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Archivos de programa\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tatan0x\Escritorio\hijackthis\HijackThis.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Archivos de programa\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Archivos de programa\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\ARCHIV~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\o248lchu1f48.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Archivos de programa\Spyware Doctor\sdhelp.exe
Note that in my task manager the RUNDLL32.EXE is running but HiJackThis doesn't seem to note this, it doen's appear in the running processes. Thanks a lot for the help it's really appreciated.
Sebastian
