# rundll32.exe..msconfig showed as rundll.ece "c:\windows\system32\xysfcf.dll' ,realset



## azzurine_amit (Jun 18, 2007)

Hi everybody,

I am new to this forum and I really appreciate the help that you guys give out here.

I dont know what info you need..

rundll.exe "c:\windows\system32\xysfcf.dll' ,realset what does this mean..???

I had a recent attack by trogan horse and adware...after which my system would give pop ups as soon the net is connected.

Now I see the rundll32.exe has a changed icon not that of an exe file.

???

Regards


----------



## MFDnNC (Sep 7, 2004)

Do not post multiple threads for the same problem - your other thread should get closed

Click here to download HJTsetup.exe:

http://www.thespykiller.co.uk/index.php?action=tpmod;dl=item5

*Scroll down to the download section where the download button is*

Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.


----------



## azzurine_amit (Jun 18, 2007)

Thanks and sorry for the other thread..

Logfile of HijackThis v1.99.1
Scan saved at 6:32:35 AM, on 6/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe


----------



## MFDnNC (Sep 7, 2004)

That log looks fine

Download Superantispyware (SAS)

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
·	It will ask if you want to update the program definitions, click Yes.
·	Under Configuration and Preferences, click the Preferences button.
·	Click the Scanning Control tab.
·	Under Scanner Options make sure the following are checked:
o	Close browsers before scanning
o	Scan for tracking cookies
o	Terminate memory threats before quarantining.
o	Please leave the others unchecked.
o	Click the Close button to leave the control center screen.
·	On the main screen, under Scan for Harmful Software click Scan your computer.
·	On the left check C:\Fixed Drive.
·	On the right, under Complete Scan, choose Perform Complete Scan.
·	Click Next to start the scan. Please be patient while it scans your computer.
·	After the scan is complete a summary box will appear. Click OK.
·	Make sure everything in the white box has a check next to it, then click Next.
·	It will quarantine what it found and if it asks if you want to reboot, click Yes.
·	To retrieve the removal information for me please do the following:
o	After reboot, double-click the SUPERAntispyware icon on your desktop.
o	Click Preferences. Click the Statistics/Logs tab.
o	Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o	It will open in your default text editor (such as Notepad/Wordpad).
o	Please highlight everything in the notepad, then right-click and choose copy.
·	Click close and close again to exit the program.
·	Please paste that information here for me *with a new HijackThis log*.


----------



## azzurine_amit (Jun 18, 2007)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/19/2007 at 07:27 AM

Application Version : 3.8.1002

Core Rules Database Version : 3257
Trace Rules Database Version: 1268

Scan type : Complete Scan
Total Scan Time : 00:27:19

Memory items scanned : 316
Memory threats detected : 0
Registry items scanned : 3294
Registry threats detected : 0
File items scanned : 15314
File threats detected : 12

Adware.Tracking Cookie
C:\Documents and Settings\Ram Charan Singh\Cookies\ram charan [email protected][2].txt
C:\Documents and Settings\Ram Charan Singh\Cookies\ram charan [email protected][1].txt
C:\Documents and Settings\Ram Charan Singh\Cookies\ram charan [email protected][1].txt
C:\Documents and Settings\Ram Charan Singh\Cookies\ram charan [email protected][1].txt
C:\Documents and Settings\Ram Charan Singh\Cookies\ram charan [email protected][1].txt
C:\Documents and Settings\Ram Charan Singh\Cookies\ram charan [email protected][2].txt
C:\Documents and Settings\Ram Charan Singh\Cookies\ram charan [email protected][2].txt
C:\Documents and Settings\Ram Charan Singh\Cookies\ram charan [email protected][2].txt
C:\Documents and Settings\Ram Charan Singh\Cookies\ram charan [email protected][1].txt
C:\Documents and Settings\Ram Charan Singh\Cookies\ram charan [email protected][1].txt
C:\Documents and Settings\Ram Charan Singh\Cookies\ram charan [email protected][1].txt

Trojan.Downloader-Gen/HitItQuitIt
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6CD214B8-426A-43B1-8BA1-3BACD1F08D89}\RP6\A0001369.DLL

Logfile of HijackThis v1.99.1
Scan saved at 7:35:51 AM, on 6/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

Thanks and please let me know what softwares to install so as to not face problem of ths sort. Also let me the setting of SAS hence forth...


----------



## MFDnNC (Sep 7, 2004)

SAS is fine as it is but will need to manually check for updates

Get all of these and/or verify you have the current versions

SpywareBlaster 3.5.1 http://majorgeeks.com/download2859.html

SpyBot V1.4 http://www.majorgeeks.com/download2471.html 
============

How are things?


----------



## azzurine_amit (Jun 18, 2007)

Thanks for every thing....

i would re install my copy of Windows and install all the files you mentioned...

Then start fresh,,

I also would like to make a donation...nut i dont have a credit card ...i am from India...how can I so it with cheque....and how in INDIAN rupees..?? please advice..


----------



## MFDnNC (Sep 7, 2004)

You said <re install my copy of Windows>

Why the log is looking good

Dunno about rupees, by the time exchange rates and fees it might not be worth it


----------



## azzurine_amit (Jun 18, 2007)

So, Sometimes I get the memory error message after I close the browser...
I might have deleted files from the Internet settings...

And that the reason why I wanted to reinstall the software..

Will it be good to go if I install Avast Home 4.7, SAS, spy bot and spywareblaster at the sametime running and will it give me realtime protection..

And ya..
I would also figure out a way of donating with the help of my friends in the UK or the US.

Thanks


----------



## MFDnNC (Sep 7, 2004)

Memory error message???


----------



## azzurine_amit (Jun 18, 2007)

Sorry for my late response....

which says..
iexplorer.exe. application error

"0x666accc" referenced memory at "0x666accc". the memory could not be read.....something like this...in a dialogue box

i doesnt happen very often...i happened twice or thrice after i deleted files in my local settings...and also deleted the registry entry of a P2p software in which the uninstaller file was deleted accidentally.

regards


----------



## MFDnNC (Sep 7, 2004)

Get IE V7


----------

