Rundll Popup annoyance-Help!

My daughter's pc has been driving her crazy with this annoying popup that comes up with a thhummmppp sound about every 40 seconds! She's using Windows XP, on her Dell P-IV pc. Can you help me resolve this problem? Tom Myboy, are you here? Here's the popup message:



RUNDLL

Error loading C:\PROGRA~\INTERN~3\inetkw.dll

The specified module could not be found.


Thanks ,teacher4u

Check out Nirvana's post [#3] in this thread... -> Clicky...

John ,It looks good but I'm gonna hold off a while till I get a few more responses to my just posted thread before I proceed! I'll let you know what happens! Thanks for sharing! Nice to know I'm not alone! Teacher4u

I'll try to get on her pc and post a hijackthis log this weekend, so that the experts at devshed can tell me how to remedy this problem. Thanks A Million-teacher4u

Here's a hijack this log from today 2-14-05,. There are a lot of problems in her pc. I couldn't get to devshed from internet explorer, it kept popping up an internet expl. error message and shutting me down. So I came on thru mozilla! She was infested with over 1000 adaware critical objests, 20 trojans, morethan 100 spybot identified problems! she has coolweb search , about.blank, and various other evil critters hiding on her hard drive ,including some horrific popup generators! The rundll seems to have backed off a bit! When I try to clear her temporary internet files there are two I can't delete. They areapp.ezula.com and 2nd thought.com. Also aaabesthomepage and loadingwebsite.com. Pleeeaasssse Help!! Thank you! teacher4u! Should be student of u!












Logfile of HijackThis v1.99.0
Scan saved at 1:47:25 PM, on 2/14/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\P
rogram Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\vuporpvu\RMADBwBN.exe
C:\PROGRA~1\vuporpvu\NBwBDAMR.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\seeon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\schrsfi.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lisa Giberti\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Y358RXH7j] schrsfi.exe
O4 - Global Startup: hkhyih.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://www.makeoversolutions.com/save/makeover.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel(R) NMS - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

You should first of all respect the rules of this forum and delete all the hi jack this **** you posted above.

Then boot to a command prompt and type format c:

delete that system and give the owner a lesson in responsibility and care befoe reinstalling it.

Balamm, I wasn't aware we aren't supposed to post a HijackThis log, even if it's an aberration! Sorry for breaking the rules! It is my daughter's pc and you're right! She's been very irresponsible. Actually, a 9 year old and a 22 year old both use that computer. I'll have to scold both of them! I don't know if you're a parent, but if you are, then you know that we have to deal with irresponsibility on our children's part, just as they sometimes have to deal with our irresponsible actions. Gary Condit, Bill Clinton, and Mary Kay LeTourneau, come to mind! That being said, we had considered the Dell System Restore Disk, but wanted to get an expert's opinion. That's where you came into the picture. I'll show your post to my daughter in hopes it will change her evil ways. Otherwise feel free to come over to my house and spank her! (The 9 year old, that is!) Feel free to leave the deleted expletives intact, we voted for Kerry in this house! If you know TomMyboy, I'd appreciate it if you apprised him of the problems above. He's always been very helpful in the past! I'm sure he'll probably also recommend reinstalling the system, but it'd be nice to hear from him . With regard to safe surfing, my pc has ZoneAlarm, Spyware Blaster, AdAware, Spybot, Panicware PopUp Stopper,Spyware Guard, and PopThis! Can you recommend any others I might need? Thank you, teacher4u

You have way too much going on with blockers in the first place. If you used FireFox instead of IE you'd mitigate the bulk of what all those program you're running proport to do in the first place. I wouldn't be suprised if one of those popup blockers are in fact the actual source of your problem.

One anti-virus program, kept up to date, should do the trick when combined with human prudence. You can still get things from trusted sources. Roland USA sent me a driver update years ago on floppy disk that had a virus on it.

You can take the drive out, put it in a clean system, and repair it from the uninfected computer running as a slave then slap it back in your original box. You can probably hire someone to do this for you for $20-$80 or so. A lot of people freelance this service and do house calls.

Please excuse my ramblings in my post above. You are 100% correct. I should stick to the problem. I think my blood was up! Do you think restoring the system with the restore disk will do it, or should I go with the technician? I don't have the time or expertise to remove, disinfect, and reinstall the hard drive. I can handle the removal and installation, but I'd get bogged down on using the correct bells and whistles in the cleaning procedure. She does have the Dell insurance I believe! Thank you! teacher4u

I'd say it's your call. I think you can handle wiping it and re-installing but you'll lose all your existing files. You can also consider getting a new hard drive, then having your other one to put in as a slave to retrieve files from to start fresh with (assuming this is a desktop/tower not a laptop).

This is the route I take when I build new machines. I never recycle my drives, I just start fresh and consider the old ones a permanent backup of whatever was there. If you have bays, you can leave them in unconnected or put them in the static guard baggie and stash them in a cool, dry, dark place.

From a new machine I'd advice using FireFox as the default browser, setting it to block popups itself, and install one anti-virus of merit and make sure you get all the service updates. These will take a long, long time to download on a modem. They'll take a long time even on DSL, but you should get them. Those banners that say "get cool 3D smilie face icons in your e-mail" ... don't install those

We normally run at 3.0 mbps, but alotta people are on cable tv right now ,so we're a little slow at 10 PM.Here's our speed from 2wire.com!
Products Applications Services Alliances Support How to Buy Company
Speed Meter

Bandwidth = 2250.4 Kbps
I'll have to decide! Thanks for good advice. I've been tel ling her not to download that crap forever. I gyess girls like to think they're getting free gifts! teacher4u