tim's journal

I had that problem too.. you can't delete rundll32.exe ... it's something else (my IT guys got rid of it for me...

HijackThis is more difficult to use than AdAware and Spybot Search & Destroy, but many have said it got rid of things the others missed, including myself.
http://www.spywareinfo.com/~merijn/downloads.html

If Hijack This won't run, check out that page's advice for why it won't run (some spywares put anti-spyware code in their programs...that page has fixes for that).

It lists all things running at the time the program's run, and I think it also lists all startup programs from the registry, autoexec.bat, startup folder, ect...

They recommend to just run it to get a list, then post the ENTIRE list, UNedited, to one of the forums in his links list (under a new thread).

After I was hijacked last year, I used Hijack This to get rid of xxxtoolbar, then installed WinPatrol, and quit using IE.
http://www.winpatrol.com/winpatrol.html

They're both free to use; Winpatrol has an advanced program for paying customers.

RUNDLL32.EXE is a valid Windows file and can't be removed. The inetp60.dll file is being regenerated by whatever program put it there, so you have to find and eliminate that program. Here's a trick I discovered to get rid of suspect programs:

Boot to safe mode. Unhide hidden/system files, and also unhide file extensions. Open Explorer and navigate to the C:\Windows folder. Click the "View" menu then "Arrange icons by > Type."

You'll see all the EXE listed first. As you pass the pointer over each file, you'll see a desrciption of the file. All Windows executables and other companies' valid EXEs will have a description of what the file is. If you only see a date that the file was created, it's a good bet you don't need it, especially if the filename is a jumble of letters. Delete them. NOTE: Some legacy Windows files will only have the date as well, but they go back to 2002 or earlier. Only delete those that are within the past couple months. Those are probably your adware file droppers. Do this in the System32 folder, too.
Then, while still in safe mode, you can access the C:\Recycled folder. Delete everything in there to make sure the files are unrecoverable.

Then hit CTL-ALT-DEL and turn off all processes that are not listed as "SYSTEM." You can now delete the offensive DLLs in the same manner, and they shoudn't come back. It takes some time, but it has been remarkably effective for me.

About your disappearing files (rundll32.exe etc)
If you were to sucessfully delete them, your system would no longer run properly.

inetp60.dll is adware, it's categorized under Adware.BrowserAid. You also must be aware of another file which also is installed with this first file : msiefr40.dll

To remove this run regedit and search for these entries:

HKEY_LOCAL_MACHINE\software\classes\clsid\{087173ef-9829-4f49-8340-a524177d3f60}

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{087173ef-9829-4f49-8340-a524177d3f60}

HKEY_LOCAL_MACHINE\software\classes\clsid\{0ddbb570-0396-44c9-986a-8f6f61a51c2f}

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0ddbb570-0396-44c9-986a-8f6f61a51c2f}

HKEY_LOCAL_MACHINE\software\classes\clsid\{606220ae-90e0-41ca-bf6d-c89272ed680c}

Delete them all, reboot then search for and delete these 2 files from your computer :
msiefr40.dll; inetp60.dll

Then the problem is solved and gone.

By the way, I stumbled on your site searching for info on spyware and adware. For the past year I've been starting a company called Alkeli Solutions, we're developing software called Frontline which in the end will be the ultimate system cleaner, our database is now up to about 150,000 files/objects that should be removed from systems. For more information check out our site http://alkeli.cjb.net
Our site is still not complete and has yet to be moved to a different domain once it's done.

Cheers!
Al Carrier
Alkeli Solutions

I don't know if this is germain to any problems you are discussing here. I had to do a complete burn-down to all 4 hd's when lop.exe got into my system. But even though that has been a great loss of files and photos (I know..backups would have been nice!), I saw something strange when I was cruising thru my pretetch files one day before all hell broke loose. All the "TYPE" in the prefetch areas were renamed "VIRUS WORM HELL". BTW: I was running XP-PRO, SP-2 and about 20 of the newest patches, Spybot S&D 1.3, AdAware (Lavasoft), SpyWareBlaster, AVG Free, the freebees (from MSN Premium) McAfee; and the new MicroSoft BIG, now renamed BETA. Using a dynamic IP generator and all the above stuff, I thought I was really safe.

What in all the world was done to the .pf files? What did the type-change have to do with anything? Was it just somebody marking their exploits?

Hijackthis found a lot of 80+ alpha-numeric addresses and junk in my IE browser, and all my anti-stuff went nuts every time something tried to change the url, which was every 10 seconds. I got gambling sites, casinos, airlines and travel tours, dating services and new car ads. At most times, my task manager posted over 300 processes running at the same time with 100% cpu use. With all the toast pop-ups from MSN Beta and Spybot and AVG going nuts, I couldn't get anything done, so I just burned it all down.

Colombia's vice president is "baffled" by Kate Moss's success following cocaine allegations...

Good job!

pet health insurance

Good job!

Good job!

Colombia's vice president is "baffled" by Kate Moss's success following cocaine allegations...