locked
DLL Issue on Vista Home Prem RRS feed

  • Question

  • The following startup values or giving a error at startup. I found them in Windows Defender as rundll32 that is marked as not yet classified. I am trying to figure out a fix but am at a loss. Was wondering if someone could help me out.

     

    File Name:

    rundll32.exe

    Display Name:

    Microsoft Windows host process (Rundll32)

    Description:

    Windows host process (Rundll32)

    Publisher:

    Microsoft Corporation

    Digitally Signed By:

    Microsoft Windows Verification PCA

    File Type:

    Application

    Startup Value:

    rundll32.exe C:\Windows\system32\pry5qnmlz.dll, SystemServer

    File Path:

    C:\Windows\system32\rundll32.exe

    File Size:

    46592

    File Version:

    6.0.6000.16386 (vista_rtm.061101-2205)

    Date Installed:

    11/2/2006 3:33:07 AM

    Startup Type:

    Registry: Current User

    Location:

    Software\Microsoft\Windows\CurrentVersion\Run

    Classification:

    Not yet classified

    Ships with Operating System:

    Yes

    SpyNet Voting:

    In Progress

    File Name:

    rundll32.exe

    Display Name:

    Microsoft Windows host process (Rundll32)

    Description:

    Windows host process (Rundll32)

    Publisher:

    Microsoft Corporation

    Digitally Signed By:

    Microsoft Windows Verification PCA

    File Type:

    Application

    Startup Value:

    rundll32.exe C:\Windows\system32\urwsdimtdx.dll, SystemServer

    File Path:

    C:\Windows\system32\rundll32.exe

    File Size:

    46592

    File Version:

    6.0.6000.16386 (vista_rtm.061101-2205)

    Date Installed:

    11/2/2006 3:33:07 AM

    Startup Type:

    Registry: Current User

    Location:

    Software\Microsoft\Windows\CurrentVersion\Run

    Classification:

    Not yet classified

    Ships with Operating System:

    Yes

    SpyNet Voting:

    Not Available
    Saturday, March 12, 2011 5:16 AM

Answers

  • This was a malware. It was removed by your AntiVirus Scanner, but the registry entries are still present to start the malware at startup.

    Start regedit.exe and search (F3 or CTRL+F) for pry5qnmlz.dll and delete all entries you find.

    To be safe, make a full scan with an AntiVirus Scanner like Microsoft Security Essentials and also scan your PC with Malwarebytes' Anti-Malware.

    André
    "A programmer is just a tool which converts caffeine into code"

    Want to install RSAT on Windows 7 Sp1? Check my HowTo: http://www.msfn.org/board/index.php?showtopic=150221
    Saturday, March 12, 2011 2:02 PM
  • Hi,

    Please click start, type msconfig and press Enter.

    Under the startup tab, find the item reads like RUNDLL32.EXE, c:\windows\system32\xxx.dll and uncheck it.

    Save the change and restart.

    Or you can modify the registry by loading registry editor.

    Navigate to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    Deleted the RUNDLL32.EXE, c:\windows\system32\xxx.dll

    Regards,


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    Thursday, March 17, 2011 8:37 AM
    Moderator

All replies

  • This was a malware. It was removed by your AntiVirus Scanner, but the registry entries are still present to start the malware at startup.

    Start regedit.exe and search (F3 or CTRL+F) for pry5qnmlz.dll and delete all entries you find.

    To be safe, make a full scan with an AntiVirus Scanner like Microsoft Security Essentials and also scan your PC with Malwarebytes' Anti-Malware.

    André
    "A programmer is just a tool which converts caffeine into code"

    Want to install RSAT on Windows 7 Sp1? Check my HowTo: http://www.msfn.org/board/index.php?showtopic=150221
    Saturday, March 12, 2011 2:02 PM
  • Hi,

    Please click start, type msconfig and press Enter.

    Under the startup tab, find the item reads like RUNDLL32.EXE, c:\windows\system32\xxx.dll and uncheck it.

    Save the change and restart.

    Or you can modify the registry by loading registry editor.

    Navigate to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    Deleted the RUNDLL32.EXE, c:\windows\system32\xxx.dll

    Regards,


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    Thursday, March 17, 2011 8:37 AM
    Moderator