This pops up whenever my computer starts up. I had a virus that seemed to destroy all my System Restore points. When it attacked it tried to go after a lot of other files too. My AVG program kept picking it up via the Resident Shield. I tried to move them into the Virus Vault but it kept telling me that some of them were not accessible and could not be moved.Here are the file names it keeps changing to:File: RtlUpd.exeLocation: "C:\Program Files\Realtek\Audio\Drivers\RtlUpd.exe";"Virus Identified: Trojan horse Agent2.BBNN"Files: svchost.exe & System Restore .exe filesLocation: c:\System Volume Information\_restore{74B03159-57AE-4F3D-A4EF-DC063EB0C797}\RP3\A0000155.exe";"Virus identified: Trojan horse Agent2.BBNN;"File: setup.exeLocation: "C:\WINDOWS\Temp\inhy.tmp\setup.exe";Virus identified "Trojan horse Dropper.Generic2.ACLH"File: setup.exe"C:\WINDOWS\Temp\mnhj.tmp\setup.exe"Virus identified Worm/Generic.BPUK"File: lsass.exeLocation: c:\WINDOWS\Temp\lsass.exe"Virus identified Worm/Generic.BPUKFile: Dc1.exeLocation: c:\RECYCLE\S-1-5-21-1663220162-629997898-1444126085-1006\Dc1.exe"Virus identified Worm/Generic.BPUKFile: NTCONFIG.EXELocation: e:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exeVirus Identified: Virus identified Worm/Generic.BPUKEach one of these infections I listed as the "file" are actually only one name of the many files that are being used. So when you look up the webpages below, notice the other names that the file goes by, for example: RTLUPD goes by* RTLCPL.EXE* MICCAL.EXE* SKYTEL.EXE* SOUNDMAN.EXE* VNCUTIL.EXE* COOL_GAMESETUP.EXE* RTKVHDA.SYS* RTLUPD.EXE.EXE* !I!RTLUPD.EXEAt any rate, I "think" I killed the infection but I'm not absolutely certain since this error keeps coming. How can I fixed the RUNDLL error so that it doesn't come up anymore?1 person got this answerI do too

1. Rkill will stop all running processes, both legitimate programs and recognised nasties. By doing so, it will then allow you to run an ‘anti‘ program, like MBAM to remove any infection(s). There are 4 versions of Rkill; exe, com, scr and pif. Some malware may recognise the program and stop the exe version from running, if so, try one of the others. If you can’t download it, save it to an external USB device using a different computer, then plug it in to the infected machine. It is small and doesn’t need installing, so you may want to keep it permanently on a memory stick to run it, but remember it does need a new version every so often in order to identify new infections.Before running it, disable any anti programs that are running as they may see it as a threat. Rkill doesn’t delete any programs, it just stops them from running, removes rogue entries from the registry and restarts Windows Explorer. It will take less than a minute to run and produces a log file showing which processes have been stopped. Don’t restart the computer until the infection has been removed, as any processes that Rkill stops will be restarted when you restart the computer, including, of course, any nasties that haven‘t been removed from startup.Read this, then download it from here http://www.technibble.com/rkill-repair-tool-of-the-week/Get the free Malwarebytes' Anti-Malware from http://www.malwarebytes.org/ 2. If the rogue startup entries are still present, look at the most likely hiding places in the registry. Click Start > Run, type regedit, press Enter and in the left pane navigate to each of these five registry keys and their five HKCU counterparts (not all of them are necessarily present): HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnceHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\RunIn the right pane, look for the rogue name(s) and any that are there can be right-clicked and deleted.Alternatively, in regedit, you could search (F3) for the rogue entry in the right pane and delete it.

BurWalnut, I don't know how to thank you. That worked like a charm. Here is what I found out: When I ran rkill (I ran all the versions just to be safe), the rrrc.yeo kept popping back up after each rkill run. The report from rkill said that the only process it had killed was rkill itself. So, I figured I ran them all then I better run Malwarebytes as you instructed.Here is what that bad boy found on just a Quick Scan:Registry Keys Infected: 1: HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) Registry Data Items Infected: 2: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter)3: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe rrrc.yeo upptdvf)4: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://skyarticle.net)Files Infected: 5: C:\Documents and Settings\NetworkService\secupdat.dat (Worm.Autorun)6: C:\WINDOWS\wintybrd.png (Malware.Trace) 7: C:\WINDOWS\wintybrdf.jpg (Malware.Trace)All of these were Quarantined and deleted successfully. Thank you again!

Exactly like the original Greek Trojan horse, the little rascals were hiding in an unexpected place. Running all four versions of rkill is certainly a ‘novelty’, well done to you and thank you for letting us know.