SysWOW64/rundll32.exe

[Felipe Cota]

Huy guys, First of all sorry for my poor english. Today when I was using my internet banking service saw this message:

Runtieme Error!
Program: C:\Windows\SysWOW64\rundll32.exe

R6016
- not enough space fot thread data

If someone can help me I will be very glad.

Thanks a lot.

 

[TwinHeadedEagle]

Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:

• At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
• Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
• If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
• I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  
• Please attach all report using
  
  button below. Doing this, you make it easier for me to analyze and fix your problem.
  
• Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay for the repair.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

[Felipe Cota]

Hello TwinHeadedEagle,

Thank you very much.

Here comes the two files you request.

Thanks again.

 

[TwinHeadedEagle]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  autoclean;
  emptyalltemp;
  ipconfig /flushdns;b

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 

[Felipe Cota]

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Felipe Cota on 30/06/2015 at 6:56:42,35.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Felipe Cota\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

30/06/2015 06:58:17 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\AAALOGO deleted successfully
C:\PROGRA~2\Baidu-Security-2014-4.4.4.82805 deleted successfully
C:\PROGRA~2\Disktrix deleted successfully
C:\PROGRA~2\FreeTime deleted successfully
C:\PROGRA~2\IObit deleted successfully
C:\PROGRA~2\Kalypso Media deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\Roxio deleted successfully
C:\PROGRA~2\WildTangent deleted successfully
C:\PROGRA~2\Wondershare deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~3\Nero deleted successfully
C:\PROGRA~3\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} deleted successfully
C:\Users\Felipe Cota\AppData\Roaming\BitTorrent Sync deleted successfully
C:\Users\Felipe Cota\AppData\Roaming\HpUpdate deleted successfully
C:\Users\Felipe Cota\AppData\Roaming\LogoMaker deleted successfully
C:\Users\Felipe Cota\AppData\Roaming\Roxio deleted successfully
C:\Users\Felipe Cota\AppData\Roaming\TeamViewer deleted successfully
C:\Users\Felipe Cota\AppData\Roaming\VIVO INTERNET deleted successfully
C:\Users\Felipe Cota\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} deleted successfully
C:\Users\Felipe Cota\AppData\Local\calibre-cache deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-963786325-3815717461-3828834076-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BD7A7647-CE97-447F-B1A9-6C2C23EAFB5D} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\AAALOGO not found
C:\PROGRA~2\Baidu-Security-2014-4.4.4.82805 not found
C:\PROGRA~2\Disktrix not found
C:\PROGRA~2\FreeTime not found
C:\PROGRA~2\IObit not found
C:\PROGRA~2\Kalypso Media not found
C:\PROGRA~2\Roxio not found
C:\PROGRA~2\WildTangent not found
C:\PROGRA~2\Wondershare not found
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\PROGRA~3\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} not found
C:\Users\Felipe Cota\AppData\Roaming\Arduino15 deleted
C:\Users\Felipe Cota\AppData\Roaming\calibre deleted
C:\PROGRA~3\fhhpadcigcgkpmlcmgbbmbgllgmcjmcb deleted
C:\PROGRA~2\unisalees deleted
C:\PROGRA~2\COMMON~1\Wondershare deleted
C:\install.exe deleted
C:\found.000 deleted
C:\Users\Felipe Cota\AppData\Roaming\IHlpr deleted
C:\Users\Felipe Cota\AppData\Roaming\Thinstall deleted
C:\PROGRA~3\Wondershare Video Converter Ultimate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Felipe Cota\AppData\Local\Thinstall deleted
C:\Users\Felipe Cota\AppData\Local\Wondershare deleted
C:\Users\Felipe Cota\AppData\Local\cache deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\wangzhisong deleted
C:\Windows\Syswow64\InstallUtil.InstallLog deleted
C:\Users\FELIPE~1\AppData\Roaming\Mozilla\Firefox\Profiles\8o9fd4hk.default-1425141970706\jetpack deleted
C:\Users\Felipe Cota\AppData\Roaming\unins000.exe deleted
"C:\Windows\Installer\2e6af7.msi" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com" [24/05/2015 17:51]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E8873}"="C:\Users\Felipe Cota\AppData\Local\GAS Tecnologia\GBBD\uni\xpi" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\FELIPE~1\AppData\Roaming\Mozilla\Firefox\Profiles\8o9fd4hk.default-1425141970706
- FastAccess Web Login - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso
- GBBD Banco do Brasil - C:\Users\Felipe Cota\AppData\Local\GAS Tecnologia\GBBD\bb\xpi
- Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
- NetVideoHunter em:version1.18.1-signed em:descriptionDownload flash videos FLV and music MP3 from any video site For example: YouTube Metacafe DailyMotion Vimeo. em:creatorNetVideoHunter em:type2 em:unpacktrue em:homepageURLhttp:www.netvideohunter.com emptionsURLchrome:netvideohuntercontentoptions.xul em:iconURLchrome:netvideohunterskinnetvideohunterIcon32.png - C:\Users\Felipe Cota\AppData\Roaming\Mozilla\Firefox\Profiles\8o9fd4hk.default-1425141970706\extensions\netvideohunter@netvideohunter.com
- Ant Video Downloader - C:\Users\Felipe Cota\AppData\Roaming\Mozilla\Firefox\Profiles\8o9fd4hk.default-1425141970706\extensions\anttoolbar@ant.com
- Flash and Video Download - C:\Users\Felipe Cota\AppData\Roaming\Mozilla\Firefox\Profiles\8o9fd4hk.default-1425141970706\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
- Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
- Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
- Ant Video Downloader - %ProfilePath%\extensions\anttoolbar@ant.com
- NetVideoHunter em:version1.18.1-signed em:descriptionDownload flash videos FLV and music MP3 from any video site For example: YouTube Metacafe DailyMotion Vimeo. em:creatorNetVideoHunter em:type2 em:unpacktrue em:homepageURLhttp:www.netvideohunter.com emptionsURLchrome:netvideohuntercontentoptions.xul em:iconURLchrome:netvideohunterskinnetvideohunterIcon32.png - %ProfilePath%\extensions\netvideohunter@netvideohunter.com
- Flash and Video Download - %ProfilePath%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
- Video DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Felipe Cota\AppData\Roaming\Mozilla\Firefox\Profiles\8o9fd4hk.default-1425141970706
FA0A3008589567CB7196620B05C9F28D - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
F7AEAD4303A056F2D1685B43024776CA - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
C45F7E59F2A0A6D3C4E90117F4752414 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)
A64F2C388DC26BE3E469EDC3657B14F4 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
2E661988463BCFA1B95D4DAAB9B0B6FA - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll - Shockwave Flash
E3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Users\Felipe Cota\AppData\Local\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104
7E22425470F2072890C5747F07628846 - C:\Users\Felipe Cota\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
D87C0639158DFC59B39E1B804F297B40 - C:\Users\Felipe Cota\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll - Módulo de Proteção - Banco do Brasil


==== Chromium Look ======================

Google Chrome Version: 43.0.2357.130

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[16/04/2013 03:11]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apdfllckaahabafndbhieahigkjlhalf - C:\Users\FELIPE~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx[17/02/2015 09:49]

RealDownloader - Felipe Cota\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Lingua.ly - Felipe Cota\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilcekgoelpgecpjnnoikhbleipnjdhf
Google Drive App Launcher - Felipe Cota\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Deleting CLSID Registry Keys ======================

HKEY_CLASSES_ROOT\CLSID\{310CA7B9-D56B-499A-B786-D9648270585E} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{310CA7B9-D56B-499A-B786-D9648270585E} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-963786325-3815717461-3828834076-1000\Software\Mozilla\Firefox\Extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\WSVCU@Wondershare.com deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\298F139EA89018C4D8DE0431BDE9B396 deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\298F139EA89018C4D8DE0431BDE9B396 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 6 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent Sync deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HW_OPENEYE_OUC_VIVO INTERNET deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelTBRunOnce deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray.exe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Felipe Cota\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Felipe Cota\AppData\Local\Mozilla\Firefox\Profiles\8o9fd4hk.default-1425141970706\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Felipe Cota\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=880 folders=242 324065504 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Felipe Cota\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\FELIPE~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 30/06/2015 at 7:21:52,98 ======================

 

[Felipe Cota]

Hello TwinHeadedEagle,

As you request, I UPLOADED the fixlog file and POST the ZOEK coments.

Thank you a lot.

 

[TwinHeadedEagle]

How is your PC behaving now?

 

[Felipe Cota]

Well, acctualy I just had this problem I was using my internet banking service and this message come out a lot of times:

Runtieme Error!
Program: C:\Windows\SysWOW64\rundll32.exe

R6016
- not enough space fot thread data

After that I don't use the internet banking again.

Do you want me to login in my bank service again and see what hapens?

 

[TwinHeadedEagle]

Yes, you can do it. PC seems clean.

 

[Felipe Cota]

I'll do that and post here.

 

[Felipe Cota]

I used and the message come again.
I'm uploading a print from it in this reply.

 

[TwinHeadedEagle]

Is this application installed on your PC? Did you try to contact their support?

 

[Felipe Cota]

I don't know what it is.

 

[TwinHeadedEagle]

Neither me, if you get this error when using your banking service, then you should contact your bank.