Go Back   Cyber Tech Help Support Forums > Operating Systems > Older Windows Versions > Windows Vista

Notices

Windows Vista Problem solving for the Windows Vista Operating System. Please remember to state which edition of Vista you are using - Home Basic, Home Premium, Business, Ultimate etc. and whether you are using the 32-bit or 64-bit version if you know.

Reply
 
Topic Tools
  #16  
Old April 11th, 2008, 07:01 PM
simespsb simespsb is offline
Member
 
Join Date: Apr 2008
Posts: 34
DSS main.txt (2)

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19/01/2008 08:38]
"RtHDVCpl"="RtHDVCpl.exe" [09/11/2006 10:57 C:\Windows\RtHDVCpl.exe]
"HostManager"="C:\Program Files\Common Files\AOL\1183532771\ee\AOLSoftware.exe" [14/11/2006 15:01]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [11/01/2007 11:40]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24/08/2007 08:00]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/03/2007 15:57]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]
"ZPLED"="C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe" [21/02/2006 07:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [25/07/2007 16:02]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [25/07/2007 16:06]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/02/2008 00:13]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 14:10]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []
"NvSvc"="C:\Windows\system32\nvsvc.dll" [12/09/2007 06:28]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [12/09/2007 06:28]
"NvMediaCenter"="C:\Windows\system32\NvMcTray. dll" [12/09/2007 06:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [27/06/2007 19:03]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [27/08/2007 21:27]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [17/08/2007 19:10]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [19/01/2008 08:33]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [10/12/2007 11:12]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

C:\Users\Simes\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [9/6/2007 1:34:55 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [8/27/2007 9:27:36 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{17eb75ee-5582-11dc-a2ed-00038a000015}]
AutoRun\command- I:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-04-11 18:54:28 ------------
Reply With Quote
  #17  
Old April 11th, 2008, 11:34 PM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
CTH Subscriber
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,810
Go to Start Search and type

cmd

Cmd.exe will appear at the top of the Menu. Rightclick on it and choose "Run as Administrator. Now type the below commands and hit "Enter" after each line

sc stop MyWebSearchService (you may get a message saying the service is not running. That's fine, type the below command next)

sc delete MyWebSearchService

Type Exit to close.

When you have done this, go here and download ATF cleaner (do not download the Recommended Download on the mirror site). Use it to remove all Temp Files, Cookies and Temp Internet Files, Java Cache and any others that you would like to remove. If you also use Opera or Firefox, also click on the cleaning options for each browser.

Next, disable your antivirus program and go here -> http://www.eset.com/onlinescan and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes:

Remove found threats
Scan unwanted applications

Click Start. This scan may take a while, so please be patient. Go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt. Click Edit - Select All then copy/paste that log back here.

Also post a new Hijack This log please.
Reply With Quote
  #18  
Old April 12th, 2008, 12:41 PM
simespsb simespsb is offline
Member
 
Join Date: Apr 2008
Posts: 34
Hi, one thing that I noticed today which might be relevant. I've been cleaning up as much as possible. When I tried to uninstall 'MyWebSearch' in remove programs it gives the following error...
Error loading c:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsbar.dll The specified module cannot be found.

Many thanks for looking at this for me!
Reply With Quote
  #19  
Old April 12th, 2008, 12:55 PM
simespsb simespsb is offline
Member
 
Join Date: Apr 2008
Posts: 34
The last 2 post have vanished, just posting this to see if they come back
Reply With Quote
  #20  
Old April 12th, 2008, 12:56 PM
simespsb simespsb is offline
Member
 
Join Date: Apr 2008
Posts: 34
that's it they are back!
Reply With Quote
  #21  
Old April 12th, 2008, 02:19 PM
simespsb simespsb is offline
Member
 
Join Date: Apr 2008
Posts: 34
Ok i completed the above but ESET scanner has not saved a log file, I did note 3 threats tho all included in MyWebSearch.
Here's the Hijack This Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:15:53, on 12/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Simes\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (file missing)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (file missing)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O15 - Trusted Zone: http://www.gaydar.co.uk
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxbc_device - - C:\Windows\system32\lxbccoms.exe

--
End of file - 5937 bytes
Reply With Quote
  #22  
Old April 12th, 2008, 08:18 PM
simespsb simespsb is offline
Member
 
Join Date: Apr 2008
Posts: 34
Hi, I ran some Microsoft program and found this, it may help

24719 20:06:15 (1) !! ERROR: The following WMI system file(s) is/are missing: .................................................. ........... 3 ERROR(S)!
24720 20:06:15 (0) ** - C:\Windows\System32\WBEM\framedyn.dll
24721 20:06:15 (0) ** - C:\Windows\System32\WBEM\provthrd.dll
24722 20:06:15 (0) ** - C:\Windows\System32\WBEM\wbemcomn.dll
Reply With Quote
  #23  
Old April 12th, 2008, 09:44 PM
simespsb simespsb is offline
Member
 
Join Date: Apr 2008
Posts: 34
I,ve tried downloading and replacing these files but no change. After the work done with you so far tho my system seems faster and the pop ups have gone...i think
Reply With Quote
  #24  
Old April 13th, 2008, 12:27 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
CTH Subscriber
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,810
Quote:
When I tried to uninstall 'MyWebSearch' in remove programs it gives the following error...
Error loading c:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsbar.dll The specified module cannot be found.
That's because we have removed the program. Just allow it to remove the entry if you are asked.

Quote:
Hi, I ran some Microsoft program and found this, it may help
24719 20:06:15 (1) !! ERROR: The following WMI system file(s) is/are missing: .................................................. ........... 3 ERROR(S)!
24720 20:06:15 (0) ** - C:\Windows\System32\WBEM\framedyn.dll
24721 20:06:15 (0) ** - C:\Windows\System32\WBEM\provthrd.dll
24722 20:06:15 (0) ** - C:\Windows\System32\WBEM\wbemcomn.dll
What Microsoft program did you run?

Quote:
Ok i completed the above but ESET scanner has not saved a log file, I did note 3 threats tho all included in MyWebSearch
That's a pity but it would have deleted what it found.

Quote:
I seem to have acquired something nasty on my system that has changed my taskbar and menus to Windows Classic. When I go to Personalize and try to change appearance etc I get an error saying Rundll32 has stopped working.
This was your original problem plus popups. Please itemise exactly what problems still exist (if any).
Reply With Quote
  #25  
Old April 13th, 2008, 01:19 AM
simespsb simespsb is offline
Member
 
Join Date: Apr 2008
Posts: 34
Sorry if i've confused things by trying out my own fixes. I get the Rundll32 error when trying to change anything in 'Personalize'. I still have a Windows Classic Taslbar and Menu's. System Restore fails no matter what Restore Point i set.
The ms program is called WMIDiag, the log file is 140.000 characters long so i haven't posted it.
I have posted a new Hijack This log.

Many thanks again for your time with this.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:19:13, on 13/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Simes\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RegistrySmart] C:\Program Files\RegistrySmart\RegistrySmart.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (file missing)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (file missing)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O15 - Trusted Zone: http://www.gaydar.co.uk
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxbc_device - - C:\Windows\system32\lxbccoms.exe

--
End of file - 6064 bytes
Reply With Quote
  #26  
Old April 13th, 2008, 02:26 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
CTH Subscriber
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,810
No problem. Your Hijack This log looks fine now so I dont think we are dealing with a malware issue anymore and I'm transferring this topic back to the Vista Forum.

Lets check out those missing files.

Click on Start and type cmd in the Start Search box. Cmd.exe will appear at the top of the Menu. Rightclick on it and choose "Run as Administrator". Copy and paste the following command in the Code box after the prompt > and hit Enter.

dir /s /a "c:\framedyn*.*" > c:\find.txt & start notepad c:\find.txt

Your drive will be scanned and when finished, Notepad will pop up with some information. Copy and paste it in this thread. Now do the same for the below strings and copy and paste that information here too.

dir /s /a "c:\provthrd*.*" > c:\find1.txt & start notepad c:\find1.txt

dir /s /a "c:\wbemcomn*.*" > c:\find2.txt & start notepad c:\find2.txt
Reply With Quote
  #27  
Old April 13th, 2008, 10:53 AM
simespsb simespsb is offline
Member
 
Join Date: Apr 2008
Posts: 34
Volume in drive C is HDD
Volume Serial Number is 90CE-E7AC

Directory of c:\Users\Simes\AppData\Roaming\Microsoft\Windows\R ecent

12/04/2008 20:50 521 framedyn[1].lnk
1 File(s) 521 bytes

Directory of c:\Users\Simes\Documents

12/04/2008 20:57 185,856 framedyn.dll
12/04/2008 20:50 <DIR> framedyn[1]
1 File(s) 185,856 bytes

Directory of c:\Users\Simes\Documents\framedyn[1]

12/04/2008 20:50 174,592 framedyn.dll
1 File(s) 174,592 bytes

Directory of c:\Windows\System32

19/01/2008 08:34 202,240 framedyn.dll
19/01/2008 08:34 204,800 framedynos.dll
2 File(s) 407,040 bytes

Directory of c:\Windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6000.16386_none_b71d4119 22ad8f1f

02/11/2006 10:46 201,728 framedyn.dll
02/11/2006 10:46 204,288 framedynos.dll
2 File(s) 406,016 bytes

Directory of c:\Windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6001.18000_none_b9540315 1f989ff3

19/01/2008 08:34 202,240 framedyn.dll
19/01/2008 08:34 204,800 framedynos.dll
2 File(s) 407,040 bytes

Total Files Listed:
9 File(s) 1,581,065 bytes
1 Dir(s) 173,311,766,528 bytes free
Reply With Quote
  #28  
Old April 13th, 2008, 10:53 AM
simespsb simespsb is offline
Member
 
Join Date: Apr 2008
Posts: 34
Volume in drive C is HDD
Volume Serial Number is 90CE-E7AC

Directory of c:\Users\Simes\Documents

12/04/2008 21:02 191,488 provthrd.dll
1 File(s) 191,488 bytes

Directory of c:\Windows\System32

19/01/2008 08:36 191,488 provthrd.dll
1 File(s) 191,488 bytes

Directory of c:\Windows\winsxs\x86_microsoft-windows-wmi-provider-common_31bf3856ad364e35_6.0.6000.16386_none_a60902 bfdc356c25

02/11/2006 10:46 191,488 provthrd.dll
1 File(s) 191,488 bytes

Directory of c:\Windows\winsxs\x86_microsoft-windows-wmi-provider-common_31bf3856ad364e35_6.0.6001.18000_none_a83fc4 bbd9207cf9

19/01/2008 08:36 191,488 provthrd.dll
1 File(s) 191,488 bytes

Total Files Listed:
4 File(s) 765,952 bytes
0 Dir(s) 173,311,758,336 bytes free
Reply With Quote
  #29  
Old April 13th, 2008, 10:54 AM
simespsb simespsb is offline
Member
 
Join Date: Apr 2008
Posts: 34
Volume in drive C is HDD
Volume Serial Number is 90CE-E7AC

Directory of c:\Users\Simes\Documents

12/04/2008 20:59 214,528 wbemcomn.dll
1 File(s) 214,528 bytes

Directory of c:\Windows\System32

19/01/2008 08:36 357,888 wbemcomn.dll
1 File(s) 357,888 bytes

Directory of c:\Windows\System32\wbem\tmf

19/01/2008 06:38 88,150 wbemcomn.tmf
1 File(s) 88,150 bytes

Directory of c:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64

14/02/2008 08:40 357,888 wbemcomn.dll
1 File(s) 357,888 bytes

Directory of c:\Windows\winsxs\x86_microsoft-windows-wmi-core-wbemcomn-dll_31bf3856ad364e35_6.0.6000.16386_none_01446c012 6475bc7

02/11/2006 10:46 356,864 wbemcomn.dll
02/11/2006 09:41 89,170 wbemcomn.tmf
2 File(s) 446,034 bytes

Directory of c:\Windows\winsxs\x86_microsoft-windows-wmi-core-wbemcomn-dll_31bf3856ad364e35_6.0.6000.16553_none_0161deb32 631b63d

14/11/2007 19:10 356,352 wbemcomn.dll
14/11/2007 19:10 88,300 wbemcomn.tmf
2 File(s) 444,652 bytes

Directory of c:\Windows\winsxs\x86_microsoft-windows-wmi-core-wbemcomn-dll_31bf3856ad364e35_6.0.6000.20672_none_01d4db5c3 f607492

14/11/2007 19:10 356,352 wbemcomn.dll
14/11/2007 19:10 88,300 wbemcomn.tmf
2 File(s) 444,652 bytes

Directory of c:\Windows\winsxs\x86_microsoft-windows-wmi-core-wbemcomn-dll_31bf3856ad364e35_6.0.6001.18000_none_037b2dfd2 3326c9b

19/01/2008 08:36 357,888 wbemcomn.dll
19/01/2008 06:38 88,150 wbemcomn.tmf
2 File(s) 446,038 bytes

Total Files Listed:
12 File(s) 2,799,830 bytes
0 Dir(s) 173,311,754,240 bytes free
Reply With Quote
  #30  
Old April 14th, 2008, 03:19 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
CTH Subscriber
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,810
That's odd. It looks as though Service Pack 1 installed files to the System32 folder instead of the the WBEM folder.

Boot into Safe Mode. To do this, restart your computer and tap F8 continuously as it restarts. Choose Safe Mode from the Menu. When your Desktop has loaded, open Computer and navigate to the c:\Windows\System32 folder. Open it and look for wbemcomn.dll. When you find it, righclick on the file and choose Copy. Next navigate to c:\Windows\System32\wbem. Rightclick on the WBEM folder and choose Paste.

Repeat the above actions for framedyn.dll and provthrd.dll. Reboot when you have done this and tell me if this made any difference to the problems you have reported.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
rundll32 error Total Noob Windows Vista 1 December 20th, 2016 05:39 PM
Rundll32.exe Error and More. Nicholas_Roge Malware Removal 7 June 6th, 2008 04:16 AM
Error for rundll32.exe BoBrooke Windows XP 3 March 5th, 2007 05:41 PM
16 bit MS DOS & Rundll32 error richie1242 Windows XP 0 July 27th, 2004 03:51 AM
Rundll32.exe error HELP Johnny K Windows XP 0 May 12th, 2004 11:10 PM


All times are GMT +1. The time now is 06:19 AM.