Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: Error loading C:\WINDOWS\system32\xfvwmuke.dll on startup  (Read 9051 times)

0 Members and 1 Guest are viewing this topic.

alantro4

    Topic Starter


    Greenhorn

    Error loading C:\WINDOWS\system32\xfvwmuke.dll on startup
    « on: April 19, 2008, 06:33:20 PM »
    When I start my computer I get a message saying:

    "Error Loading C:\WINDOWS\system32\xfvwmuke.dll Specified module could not be found." 

    It started after running some anti-spyware programs to get rid of a virus.  When the message pops up I just hit OK and everything seems to be working fine, but I keep getting the message whenever I restart.  A search on the internet for xfvwmuke.dll doesn't find anything.  I'm running windows XP, can anybody help me with this?  Thanks.
    Logged

    brett74



      Apprentice

      Thanked: 2
      Re: Error loading C:\WINDOWS\system32\xfvwmuke.dll on startup
      « Reply #1 on: April 19, 2008, 07:03:53 PM »
      it sounds like a virus that your anti virus didn't catch what anti-virus do you have?
      Logged

      Broni


        Mastermind
      • Kraków my love :)
        • Thanked: 614
        • Computer Help Forum
      • Computer: Specs
      • Experience: Experienced
      • OS: Windows 8
      Re: Error loading C:\WINDOWS\system32\xfvwmuke.dll on startup
      « Reply #2 on: April 19, 2008, 07:04:42 PM »
      Print these instructions out.

      1. Download SUPERAntiSpyware Free for Home Users:
      http://www.superantispyware.com/

          * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
          * An icon will be created on your desktop. Double-click that icon to launch the program.
          * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
          * Close SUPERAntiSpyware.

      Restart computer in Safe Mode.
      To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

          * Open SUPERAntiSpyware.
          * Under "Configuration and Preferences", click the Preferences button.
          * Click the Scanning Control tab.
          * Under Scanner Options make sure the following are checked (leave all others unchecked):
                o Close browsers before scanning.
                o Scan for tracking cookies.
                o Terminate memory threats before quarantining.
          * Click the "Close" button to leave the control center screen.
          * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
          * On the left, make sure you check C:\Fixed Drive.
          * On the right, under "Complete Scan", choose Perform Complete Scan.
          * Click "Next" to start the scan. Please be patient while it scans your computer.
          * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
          * Make sure everything has a checkmark next to it and click "Next".
          * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
          * If asked if you want to reboot, click "Yes".
          * To retrieve the removal information after reboot, launch SUPERAntispyware again.
                o Click Preferences, then click the Statistics/Logs tab.
                o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
                o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
                o Please copy and paste the Scan Log results in your next reply.
          * Click Close to exit the program.
      Post SUPERAntiSpyware log.

      RESTART COMPUTER!

      2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop.

          * Double-click mbam-setup.exe and follow the prompts to install the program.
          * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
          * If an update is found, it will download and install the latest version.
          * Once the program has loaded, select Perform full scan, then click Scan.
          * When the scan is complete, click OK, then Show Results to view the results.
          * Be sure that everything is checked, and click Remove Selected.
          * When completed, a log will open in Notepad.
          * Post the log back here.

      The log can also be found here:
      C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
      Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

      RESTART COMPUTER!

      3. Download HijackThis:
      http://www.snapfiles.com/get/hijackthis.html
      Post HijackThis log.
      Logged

      alantro4

        Topic Starter


        Greenhorn

        Re: Error loading C:\WINDOWS\system32\xfvwmuke.dll on startup
        « Reply #3 on: April 20, 2008, 06:09:47 PM »
        Here are my logs:

        SUPERAntiSpyware Scan Log
        http://www.superantispyware.com

        Generated 04/20/2008 at 07:31 AM

        Application Version : 4.0.1154

        Core Rules Database Version : 3442
        Trace Rules Database Version: 1434

        Scan type       : Complete Scan
        Total Scan Time : 11:57:37

        Memory items scanned      : 176
        Memory threats detected   : 0
        Registry items scanned    : 6207
        Registry threats detected : 0
        File items scanned        : 87313
        File threats detected     : 3

        Adware.Tracking Cookie
           C:\Documents and Settings\David Goforth\Cookies\[email protected][1].txt
           C:\Documents and Settings\David Goforth\Cookies\david_goforth@atdmt[1].txt

        Adware.Vundo Variant/Rel
           C:\WINDOWS\SYSTEM32\MCRH.TMP

        Malwarebytes' Anti-Malware 1.11
        Database version: 663

        Scan type: Full Scan (C:\|)
        Objects scanned: 121784
        Time elapsed: 1 hour(s), 13 minute(s), 9 second(s)

        Memory Processes Infected: 0
        Memory Modules Infected: 0
        Registry Keys Infected: 1
        Registry Values Infected: 0
        Registry Data Items Infected: 0
        Folders Infected: 0
        Files Infected: 1

        Memory Processes Infected:
        (No malicious items detected)

        Memory Modules Infected:
        (No malicious items detected)

        Registry Keys Infected:
        HKEY_CLASSES_ROOT\CLSID\{3c78b8e2-6c4d-11d1-ade2-0000f8754b99} (Adware.Casino) -> Quarantined and deleted successfully.

        Registry Values Infected:
        (No malicious items detected)

        Registry Data Items Infected:
        (No malicious items detected)

        Folders Infected:
        (No malicious items detected)

        Files Infected:
        C:\Program Files\Music Editing Master\wavdest.ax (Adware.Casino) -> Quarantined and deleted successfully.

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 5:04:51 PM, on 4/20/2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16640)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\ACS.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
        C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
        C:\Program Files\Symantec AntiVirus\DefWatch.exe
        C:\WINDOWS\system32\DVDRAMSV.exe
        C:\WINDOWS\system32\svchost.exe
        c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
        C:\Program Files\Symantec AntiVirus\Rtvscan.exe
        C:\WINDOWS\system32\MsPMSPSv.exe
        C:\WINDOWS\system32\TCtrlIOHook.exe
        C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
        C:\WINDOWS\system32\dla\tfswctrl.exe
        C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        C:\Program Files\Apoint2K\Apoint.exe
        C:\WINDOWS\AGRSMMSG.exe
        C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
        C:\Program Files\Toshiba\Tvs\TvsTray.exe
        C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
        C:\WINDOWS\system32\TPSMain.exe
        C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
        C:\WINDOWS\system32\ZoomingHook.exe
        C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
        C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
        C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
        C:\Program Files\Apoint2K\Apntex.exe
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\WINDOWS\system32\TPSBattM.exe
        C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
        C:\Program Files\Common Files\Symantec Shared\ccApp.exe
        C:\PROGRA~1\SYMANT~1\VPTray.exe


        And I'm running Symantec Antivirus.  Thanks for the help.
        Logged

        Broni


          Mastermind
        • Kraków my love :)
          • Thanked: 614
          • Computer Help Forum
        • Computer: Specs
        • Experience: Experienced
        • OS: Windows 8
        Re: Error loading C:\WINDOWS\system32\xfvwmuke.dll on startup
        « Reply #4 on: April 20, 2008, 06:21:17 PM »
        I need a whole HJT log.
        Logged

        alantro4

          Topic Starter


          Greenhorn

          Re: Error loading C:\WINDOWS\system32\xfvwmuke.dll on startup
          « Reply #5 on: April 21, 2008, 12:46:23 AM »
          Oops, guess I cut it off.  Here it is:

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 5:04:51 PM, on 4/20/2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16640)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\ACS.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
          C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
          C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
          C:\Program Files\Symantec AntiVirus\DefWatch.exe
          C:\WINDOWS\system32\DVDRAMSV.exe
          C:\WINDOWS\system32\svchost.exe
          c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
          C:\Program Files\Symantec AntiVirus\Rtvscan.exe
          C:\WINDOWS\system32\MsPMSPSv.exe
          C:\WINDOWS\system32\TCtrlIOHook.exe
          C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
          C:\WINDOWS\system32\dla\tfswctrl.exe
          C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
          C:\Program Files\Apoint2K\Apoint.exe
          C:\WINDOWS\AGRSMMSG.exe
          C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
          C:\Program Files\Toshiba\Tvs\TvsTray.exe
          C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
          C:\WINDOWS\system32\TPSMain.exe
          C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
          C:\WINDOWS\system32\ZoomingHook.exe
          C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
          C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
          C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
          C:\Program Files\Apoint2K\Apntex.exe
          C:\Program Files\iTunes\iTunesHelper.exe
          C:\WINDOWS\system32\TPSBattM.exe
          C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
          C:\Program Files\Common Files\Symantec Shared\ccApp.exe
          C:\PROGRA~1\SYMANT~1\VPTray.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
          C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
          C:\Program Files\Logitech\SetPoint\SetPoint.exe
          C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
          C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
          C:\Program Files\iPod\bin\iPodService.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
          O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
          O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
          O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
          O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
          O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
          O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
          O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
          O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
          O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
          O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
          O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
          O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
          O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
          O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
          O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
          O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
          O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
          O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
          O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
          O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
          O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
          O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
          O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
          O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
          O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
          O4 - HKLM\..\Run: [b4bda793] rundll32.exe "C:\WINDOWS\system32\xfvwmuke.dll",b
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
          O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
          O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
          O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
          O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
          O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
          O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
          O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
          O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
          O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
          O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
          O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
          O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
          O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
          O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
          O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
          O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
          O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
          O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
          O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
          O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
          O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
          O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
          O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
          O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
          O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
          O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
          O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
          O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
          O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
          O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
          O23 - Service: SoundMovieServer - SoundMovieServer - C:\WINDOWS\system32\snmvtsvc.exe
          O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
          O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

          --
          End of file - 11613 bytes

          Thanks again.
          Logged

          Broni


            Mastermind
          • Kraków my love :)
            • Thanked: 614
            • Computer Help Forum
          • Computer: Specs
          • Experience: Experienced
          • OS: Windows 8
          Re: Error loading C:\WINDOWS\system32\xfvwmuke.dll on startup
          « Reply #6 on: April 21, 2008, 12:56:10 PM »
          *** Disable TeaTimer, as it'll interfere with the cleaning process:
          Right click Spybot's TeaTimer System Tray Icon.
          Click Exit Spybot-S&D Resident.
          TeaTimer closes.

          1. Print this post out, since you won't have an access to it, at some point.

          2. Close all windows, except for HijackThis.

          3. Put a checkmark next to the following HijackThis entries (some entries will be checkmarked to disable unnecessary startups; in those cases (marked with *), no actual program will be removed):

          - *O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
          - *O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
          - *O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
          - O4 - HKLM\..\Run: [b4bda793] rundll32.exe "C:\WINDOWS\system32\xfvwmuke.dll",b
          - *O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
          - O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
          - O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
          - O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)


          4. Click on Fix checked button.

          5. Restart your computer in Safe Mode (keep tapping F8 key, when your computer starts, until meny appears)

          6. Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.

          7. Delete following files/folders (if present):

          - xfvwmuke.dll file from C:\WINDOWS\system32

          8. Restart in Normal Mode.

          9. Post new HijackThis log.
          Logged

          alantro4

            Topic Starter


            Greenhorn

            Re: Error loading C:\WINDOWS\system32\xfvwmuke.dll on startup
            « Reply #7 on: April 21, 2008, 01:45:06 PM »
            Ok, here is the log.  And FYI, there was no file to delete in Step 7 above and when restarting, the error message did not pop up this time.

            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 12:36:56 PM, on 4/21/2008
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v7.00 (7.00.6000.16640)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\Ati2evxx.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\ACS.exe
            C:\WINDOWS\system32\Ati2evxx.exe
            C:\WINDOWS\Explorer.EXE
            C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
            C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
            C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
            C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
            C:\Program Files\Symantec AntiVirus\DefWatch.exe
            C:\WINDOWS\system32\DVDRAMSV.exe
            C:\WINDOWS\system32\svchost.exe
            c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
            C:\Program Files\Symantec AntiVirus\Rtvscan.exe
            C:\WINDOWS\system32\MsPMSPSv.exe
            C:\WINDOWS\system32\TCtrlIOHook.exe
            C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
            C:\WINDOWS\system32\dla\tfswctrl.exe
            C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
            C:\Program Files\Apoint2K\Apoint.exe
            C:\WINDOWS\AGRSMMSG.exe
            C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
            C:\Program Files\Toshiba\Tvs\TvsTray.exe
            C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
            C:\WINDOWS\system32\TPSMain.exe
            C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
            C:\WINDOWS\system32\ZoomingHook.exe
            C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
            C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
            C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
            C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
            C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
            C:\Program Files\Common Files\Symantec Shared\ccApp.exe
            C:\PROGRA~1\SYMANT~1\VPTray.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\Logitech\SetPoint\SetPoint.exe
            C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
            C:\WINDOWS\system32\TPSBattM.exe
            C:\Program Files\Apoint2K\Apntex.exe
            C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
            C:\WINDOWS\system32\wuauclt.exe
            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
            O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
            O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
            O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
            O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
            O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
            O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
            O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
            O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
            O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
            O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
            O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
            O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
            O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
            O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
            O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
            O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
            O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
            O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
            O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
            O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
            O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
            O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
            O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
            O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
            O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
            O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
            O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
            O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
            O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
            O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
            O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
            O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
            O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
            O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
            O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
            O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
            O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
            O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
            O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
            O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
            O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
            O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
            O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
            O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
            O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
            O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
            O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
            O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
            O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
            O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
            O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
            O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
            O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
            O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
            O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
            O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
            O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
            O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
            O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
            O23 - Service: SoundMovieServer - SoundMovieServer - C:\WINDOWS\system32\snmvtsvc.exe
            O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
            O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

            --
            End of file - 10751 bytes
            Logged

            Broni


              Mastermind
            • Kraków my love :)
              • Thanked: 614
              • Computer Help Forum
            • Computer: Specs
            • Experience: Experienced
            • OS: Windows 8
            Re: Error loading C:\WINDOWS\system32\xfvwmuke.dll on startup
            « Reply #8 on: April 21, 2008, 01:51:31 PM »
            Good job :)

            HJT log is clean.

            1. Download, and install CCleaner: http://www.ccleaner.com/download/builds. Get "Slim" version.
            Read CCleaner instruction here: http://www.jahewi.nl/ccleaner/ccleaner.html.
            Run CCleaner.

            2. Turn off System Restore:

            - Windows XP:
               1. Click Start.
               2. Right-click the My Computer icon, and then click Properties.
               3. Click the System Restore tab.
               4. Check "Turn off System Restore".
               5. Click Apply.   
               6.  When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
               7. Click OK.
            - Windows Vista:
               1. Click Start.
               2. Right-click the Computer icon, and then click Properties.
               3. Click on System Protection under the Tasks column on the left side
               4. Click on Continue on the "User Account Control" window that pops up
               5. Under the System Protection tab, find Available Disks
               6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
               7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
               8. Click OK

            3. Restart computer.

            4. Turn System Restore on.

            5. Download, and install free ThreatFire: http://www.threatfire.com/, which will give you real-time protection against malwares.
            It won't interfere with your antivirus, nor firewall.

            6. Let me know, how your computer is doing.
            Logged

            alantro4

              Topic Starter


              Greenhorn

              Re: Error loading C:\WINDOWS\system32\xfvwmuke.dll on startup
              « Reply #9 on: April 22, 2008, 12:52:36 AM »
              Everything is working great, thanks so much for your help.
              Logged

              Broni


                Mastermind
              • Kraków my love :)
                • Thanked: 614
                • Computer Help Forum
              • Computer: Specs
              • Experience: Experienced
              • OS: Windows 8
              Re: Error loading C:\WINDOWS\system32\xfvwmuke.dll on startup
              « Reply #10 on: April 22, 2008, 09:21:28 AM »
              Very good :)
              Happy computing :)
              Logged
              Pages: [1]   Go Up
              « previous next »