Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: 'Error loading dll32' message  (Read 25194 times)

0 Members and 1 Guest are viewing this topic.

mzdwells

    Topic Starter


    Rookie

    'Error loading dll32' message
    « on: March 26, 2009, 09:31:17 AM »
    Yesterday I updated my Avast! virus software and it detected a virus which I moved to the chest (file is called dll32.dll).

    Since doing that I get a window pop up after start up my computer  "Error loading dll32 The specified module could not be found". Also, I cannot access webpages through Internet Explorer (my only browser --- I am posting this message through my work computer). However, the internet does work as I can use Outlook Express.

    Could someone please assist me in fixing this?

    Thanks!

    evilfantasy

    • Malware Removal Specialist
    • Moderator


    • Genius
    • Calm like a bomb
    • Thanked: 493
    • Experience: Experienced
    • OS: Windows 11
    Re: 'Error loading dll32' message
    « Reply #1 on: March 27, 2009, 09:24:47 PM »
    Can you transfer over Dr Web and scan with it? I need the log it creates.

    Download DrWeb CureIt & save it to your desktop. Scan with DrWeb-CureIt as follows:

    • Double-click on drweb-cureit.exe and then click Start
    • An information notice will appear, click OK.
    • This starts a short scan that will scan the files currently running in memory.
    • If you get a prompt to buy the full version just exit out of the window. The scanner will still work without buying the full version
    • If or when something is found, click the Yes button when it asks you if you want to cure it.
    .
    • Once the short scan has finished, Click Settings > Change Settings
    • Under the Scanning tab UNcheck Heuristic analysis and click OK
    • Back at the main window, select the Complete scan button and then click the Green Arrow Start Scanning button on the right and the scan will start.
    • Click Yes to all if it asks if you want to cure/move any file(s).
    • When the scan is done.
    • In the Dr.Web CureIt menu on top left, click File and choose Save report list.
    • Save the DrWeb.csv report to your Desktop.
    • Exit Dr.Web Cureit.
    • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
    .
    * After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
    * Copy and paste that log in the next reply

    mzdwells

      Topic Starter


      Rookie

      Re: 'Error loading dll32' message
      « Reply #2 on: April 02, 2009, 07:18:15 AM »
      Here is the log:

      A0175203.DLL;C:\System Volume Information\_restore{59343236-1A28-4710-BCCC-3F5F6633CEB6}\RP1395;Trojan.Click.24880;Deleted.;

      Thanks again!

      evilfantasy

      • Malware Removal Specialist
      • Moderator


      • Genius
      • Calm like a bomb
      • Thanked: 493
      • Experience: Experienced
      • OS: Windows 11
      Re: 'Error loading dll32' message
      « Reply #3 on: April 02, 2009, 11:24:22 AM »
      Download TrendMicro HijackThis.exe (HJT) to the Desktop.

      • Double-click on HJTInstall.
      • Click on the Install button.
      • It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
      • Upon install, HijackThis should open for you.
      • Click on the Do a system scan and save a log file button
      • HijackThis will scan and then a log will open in notepad.
      • Copy and then paste the entire contents of the log in your post.
      • Do not have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

      mzdwells

        Topic Starter


        Rookie

        Re: 'Error loading dll32' message
        « Reply #4 on: April 07, 2009, 11:00:52 AM »
        Here is the log, thanks.

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 7:55:51 PM, on 06/04/2009
        Platform: Windows XP SP3 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16791)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
        C:\Program Files\Java\jre6\bin\jqs.exe
        C:\WINDOWS\system32\slserv.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\System32\sistray.EXE
        C:\WINDOWS\System32\khooker.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\WINDOWS\mHotkey.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\Program Files\Microsoft Hardware\Mouse\point32.exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\Program Files\Java\jre6\bin\jusched.exe
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
        C:\Program Files\Nikon\NkView5\NkvMon.exe
        C:\Program Files\D-Link AirPlus\AirPlus.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\iPod\bin\iPodService.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nypost.com/gossip/gossip.htm
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sb/*http://www.yahoo.com/search/ie.html
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
        F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
        O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
        O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
        O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
        O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
        O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
        O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
        O4 - HKLM\..\Run: [POINTER] point32.exe
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
        O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
        O4 - HKCU\..\Run: [dll] rundll32 dll32,sm
        O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
        O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
        O4 - Global Startup: D-Link AirPlus.lnk = ?
        O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O14 - IERESET.INF: START_PAGE_URL=http://www.eurocom.ca/
        O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
        O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
        O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
        O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
        O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
        O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2442357e849549126123/netzip/RdxIE601.cab
        O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
        O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
        O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
        O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
        O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
        O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (WebEyeControl) - http://www.rockefellercenter.com/viewer/wg_webeye.cab
        O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
        O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
        O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
        O16 - DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} (DAX Control) - https://webmail.ontario.ca/exchweb/controls/DAX.cab
        O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://blacks.pnimedia.com/upload/activex/v2_0_0_7/PCAXSetupv2.0.0.7.cab?
        O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
        O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
        O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
        O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

        --
        End of file - 8808 bytes

        evilfantasy

        • Malware Removal Specialist
        • Moderator


        • Genius
        • Calm like a bomb
        • Thanked: 493
        • Experience: Experienced
        • OS: Windows 11
        Re: 'Error loading dll32' message
        « Reply #5 on: April 07, 2009, 11:15:11 AM »
        Open HijackThis and select Do a system scan only.

        Place a check mark next to the following entries: (if there)

        .
        Important: Close all open windows except for HijackThis and then click Fix checked.

        Once completed, exit HijackThis.

        ----------

        Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

        Link #1
        Link #2

        **Note:  It is important that it is saved directly to your Desktop

        Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

        Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
         
        Double click combofix.exe & follow the prompts.
        When finished ComboFix will produce a log for you.
        Post the ComboFix log in your next reply.

        Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

        Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

        If you have problems with ComboFix usage, see How to use ComboFix

        mroilfield



          Mentor
        • Thanked: 42
          • Yes
          • Yes
        • Computer: Specs
        • Experience: Experienced
        • OS: Windows 11
        Re: 'Error loading dll32' message
        « Reply #6 on: April 09, 2009, 04:55:06 AM »
        BrockO,

        You need to start your own thread.

        You can't fix Stupid!!!

        mzdwells

          Topic Starter


          Rookie

          Re: 'Error loading dll32' message
          « Reply #7 on: April 09, 2009, 07:25:52 AM »
          I did this twice, the first time I couldn't connect to the internet for the 'recovery console' installation so I ran it again when the connection was regained. Hope that is ok....I am posting both logs.

          Without internet connection:


          omboFix 09-04-04.01 - Marta 2009-04-08 21:31:59.1 - FAT32x86
          Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.221.59 [GMT -4:00]
          Running from: E:\ComboFix.exe
          AV: avast! antivirus 4.8.1335 [VPS 090407-0] *On-access scanning disabled* (Updated)
           * Created a new restore point

          WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
          .

          (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          c:\windows\system32\nfr.assembly
          c:\windows\system32\nfr.gpref

          .
          (((((((((((((((((((((((((   Files Created from 2009-03-09 to 2009-04-09  )))))))))))))))))))))))))))))))
          .

          2009-04-06 19:53 . 2009-04-06 19:53   <DIR>   d--------   c:\program files\Trend Micro
          2009-04-01 18:59 . 2009-04-01 18:59   <DIR>   d--------   c:\documents and settings\Marta\DoctorWeb
          2009-03-25 21:20 . 2009-03-25 21:18   410,984   --a------   c:\windows\system32\deploytk.dll
          2009-03-22 18:17 . 2009-03-23 21:18   3,157   ---h-----   c:\windows\f5087.dat
          2009-03-22 18:11 . 2009-03-22 18:11   <DIR>   d--------   c:\windows\system32\887164
          2009-03-22 18:11 . 2009-03-22 18:11   2   ---h-----   c:\windows\t55ft2792f44.dat
          2009-03-22 18:11 . 2009-03-22 18:11   1   ---h-----   c:\windows\f23567.dat
          2009-03-14 20:00 . 2009-03-14 20:00   <DIR>   d--hs----   C:\FOUND.027
          2009-03-09 20:06 . 2009-03-09 20:06   <DIR>   d--hs----   C:\FOUND.026

          .
          ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2009-02-09 11:13   1,846,784   ----a-w   c:\windows\system32\win32k.sys
          2009-02-09 11:13   1,846,784   ------w   c:\windows\system32\dllcache\win32k.sys
          2009-01-17 01:35   3,594,752   ----a-w   c:\windows\system32\dllcache\mshtml.dll
          2008-07-29 23:26   32,768   --sha-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008072920080730\index.dat
          .

          (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          *Note* empty entries & legit default entries are not shown
          REGEDIT4

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
          "Update Manager"="c:\program files\Rogers\Update Manager\UpdateManager.exe" [2005-01-28 131072]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "SiS Tray"="c:\windows\System32\sistray.EXE" [2002-05-09 303104]
          "SiS KHooker"="c:\windows\System32\khooker.exe" [2002-01-25 290816]
          "SiSUSBRG"="c:\windows\sisUSBrg.exe" [2002-04-25 32768]
          "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2002-07-25 135168]
          "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
          "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-25 136600]
          "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
          "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
          "SoundMan"="SOUNDMAN.EXE" [2002-08-14 c:\windows\SOUNDMAN.EXE]
          "CHotkey"="mHotkey.exe" [2001-12-26 c:\windows\mHotkey.exe]

          c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
          Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-09-05 53317]
          Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-09-05 65588]
          NkvMon.exe.lnk - c:\program files\Nikon\NkView5\NkvMon.exe [2003-09-06 233472]
          D-Link AirPlus.lnk - c:\program files\D-Link AirPlus\AirPlus.exe [2003-12-28 262144]
          Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
          "%windir%\\system32\\sessmgr.exe"=
          "c:\\Program Files\\eMule\\emule.exe"=
          "c:\\Program Files\\Messenger\\msmsgs.exe"=
          "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
          "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
          "c:\\Program Files\\iTunes\\iTunes.exe"=

          R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-06-21 114768]
          R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-06-21 20560]
          .
          Contents of the 'Scheduled Tasks' folder

          2009-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
          - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
          .
          - - - - ORPHANS REMOVED - - - -

          HKCU-Run-Yahoo! Pager - c:\program files\Yahoo!\Messenger\ypager.exe
          HKLM-Run-POINTER - point32.exe


          .
          ------- Supplementary Scan -------
          .
          uStart Page = hxxp://www.nypost.com/gossip/gossip.htm
          uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
          uInternet Settings,ProxyServer = http=localhost:7171
          uInternet Settings,ProxyOverride = *.local;<local>
          uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
          DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
          DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} - hxxps://webmail.ontario.ca/exchweb/controls/DAX.cab
          .

          **************************************************************************

          catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2009-04-08 21:35:30
          Windows 5.1.2600 Service Pack 3 FAT NTAPI

          scanning hidden processes ... 

          scanning hidden autostart entries ...

          scanning hidden files ... 

          scan completed successfully
          hidden files: 0

          **************************************************************************
          .
          Completion time: 2009-04-08 21:37:48
          ComboFix-quarantined-files.txt  2009-04-09 01:37:44

          Pre-Run: 5,465,047,040 bytes free
          Post-Run: 6,401,720,320 bytes free

          99   --- E O F ---   2009-03-16 01:28:51


          With internet connection:

          ComboFix 09-04-04.01 - Marta 2009-04-08 21:49:48.2 - FAT32x86
          Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.221.42 [GMT -4:00]
          Running from: E:\ComboFix.exe
          AV: avast! antivirus 4.8.1335 [VPS 090407-0] *On-access scanning disabled* (Updated)
          .

          (((((((((((((((((((((((((   Files Created from 2009-03-09 to 2009-04-09  )))))))))))))))))))))))))))))))
          .

          2009-04-08 21:45 . 2006-03-02 23:42   73,728   --a------   C:\pv.exe
          2009-04-06 19:53 . 2009-04-06 19:53   <DIR>   d--------   c:\program files\Trend Micro
          2009-04-01 18:59 . 2009-04-01 18:59   <DIR>   d--------   c:\documents and settings\Marta\DoctorWeb
          2009-03-25 21:20 . 2009-03-25 21:18   410,984   --a------   c:\windows\system32\deploytk.dll
          2009-03-22 18:17 . 2009-03-23 21:18   3,157   ---h-----   c:\windows\f5087.dat
          2009-03-22 18:11 . 2009-03-22 18:11   <DIR>   d--------   c:\windows\system32\887164
          2009-03-22 18:11 . 2009-03-22 18:11   2   ---h-----   c:\windows\t55ft2792f44.dat
          2009-03-22 18:11 . 2009-03-22 18:11   1   ---h-----   c:\windows\f23567.dat
          2009-03-14 20:00 . 2009-03-14 20:00   <DIR>   d--hs----   C:\FOUND.027
          2009-03-09 20:06 . 2009-03-09 20:06   <DIR>   d--hs----   C:\FOUND.026

          .
          ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2009-02-09 11:13   1,846,784   ----a-w   c:\windows\system32\win32k.sys
          2009-02-09 11:13   1,846,784   ------w   c:\windows\system32\dllcache\win32k.sys
          2009-01-17 01:35   3,594,752   ----a-w   c:\windows\system32\dllcache\mshtml.dll
          2008-07-29 23:26   32,768   --sha-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008072920080730\index.dat
          .

          (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          *Note* empty entries & legit default entries are not shown
          REGEDIT4

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
          "Update Manager"="c:\program files\Rogers\Update Manager\UpdateManager.exe" [2005-01-28 131072]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "SiS Tray"="c:\windows\System32\sistray.EXE" [2002-05-09 303104]
          "SiS KHooker"="c:\windows\System32\khooker.exe" [2002-01-25 290816]
          "SiSUSBRG"="c:\windows\sisUSBrg.exe" [2002-04-25 32768]
          "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2002-07-25 135168]
          "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
          "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-25 136600]
          "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
          "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
          "SoundMan"="SOUNDMAN.EXE" [2002-08-14 c:\windows\SOUNDMAN.EXE]
          "CHotkey"="mHotkey.exe" [2001-12-26 c:\windows\mHotkey.exe]

          c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
          Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-09-05 53317]
          Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-09-05 65588]
          NkvMon.exe.lnk - c:\program files\Nikon\NkView5\NkvMon.exe [2003-09-06 233472]
          D-Link AirPlus.lnk - c:\program files\D-Link AirPlus\AirPlus.exe [2003-12-28 262144]
          Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
          "%windir%\\system32\\sessmgr.exe"=
          "c:\\Program Files\\eMule\\emule.exe"=
          "c:\\Program Files\\Messenger\\msmsgs.exe"=
          "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
          "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
          "c:\\Program Files\\iTunes\\iTunes.exe"=

          R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-06-21 114768]
          R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-06-21 20560]
          .
          Contents of the 'Scheduled Tasks' folder

          2009-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
          - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
          .
          .
          ------- Supplementary Scan -------
          .
          uStart Page = hxxp://www.nypost.com/gossip/gossip.htm
          uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
          uInternet Settings,ProxyServer = http=localhost:7171
          uInternet Settings,ProxyOverride = *.local;<local>
          uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
          DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
          DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} - hxxps://webmail.ontario.ca/exchweb/controls/DAX.cab
          .

          **************************************************************************

          catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2009-04-08 21:52:41
          Windows 5.1.2600 Service Pack 3 FAT NTAPI

          scanning hidden processes ... 

          scanning hidden autostart entries ...

          scanning hidden files ... 

          scan completed successfully
          hidden files: 0

          **************************************************************************
          .
          Completion time: 2009-04-08 21:54:43
          ComboFix-quarantined-files.txt  2009-04-09 01:54:40
          ComboFix2.txt  2009-04-09 01:37:52

          Pre-Run: 6,384,844,800 bytes free
          Post-Run: 6,370,295,808 bytes free

          WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
          [boot loader]
          timeout=2
          default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
          [operating systems]
          c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
          multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

          98   --- E O F ---   2009-03-16 01:28:51

          evilfantasy

          • Malware Removal Specialist
          • Moderator


          • Genius
          • Calm like a bomb
          • Thanked: 493
          • Experience: Experienced
          • OS: Windows 11
          Re: 'Error loading dll32' message
          « Reply #8 on: April 09, 2009, 10:51:17 AM »
          Quote
          Running from: E:\ComboFix.exe

          That isn't right. The directions call for ComboFix to be directly on the desktop. Go to Running from: E:\ComboFix.exe and delete Combofix.exe.

          Download the new version directly to the desktop.

          Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

          Link #1
          Link #2

          **Note:  It is important that it is saved directly to your Desktop

          DO NOT run it yet!

          Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

          Delete these files/folders, as follows:

          1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
          It must be Notepad, not Wordpad.
          2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

          Code: [Select]
          KillAll::

          Folder::
          c:\windows\system32\887164
          C:\FOUND.027
          C:\FOUND.026

          File::
          c:\windows\f5087.dat 
          c:\windows\t55ft2792f44.dat
          c:\windows\f23567.dat
          C:\FOUND.027
          C:\FOUND.026

          3. Go to the Notepad window and click Edit > Paste
          4. Then click File > Save
          5. Name the file CFScript.txt - Save the file to your Desktop
          6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



          ComboFix will begin to execute, just follow the prompts.
          After reboot (in case it asks to reboot), it will produce a log for you.
          Post that log (Combofix.txt) in your next reply.

          Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

          mzdwells

            Topic Starter


            Rookie

            Re: 'Error loading dll32' message
            « Reply #9 on: April 10, 2009, 10:14:52 AM »
            Here is the log:

            ComboFix 09-04-04.01 - Marta 2009-04-10 11:01:15.3 - FAT32x86
            Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.221.43 [GMT -4:00]
            Running from: c:\documents and settings\Marta\Desktop\ComboFix.exe
            Command switches used :: c:\documents and settings\Marta\Desktop\CFScript.txt
            AV: avast! antivirus 4.8.1335 [VPS 090409-0] *On-access scanning disabled* (Updated)
             * Created a new restore point
             
            FILE ::
            C:\FOUND.026
            C:\FOUND.027
            c:\windows\f23567.dat
            c:\windows\f5087.dat
            c:\windows\t55ft2792f44.dat
            .
             
            (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
            .
             
            C:\FOUND.026
            c:\found.026\FILE0000.CHK
            c:\found.026\FILE0001.CHK
            C:\FOUND.027
            c:\found.027\FILE0000.CHK
            c:\windows\f23567.dat
            c:\windows\f5087.dat
            c:\windows\system32\887164
            c:\windows\t55ft2792f44.dat
             
            .
            (((((((((((((((((((((((((   Files Created from 2009-03-10 to 2009-04-10  )))))))))))))))))))))))))))))))
            .
             
            2009-04-08 21:45 . 2006-03-02 23:42 73,728 --a------ C:\pv.exe
            2009-04-06 19:53 . 2009-04-06 19:53 <DIR> d-------- c:\program files\Trend Micro
            2009-04-01 18:59 . 2009-04-01 18:59 <DIR> d-------- c:\documents and settings\Marta\DoctorWeb
            2009-03-25 21:20 . 2009-03-25 21:18 410,984 --a------ c:\windows\system32\deploytk.dll
             
            .
            ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
            2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
            2009-01-17 01:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
            2008-07-29 23:26 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008072920080730\index.dat
            .
             
            (((((((((((((((((((((((((((((   SnapShot@2009-04-08_21.36.41.17   )))))))))))))))))))))))))))))))))))))))))
            .
            - 2009-04-09 01:14:14 39,992 ----a-w c:\windows\system32\perfc009.dat
            + 2009-04-10 15:10:24 39,992 ----a-w c:\windows\system32\perfc009.dat
            - 2009-04-09 01:14:14 311,604 ----a-w c:\windows\system32\perfh009.dat
            + 2009-04-10 15:10:24 311,604 ----a-w c:\windows\system32\perfh009.dat
            + 2009-04-10 15:06:18 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_2e0.dat
            + 2009-04-10 15:06:12 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_6c4.dat
            .
            (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            *Note* empty entries & legit default entries are not shown
            REGEDIT4
             
            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
            "Update Manager"="c:\program files\Rogers\Update Manager\UpdateManager.exe" [2005-01-28 131072]
             
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "SiS Tray"="c:\windows\System32\sistray.EXE" [2002-05-09 303104]
            "SiS KHooker"="c:\windows\System32\khooker.exe" [2002-01-25 290816]
            "SiSUSBRG"="c:\windows\sisUSBrg.exe" [2002-04-25 32768]
            "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2002-07-25 135168]
            "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
            "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-25 136600]
            "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
            "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
            "SoundMan"="SOUNDMAN.EXE" [2002-08-14 c:\windows\SOUNDMAN.EXE]
            "CHotkey"="mHotkey.exe" [2001-12-26 c:\windows\mHotkey.exe]
             
            c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
            Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-09-05 53317]
            Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-09-05 65588]
            NkvMon.exe.lnk - c:\program files\Nikon\NkView5\NkvMon.exe [2003-09-06 233472]
            D-Link AirPlus.lnk - c:\program files\D-Link AirPlus\AirPlus.exe [2003-12-28 262144]
            Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
             
            [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
            "%windir%\\system32\\sessmgr.exe"=
            "c:\\Program Files\\eMule\\emule.exe"=
            "c:\\Program Files\\Messenger\\msmsgs.exe"=
            "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
            "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
            "c:\\Program Files\\iTunes\\iTunes.exe"=
             
            R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-06-21 114768]
            R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-06-21 20560]
            .
            Contents of the 'Scheduled Tasks' folder
             
            2009-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
            - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
            .
            .
            ------- Supplementary Scan -------
            .
            uStart Page = hxxp://www.nypost.com/gossip/gossip.htm
            uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
            uInternet Settings,ProxyServer = http=localhost:7171
            uInternet Settings,ProxyOverride = *.local;<local>
            uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
            DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
            DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} - hxxps://webmail.ontario.ca/exchweb/controls/DAX.cab
            .
             
            **************************************************************************
             
            catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
            Rootkit scan 2009-04-10 11:20:46
            Windows 5.1.2600 Service Pack 3 FAT NTAPI
             
            scanning hidden processes ...
             
            scanning hidden autostart entries ...
             
            scanning hidden files ...
             
            scan completed successfully
            hidden files: 0
             
            **************************************************************************
            .
            ------------------------ Other Running Processes ------------------------
            .
            c:\program files\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
            c:\program files\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
            c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            c:\program files\Bonjour\mDNSResponder.exe
            c:\program files\Juniper Networks\Common Files\dsNcService.exe
            c:\program files\Java\jre6\bin\jqs.exe
            c:\windows\System32\wdfmgr.exe
            c:\windows\system32\wscntfy.exe
            c:\program files\iPod\bin\iPodService.exe
            .
            **************************************************************************
            .
            Completion time: 2009-04-10 11:23:13 - machine was rebooted
            ComboFix-quarantined-files.txt  2009-04-10 15:23:10
            ComboFix3.txt  2009-04-09 01:37:52
            ComboFix2.txt  2009-04-09 01:54:46
             
            Pre-Run: 6,351,159,296 bytes free
            Post-Run: 6,341,525,504 bytes free
             
            129 --- E O F --- 2009-03-16 01:28:51

            evilfantasy

            • Malware Removal Specialist
            • Moderator


            • Genius
            • Calm like a bomb
            • Thanked: 493
            • Experience: Experienced
            • OS: Windows 11
            Re: 'Error loading dll32' message
            « Reply #10 on: April 10, 2009, 12:14:55 PM »
            How is the computer running now?

            • Click START then RUN
            • Now type Combofix /u in the runbox
            • Make sure there's a space between Combofix and /u
            • Then hit Enter.
            .
            .
            The above procedure will:
            • Delete: ComboFix and its associated files and folders.
            • Reset the clock settings.
            • Hide file extensions, if required.
            • Hide System/Hidden files, if required.
            • Set a new, clean Restore Point.
            .
            ----------

            Use the Secunia Software Inspector to check for out of date software.
            • Click Start Now
            • Check the box next to Enable thorough system inspection.
            • Click Start
            • Allow the scan to finish and scroll down to see if any updates are needed.
            • Update anything listed.
            .
            ----------

            Go to Microsoft Windows Update and get all critical updates.

            ----------

            I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

            SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
            * Using SpywareBlaster to protect your computer from Spyware and Malware
            * If you don't know what ActiveX controls are, see here

            Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

            Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

            mzdwells

              Topic Starter


              Rookie

              Re: 'Error loading dll32' message
              « Reply #11 on: April 10, 2009, 02:17:33 PM »
              The error dll32 message is gone now, but Internet Explorer still doesn't connect to any webpages....

              evilfantasy

              • Malware Removal Specialist
              • Moderator


              • Genius
              • Calm like a bomb
              • Thanked: 493
              • Experience: Experienced
              • OS: Windows 11
              Re: 'Error loading dll32' message
              « Reply #12 on: April 10, 2009, 02:21:36 PM »
              Click HERE to download IEdll.zip. Save it to your desktop.
              Right click on IEdll.zip click on Extract all.
              Go to the extracted files and double click on IEdll.bat
              Follow the prompts.
              It will tell you when it is done.
              When finished restart your computer.

              Is it fixed now?

              mzdwells

                Topic Starter


                Rookie

                Re: 'Error loading dll32' message
                « Reply #13 on: April 10, 2009, 04:05:27 PM »
                Still not working...

                evilfantasy

                • Malware Removal Specialist
                • Moderator


                • Genius
                • Calm like a bomb
                • Thanked: 493
                • Experience: Experienced
                • OS: Windows 11
                Re: 'Error loading dll32' message
                « Reply #14 on: April 10, 2009, 04:06:41 PM »
                Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.

                • Open the folder and run Dial-a-fix.exe
                • 2 windows will open. Close the one in the background labeled Restrictive Policies
                • Check the box in section 1, Empty temp folders.
                • Check the box in section 2, Fix Windows Installer.
                • Check the box in section 3, Fix Windows Update.
                • Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked
                • Check all boxes in section 5, labeled Registration Center.
                • Click Go
                • OK any error messages if received, but write them down and post them here.
                • Restart the computer when done.
                .
                Is the problem fixed?