TechSpot

8 steps here.In need of fast help

By cschrille
Jul 15, 2010
  1. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Explain, please.
     
  2. cschrille

    cschrille TS Enthusiast Topic Starter Posts: 177

    I took this from my other thread.


    Hey, today when i tried to uninstall Need for speed world i got an error message saying Regsvr32 could not read/find module (I've got swedish os sorta hard to translate) so i tried opening the dll and got the same message. Ive tried pretty much every .dll i have found in my computer and none of them work.Aero is disabled too so pretty much all system files i guess?
    Please help me out on this one I just did a clean install of Win7 as my Vista was not working.

    Thx in advance

    EDIT
    When i open system32 dll's i get this error.
    The start address for DllRegisterServer was not found.
    After using google it might just be DllRegisterServer entry point was not found, as i stated earlier i have swedish os
     
  3. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    I still don't understand.
    What do you mean by "opening dll"?
    You don't open dll. What for would you like to open any dll?
     
  4. cschrille

    cschrille TS Enthusiast Topic Starter Posts: 177

    when i double click them i get that message
    i cant uninstall games or anything
     
  5. cschrille

    cschrille TS Enthusiast Topic Starter Posts: 177

    And i opened it to see if i got an error message which i do.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    There is no reason to double click on any dll file. It won't open for you, or for me.
    I don't really see, how your issue is malware related.
     
  7. cschrille

    cschrille TS Enthusiast Topic Starter Posts: 177

    I dont know i was told to go here as it could be a virus.
    For example when i launch some injector maybe a counter strike hack i launch the exe and then it doesnt work as no dll files works on my pc. That is my problem
     
  8. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    I still don't understand, what do you mean by not working dll.
    Are you getting any error messages.

    Is there anything else not working beside Counterstrike hack?
     
  9. cschrille

    cschrille TS Enthusiast Topic Starter Posts: 177

    As i said i have trouble uninstalling programs/games and some of them doesnt even work.
     
  10. cschrille

    cschrille TS Enthusiast Topic Starter Posts: 177

    Also Windows Aero disapears
     
  11. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    You may have a problem with your Windows installation.
    Please, repost your issue at Windows forum.
     
  12. cschrille

    cschrille TS Enthusiast Topic Starter Posts: 177

    I did but it was moved to Software and Utilities and then they told me it could be a virus messing with the files so they told me to go here.
     
  13. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  14. cschrille

    cschrille TS Enthusiast Topic Starter Posts: 177

    Here are the logs
    View attachment OTL.Txt

    View attachment Extras.Txt

    Off topic. There are some sites i cannot access when i go to them it says its not responding, it does not even load for a second. The sites works on other pc's in my home network but not on my pc ive tried different web browsers without any success ive also checked my hosts file and they arent there. My friend says i might have a rootkit thats why i post this, what would be the reason do you think?
     
  15. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    You're running two AV programs, NOD32 by Eset and IObit Security 360. One of them has to go.
    If you decide to keep NOD32, make sure to turn Windows firewall on.

    ======================================================================

    Update your Java version here: http://www.java.com/en/download/installed.jsp
    Uninstall all previous Java versions, through Add\Remove (Programs & Features in Vista/7).

    ========================================================================

    I strongly suggest, you uninstall Registry Mechanic, Wise Registry Cleaner and DriverCure, if you still have them installed.

    =====================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\F6FD.tmp -- (MEMSWEEP2)
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
      O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
      O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
      O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
      @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:D1B5B4F1
      @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:C5096E95
      @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:DFC5A2B2
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [resethosts]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
  16. cschrille

    cschrille TS Enthusiast Topic Starter Posts: 177

    I think you have mixed up IObit security 360 with norton 360 ^^
    IObit security 360 is just anti malware like malwarebytes etc
    I will post logs later as i have to catch up with some work at the moment
    Thx
     
  17. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    You're right. In that case, you have to chose between iObit and Malwarebytes, because, you can't run two antimalware programs in real time, at the same time.
    My strong vote of confidence goes to Malwarebytes.
     
  18. cschrille

    cschrille TS Enthusiast Topic Starter Posts: 177

    All processes killed
    ========== OTL ==========
    Service MEMSWEEP2 stopped successfully!
    Service MEMSWEEP2 deleted successfully!
    File C:\Windows\SysNative\F6FD.tmp not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
    ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
    ADS C:\ProgramData\TEMP:C5096E95 deleted successfully.
    ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Chrille
    ->Temp folder emptied: 268004146 bytes
    ->Temporary Internet Files folder emptied: 1296154 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 103244999 bytes
    ->Flash cache emptied: 6170 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 930 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 893844 bytes

    Total Files Cleaned = 356,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Chrille
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0,00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.9.0 log created on 07172010_075010

    Files\Folders moved on Reboot...
    C:\Users\Chrille\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Windows\temp\sqlite_plaF7xeWLhMWLUs not found!

    Registry entries deleted on Reboot...
     
  19. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    ...and...
     
  20. cschrille

    cschrille TS Enthusiast Topic Starter Posts: 177

  21. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    How is your computer doing at the moment?

    1. Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.


    2. Go to Kaspersky website and perform an online antivirus scan.

    1. Disable your active antivirus program.
    2. Read through the requirements and privacy statement and click on Accept button.
    3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    4. When the downloads have finished, click on Settings.
    5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, Adware, Dialers, and other potentially dangerous programs
      [*] Archives
      [*] Mail databases
    6. Click on My Computer under Scan.
    7. Once the scan is complete, it will display the results. Click on View Scan Report.
    8. You will see a list of infected items there. Click on Save Report As....
    9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
  22. cschrille

    cschrille TS Enthusiast Topic Starter Posts: 177

    I cant do the kaspersky online scan i only get this message, Launch of the Java application is interrupted! Please establish an uninterrupted Internet connection for work with this program.

    I am on a uninterrupted internet connection (?) What should I do?
     
  23. cschrille

    cschrille TS Enthusiast Topic Starter Posts: 177

  24. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Run this instead of Kaspersky...

    Please run a BitDefender Online Scan

    • Disable your antivirus program.
    • Click Start Scanner button.
    • Click Start scan button
    • Allow browser plug-in to be installed when prompted.
    • Click I Agree to agree to the EULA.
    • Please refrain from using the computer until the scan is finished.
    • When the scan is finished, click on View log.
    • Notepad will open with scan results.
    • Save the report to your desktop and post its content in your next reply.


    There is no reason to worry, what Eset firewall is blocking. It only means, it works :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...