Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Rundll error caused by virus


  • Please log in to reply

#1
gast33

gast33

    Member

  • Member
  • PipPip
  • 16 posts
:thumbsup:

Edited by gast33, 13 November 2013 - 11:36 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP
Do you still get it in Safe Mode with networking?

(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.)


If not then


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


If you can't get to your desktop then try:

http://www.geekstogo...ost__p__2151691

If you Vista or Win 7

or

http://www.geekstogo...ost__p__1913777

if you have XP.

You can post the log back here. No need to start a new topic.
  • 1

#3
gast33

gast33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
:thumbsup:

Edited by gast33, 09 November 2013 - 05:25 AM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP
FRST is not a virus so please download it.


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 1

#5
gast33

gast33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Thanks

Edited by gast33, 09 November 2013 - 05:24 AM.

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP
No need to translate the logs. I speak German and it's not hard to figure out what they say.

The entry that is trying to start the Virus removal tool is missing some quotation marks.

It should read: "c:\users\yourlogin\desktop\virus removal tool\setup blah blah blah.exe"

Since it doesn't have the "'s Windows gets to the space after virus and thinks that's the end of it.

We can fix it with FRST or with OTL:

Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


For your Search errors try the fix it:

http://support.micro...h?wa=wsignin1.0

(works best if you use IE otherwise you have to save it then right click and Run As Admin)
  • 1

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP
Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that

Got to go to bed now. It's after 1 AM here.
  • 1

#8
gast33

gast33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
oke

Edited by gast33, 09 November 2013 - 04:58 PM.

  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP
Were you able to run the FixIt for your search?

Let's look and see if we can figure out what is wrong with dsound.dll.


Copy the text in the code box:

/md5start
SearchIndexer.exe
MSSRCH.DLL
dsound.dll 
/md5stop




Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

then Run Scan.

You should get 1 log. Please copy and paste it.

Also I want to check the condition of your hard drive so let's run Speecy:

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button - Do NOT press the large Start Download button on the upper left!) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post. Uninstall speccy.

Also uninstall

JavaFX 2.1.1
  • 1

#10
gast33

gast33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
:thumbsup:

Attached Files


Edited by gast33, 13 November 2013 - 11:36 PM.

  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP
C:\found.000 is something that chkdsk found and recovered when it checked your drive. Apparently what it found is not much use so I would delete the folder C:\found.000.

The good news is that Speccy says your drive is good. Not a single error and the temps look good too.

It would probably be a good idea to run the built-in RAM check.

http://www.sevenforu...stics-tool.html

or the boot from CD Memtest86+ http://www.memtest.org/ which is a better test. Bad RAM is the other most common reason for NTFS errors. Usually it's best to let it run through the full test several times in order to catch any transient errors.


OTL says the files I had it check are good tho it looks like Windows is going to do another check disk next boot. If it keeps doing that we can fix it.


I think dsound.dll is used by directx so run the directx diagnostic tool:

Open DirectX Diagnostic Tool by clicking the Start button Picture of the Start button, typing dxdiag in the Search box, and then pressing ENTER. (If that doesn't work because of your Search problem, Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Yes. Then type: dxdiag
Hit Enter.

Once it finishes you can Save All information and it will create a text file dxdiag.txt. You can copy and paste it if it found any errors. (You should have version Directx 11 or newer. It should tell you near the bottom of the first page.)

The text on the search problem is too small to see but it appears to have found several problems that it couldn't fix. Sometimes it helps to uninstall Search and then reinstall it:

start the control panel and go to Programs and Features (Where you normally go to uninstall software) and click the link "turn Windows features on or off" and uncheck the Windows Search. (Also uncheck Indexing Service if it is checked) Reboot and then go back in and check the option again to install the Search again.
  • 1

#12
gast33

gast33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
:happy:

Edited by gast33, 12 November 2013 - 09:01 PM.

  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP
Take your time. I do not keep track.
  • 1

#14
gast33

gast33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
:happy:

Attached Files


Edited by gast33, 13 November 2013 - 11:37 PM.

  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP
You might try it with a CD rather than a DVD. I like to use the free iso burner software:

http://www.freeisoburner.com/

There is something odd about the dsound.dll file. In the OTL scan it shows up in two places:

[2009-07-14 02:40:33 | 000,540,672 | ---- | M] (Microsoft Corporation) MD5=9110FFAD124283F37D38771BB60556AF -- C:\Windows\SysNative\dsound.dll
[2009-07-14 02:40:33 | 000,540,672 | ---- | M] (Microsoft Corporation) MD5=9110FFAD124283F37D38771BB60556AF -- C:\Windows\Sysnative\dsound.dll


Normally there is only one C:\Windows\SysNative. I've never seen C:\Windows\Sysnative before. Appears to be the same file in both folders but it's odd.

What make and model is this PC? We can try a newer audio driver or just go in to Device Manager (Right click on Computer and select Manage then Device manager) and find Sound Video and Game Controllers and click on the arrow in front to open it up. Right click on each entry you find and Uninstall then reboot and Windows should re-install them.
  • 1






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP