missing dll32.exe and other dll's

Computing.Net > Forums > Security and Virus > missing dll32.exe and other dll's

Computing.Net: Over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to sign up now, it's free!

missing dll32.exe and other dll's

Original Message

Name: jphj44
Date: December 10, 2003 at 20:02:41 Pacific
Subject: missing dll32.exe and other dll's
OS: Windows XP Home SP1
CPU/Ram: PIIII 2.0Mhz/512 megs

Comment:

Hi there. I posted this in the XP forum before I read the mod's request to post these issues here. I haven't received any responses, so I'm hoping to have better luck here.

Anyway, my computer (P4, XP Home with all the patches I know of, with Norton AntiVirus 2002 with definitions less than a week old, and with SpyBot) woke up last week (I had surfed the net the night before) and decided it was missing several dll's and refused to run various programs. Now I don't think I had visited any sites that would cause this but who knows. I can't get on the internet, NAV is disabled, I can't use my CD burner (it still runs most CD-ROMs), I can't right click on MyComputer to pull up properties, I can't run Search, etc. The missing dlls (that I know of) are as follows:
mso97.dll - possibly related to MS Office 97 that is on my puter
rundll32.exe - apparently this one is real important for just about everything
rtutils.dll - this one seems pretty important too
shfolder.dll - norton related?
msacm32.dll - norton related?
ACTIVEDS.dll - this came up when I tried to print from regedit
I have spent the last few days in my spare time trying to research this problem to find out how to fix it and came across this site. I ran SpyBot and it didn't come up with any bots so to speak. So here's my HijackThis log:
Logfile of HijackThis v1.97.7
Scan saved at 10:08:56 PM, on 12/8/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\PROGRA~1\PCMAGA~1\COOKIE~1\COOKIE~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\WINDOWS\System32\mrtMngr.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ptools\SPYBOT~1.1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [CookieCop] C:\PROGRA~1\PCMAGA~1\COOKIE~1\COOKIE~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: SoftStuff Wallpaper Changer.lnk = C:\Program Files\SoftStuff\softstrt.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: SoftStuff Wallpaper Changer.lnk = C:\Program Files\SoftStuff\softstrt.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
Unfortunately, my computer came with XP preloaded, so I don't have the XP CDs, only two recovery disks by the manufacturer, VPR from BestBuy.
Any help with this would be most appreciated.
Joe
PS FYI I ran Stinger and it didn't find anything either.

Report Offensive Message For Removal

Response Number 1

Name: iceblue
Date: December 10, 2003 at 23:32:36 Pacific

Reply:

It looks pretty clean to me....
You may not be infected, it may be a conflict.
Did you make ESPN your start page? If not fix this one..
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
And this has the spelling jitters; fix this one.
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
There are other items that may be causing conflict or may be undesirable; without being serious malware...any of these may be one too many startups...
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: SoftStuff Wallpaper Changer.lnk = C:\Program Files\SoftStuff\softstrt.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = ?
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
[some others also, if that doesn't help fix the problem]
Reboot and then, close all browsers, and rescan with HijackThis and repost here.
Btw, for downloads
http://www.dll-files.com/dllindex/index.shtml
plus �dll world� for pretty much anything in dlls,
http://dll.yaroslavl.ru/
including Russian brides�..

Report Offensive Follow Up For Removal

Response Number 2

Name: jphj44
Date: December 11, 2003 at 08:58:39 Pacific

Reply:

Thanks for the tips, Iceblue. I'll try them tonight. To "fix" them, do I just check the appropriate boxes in HijackThis?
I don't think my wife would probably not be too thrilled if I came home with a Russian bride, though.

Report Offensive Follow Up For Removal

Response Number 3

Name: iceblue
Date: December 11, 2003 at 11:55:18 Pacific

Reply:

heh heh - give them a miss then.
Yes, you simply check the box and click Fix Checked.
Always check to see is Backups have been enabled. Click Config>>> and check the backups box. Often there are times you might want to restore an item.

Report Offensive Follow Up For Removal

Response Number 4

Name: jphj44
Date: December 12, 2003 at 08:55:18 Pacific

Reply:

Well, I didn't have time last night, so hopefully I'll have time this weekend to give it a shot. That Russian site does have just about every dll. One thing I realized, is why I don't just get the dll's off my computer here at work? All the ones I know I need, I found on here. If my home runs XP and my work runs 2000, but the dll is named the same, is that ok?
Thanks for all the help, Iceblue.

Report Offensive Follow Up For Removal

Response Number 5

Name: iceblue
Date: December 12, 2003 at 14:52:00 Pacific

Reply:

looks good to me, but I'm not a .dll freak..

Report Offensive Follow Up For Removal


run dll32.exe error framedyn.dll not found Spoolss.exe and Spoolss.dll download restore missing ntoskrnl.exe and 2003	"windows explorer" slow "windows explorer has encountered a problem and nee WINLOGON.EXE is unable to locate and shell32.dll was unable to find Missing: vnetsup.vxd, vredir.vxd, dfs.vxd and msnp32.dll