[In Progress] What the DLL??

[kk]

Ho-Ho-Ho:
Bah-Humbug and all that too!!

Well this is a very tedious, agitating laptop. Appears that I may have "Bad Image" virus among other things I suppose.

WRConsumerService.exe - Bad Image Error Pop-Up Box
The application or DLL C:\Windows\system32 \winhttp.dll is not a valid windows image. Please
check this against your installation diskette.

I don't recall doing anything but removing that silly Webroot Security Software to get that error message.

This next one though comes up when you try to install ANY downloads, or at least the downloads that I have tried to install before getting fed up with trying.

Error Pop-Up Box
C:\Program Files\Mozilla Firefox\Firefox.exe
This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem.

After 3 tries I gave up on that one. Tried bringing Firefox and Java down on the other system to USB stick and loading it that way...got the same behavior.

When the Java update pop-up appears in the lower left corner and you click it to install the
update you acquire a similar error message.....I'm done keeping track of them now!!

When I did decide to post this with a hijackthis logfile I went to install my previous
download of hijackthis and that went through however once I clicked on the "Analyze This"
button, Trend Micro, TrendSecure site came up letting me know that if I should have trouble
with the .dll error that I was possibly missing the Microsoft Visual Runtime Library. I
clicked on the link and downloaded it regardless.

Shortly after Visual Runtime download I got the following error message:

Generic Error Pop-Up Box
Installer: Wrapper.createfile with error 32: The process cannot access the file because it
is being used by another process.

LOL...LOL...LOL !!!

I have been dinkin' around with a GNU software re: Admin BIOS/CMOS password remover called
CMOSPwd from cgsecurity.org. It appears that this particular Dell Inspiron 5100 won't let
you into ANY of the BIOS to make ANY adjustments including boot order and also in the boot
menu unless you have the Admin password. As I came to find later while searching for
Recovery Console you need the Admin password there too. How I got around this for now was
first get agitated, no mad, and created a Primary password in the BIOS, I won't say what I
used *&#@ .... something to that effect. All be darn it worked but it is a pain to enter
that same password twice just to get to the desktop. DUMB!

As far as the rest of the history on this laptop goes I don't really know much. I do not have the original Dell install or recovery disc(s) but what I do have is a product key sticker on the bottom and many WinXP Home cd's available for either reload or repair.

That reminds me...when I was looking around for recovery console options F8 or F9, don't know which because I was hitting them both, I found the Repair selection and ran it and it failed on the DST test. The system then directed me to load my Diagnostics cd which I do have from the previous malware removal posting "The Jurassic Dell." That was a waste of time since there was really nothing there that I could see that would help. Chkdsk says I have no errors ran that anyhow with the /f option. I did some reading on DST testing, I am firm that the HDD is in tact. It's got to be a by product of virus/trojan.

So be careful asking me to download stuff...I can download it just fine, I just cannot
install it!! I feel so TAINTED having to use Internet Explorer it's kind of like feeling as if one shower won't get you clean, but maybe 10 showers will?!

Anyhow I'm going to keep working on this Admin thing but I thought I'd get to posting so
that I can "kill two birds with one stone" so to speak.
*******************************************************************************

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:50:19 PM, on 12/24/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Admin\My Documents\Downloads\KellysCrap\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (file missing)
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [ATIModeChange] "Ati2mdxx.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [BCMSMMSG] "BCMSMMSG.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - https://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265866817775
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\System32\msiexec.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc.  - C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Unknown owner - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (file missing)

--
End of file - 6047 bytes


Merry Christmas to all,

kk

PS Just a friendly reminder, I have no security software, malware removal tools, etc. The firewall is off for now so there will be no need to instruct me to follow the steps to turn off "real time" protection of any kind. Remember I cannot install anything that I have downloaded to scan this system!! LOL, LOL, LOL!!

[Hoov]

I just got done helping you on another computer, so you know all the preliminaries.

First about the BIOS password. There is a way to reset it. First get the ownership of the laptop transferred to you or whoever is going to end up with it by going thru this page.

Second, do you really want to go thru repairing this computer, or would you rather start from scratch? As long as you have an XP install Disc and it matches the version of XP that the key is for, we can just do a reinstall and call it done. It is also possible to create an XP install CD that has SP3 and all current updates so when you do the reinstall, you will not have to do any updates.

[kk]

 Hello there Hoov:

Okay were you naughty or were you nice? Sorry, I guess I am being facetious, I couldn't resist!!

It is just too funny that you had suggested the OS reload with the information following because I almost logged back in last night to give you a heads up that the Product Part No., Product ID, and CD Key are all a matched set but do not match the CD key on the bottom of the laptop. I thought old man Guru had notified me that MSN was getting much stickier about the need for all things being linked?

I guess if I do call Dell I can get both things solved with one call. Thanks for that info on including the up-to-date Service Packs and etc. being included in the creation of a WinXP install cd, I was lucky enough to learn that early on but it's nice to list it here and to remind me in case I have forgotten.

Let me do some quick thinking here on which way to proceed and I'll get back here within an hour. Pacific Standard time now: 3:23 pm.

kk

[kk]

Well there's a surprise...

Not gonna happen it's not registered in my name however it is mine. It's all good though I was impressed to find a GNU software that doesn't really break any rules (you could get technical here) and also is provided without cracked, keygen, or other miscellaneous related ****. What the hell I might learn something new...."Oh, No!!"

As for reloading the OS, hell yes if you think that would work bearing in mind my last post then let me know. There is that outside chance that it may not work which leaves me right where I stand now until I get ahold of the registered party and get it squared away.

Thanks Hoov,

kk

[Hoov]

As long as you have a valid key on the Microsoft Sticker on the bottom of the laptop, then you can reinstall that exact same OS from any other CD.


There is a nice little tool that I found a while back that works really good for XP.

First, this needs to be done on a clean computer. If that computer is running XP, then all is fine. But if that computer is running some other version of windows, then there is a problem that has a work around, just let me know.

Step 1 is to get all the updates for XP. There is a tool and instructions here on how to do just that.

Step 2 is to get the XP SP3 file from here.

Step 3 is to put it all together. There is a nice little program called nlite. The directions for using it are here, the page numbers are up at the top. The program is available here.

Read over the instructions of those two programs and let me know if you have any questions. These two tools make it possible to do the whole thing in a half dozen mouse clicks or so.

[kk]

Wow, you never cease to amaze me Hoov!! I have never used this process before and am looking forward to using it again and again if I like it. My apologies for the (****) from my last post and to anyone who read that please forgive me if that offended you. I actually was a little hot under the collar after speaking to Dell by phone, not to mention that I had just spoken to the registered owner of the OS (not the laptop...long story) yesterday while he was awaiting his next long haul itinerary out of Indiana. Who knows when I'll be able to hail him next? Believe me when I say that the **** was MILD as opposed to my initial reply, which sometimes MUST be re-written for human reading, and yes, I do save them to laugh at later!!

I will run through the steps here in an hour or so and if I have any questions I'll post. Thank you so much Hoov, you're a GEM when it comes to a well-rounded wealth of knowledge relative to computers. I did see that read last night (contacting Dell that is) while researching for a way to rid myself of the BIOS Admin password. Usually, if I know I'm legal, or can prove that I was/am legal in my methods to madness I avoid the establishment.

kk

PS  Would you like to relocate this topic? It would appear that once I have successfully reloaded the OS, which shouldn't be a problem, I will no longer have any malware to post for removal. If so, Hoov please tell me where you sent it and I will post there instead, Thanks.

[Hoov]

We can leave it here, because this is one way of dealing with Malware. The only reason I suggested it is because the computer is new to you, and there are many other problems. With someone who had been using the computer for a while I might suggest a repair install, but in your situation a new install is best.

[kk]

Hey Hoov:

Just wanted you to know that I'm still here and haven't fallen off the face of the earth yet (let's see if you catch this?) into a Singularity, even though sometimes I wish I would!! Life has a way of rearing it's ugly head when you least expect it.

I'm just now pulling up the tabs for reading I'll get back to you soon because the ugly head has subsided for now!! LOL LOL

kk

[Hoov]

haven't fallen off the face of the earth yet (let's see if you catch this?) into a Singularity

This depends on if you subscribe to the theory that the Bermuda Triangle is the result of a micro singularity in the mantle of the Earth. If you don't, you are just going to have to build you a space ship, or there will be a whole bunch of other people making the trip with you. I am not sure I want to be around if a singularity got close enough to such just one person off the face of the Earth. It would suck the atmosphere up first. Then where would we be?   

[kk]

LMAO:

Yeah but if we could figure out what all those Theoretical Physicists, Astro Physicists, and Quantum Physicists are racing to find and solve with a quick trip through that spinning vortex into the Singularity and return......we could get a million dollar prize, maybe? I guess it would be safer to play the lotto at least the odds of staying alive are better playing the lotto even though odds of winning are not so good!!

Oops........


Listen I was curious about the Alternative Runtime Library? I see that it's unavailable and probably shouldn't be concerned with something that isn't available but could you please explain more about why it is that some people preferred using it as opposed to .net version? Also, could you elaborate about those who were strictly against .net period?

This may sound absolutely dumb but can you save me some time by helping me to select only exactly what I may need from the list of updates, over and above SP3?

This process is new to me only because of the name NLITE yet I was taught similarly both by my mentor and the college. This is a pretty cool little app for slipstreaming though I did the reading and appropriate research since you were probably sleeping, not available for questions. Any kind of slipstreaming that I learned about was manually put together either by my mentor or myself (slipstreaming is a new to me term). The college up-tights took care of all that we just loaded it, made it happen classroom to classroom. Are you familiar with Faironics Deep Freeze?

Would you like me to do a complete wipe of the drive prior to install? I have all the junk yard stuff to do it with, haven't done it in a long while though, probably should just for that very reason. If so and you have a preference that you'd like me to follow ie: partioning, etc please let me know. Oh yes, almost forgot, I was thinking that it might be a very good idea for me to check the validity of the CD Key prior to me going through this, even though I'll go through the NLITE anyhow!!!! Where can I check for CD Key being valid? I looked last night and got frustrated with Torrent sites in the search list, I full well know not to even click on those....that may send me straight to the Singularity, do not pass Spywarehammer, do not collect 1 million dollar prize!!!


kk

[Hoov]

First about the alternative Runtime Library. I can speak to specifics on this, but generally when you talk about Microsoft vs Non Microsoft products all I can say is paranoia. Some folk believe that Microsoft has their fingers in to many pies. Personally I use whatever works the best.

About the updates, the best way to do that is to include them all, then you can use the disc on whatever XP machine needs a repair or reinstall.

As for Faironics Deep Freeze, I don't know what it is, but I did a little reading on it. There are easier ways to do what that does, and for free. It is possible to create an image of the drive and use that. Doing it that way will overwrite any corrupted files or settings.

As for checking the key, Go to the control panel, and then to the system control panel and it should be listed right on the front page. If it is, and you can run a windows update, then it is legitimate. Stay away from any non Microsoft download that is suppose to tell you if it is legit, and don't download anything from a non Microsoft site even if it says it is a Microsoft program. Using programs like that are good for distributing your key all over the place.

As for wiping the drive clean, yes I recommend that, but you can do it while installing Windows. When you are running the install, you will eventually get to a screen asking you locations to install windows. On that screen you have the ability to delete any or all partitions on the harddrive and then recreate one or more partitions. There is a guide here with screenshots.

[kk]

Okay Hoov,

If you recall:

reply #4

I had just spoken to the registered owner of the OS (not the laptop...long story) yesterday

reply #2

the Product Part No., Product ID, and CD Key are all a matched set but do not match the CD key on the bottom of the laptop

I was keeping my fingers crossed that the CD Key sticker on the bottom of the laptop, for what I'm assuming was the original OS CD key, was still valid and had not been used. That would be the one that I need to check validity on, if there is no safe legal way that you know of maybe I'll just have to call Microsoft.

I can put in a call to my long haul trucker friend in hopes that he'll return my call within the week. Maybe he can call Dell and transfer it all to me, he won't have a problem with doing it just getting to it.

Here is a site for reload on XP using wd clear, not the best, it'll do....
http://www.jrwhipple.com/sup_startover_xp.html

kk

[Hoov]

WDClear may be going a bit far, as to make it factory fresh, it will have to write zero's to every bit of the drive. That can take a very long time depending how big your drive is. But it is your choice. About the key, definitely the only 100% sure method of making sure it is still valid is to call Microsoft.

[Hoov]

kk, do you still need help?

[Hoov]

Leave open, life has interfered with this user.