Question

Q: Help With RunDLL Error on Startup

Laptop - Dell Inspiron 1420, Intel(R) Core(TM)2 Duo CPU   T5450  @  1.66GHz  1.67 GHz

Operating System is Windows Vista Home Premium Service Pack 1

Exact Error Message:  RunDLL  Error loading C:\Users\Jill\AppData\Roaming\wmhjhdju.dll (2 separate windows open with same error upon start up)

How Long have I been getting this error message?  Just began today, 4/1/09 after I did the following:

1.  Ran Trend-Micro PC-cillin lastnight manually at around 11p because of the virus threat.
2.  2 Found pshbfapc.dll (C:\Users\Jill\AppData\Local\Temp\)  Quarantined Date 4/1/01 00:11, Status has virus
                 apstpldr.dll[1].htm ( C:\Users\Katiebug\AppData\Local\Microsoft\Windows\Temporary Internet...) Quarantined Date 4/1/01 00:17, Status has virus
3.  It didn't pick up any spyware
4.  This morning I thought it would be best to run Trend-Micro again but in safe mode so I could set a new restore point and such.  Little did I know, it does not run in safe mode.
5.  Downloaded AVG free and Windows Defender to run in Safemode
6.  Went in to safe mode and started AVG free.  It ran for approximately 1 and 1/2 hours which surprised me.

7.  AVG free report:
 AVG 8.5 Anti-Virus command line scanner
Copyright (c) 1992 - 2009 AVG Technologies
Program version 8.0.268, engine 8.0.285
Virus Database: Version 270.11.35/2034  2009-04-01

C:\Boot\BCD Locked file. Not tested.
C:\Boot\BCD.LOG Locked file. Not tested.
C:\Documents and Settings\ Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\ProgramData\Desktop\ Locked file. Not tested.
C:\ProgramData\Documents\ Locked file. Not tested.
C:\ProgramData\Favorites\ Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4e5b7a0cc853f970c251f07c510abde7_9bd00ec1-2228-4c38-82f6-7888b8a53fe7 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\74c2d7c8d239f07b55cf4874ec97ebf5_9bd00ec1-2228-4c38-82f6-7888b8a53fe7 Locked file. Not tested.
C:\ProgramData\Templates\ Locked file. Not tested.
C:\System Volume Information\ Locked file. Not tested.
C:\Users\Default\AppData\Local\History\ Locked file. Not tested.
C:\Users\Default\Documents\My Music\ Locked file. Not tested.
C:\Users\Default\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Default\Documents\My Videos\ Locked file. Not tested.
C:\Users\Default\NetHood\ Locked file. Not tested.
C:\Users\Default\PrintHood\ Locked file. Not tested.
C:\Users\Default\Recent\ Locked file. Not tested.
C:\Users\Default\Templates\ Locked file. Not tested.
C:\Users\Jill\AppData\Local\History\ Locked file. Not tested.
C:\Users\Jill\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\004AFWPT\freescan[1].htm Virus found FakeAlert Object was moved to Virus Vault.
C:\Users\Jill\AppData\Local\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Users\Jill\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Locked file. Not tested.
C:\Users\Jill\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Locked file. Not tested.
C:\Users\Jill\AppData\Local\Temp\cbXOfeCv.dll Trojan horse Vundo.CW Object was moved to Virus Vault.
C:\Users\Jill\AppData\Local\Temp\cbXQkkhE.dll Trojan horse Vundo.CW Object was moved to Virus Vault.
C:\Users\Jill\AppData\Local\Temp\ddcYoOiI.dll Trojan horse Vundo.CW Object was moved to Virus Vault.
C:\Users\Jill\AppData\Local\Temp\eFwVPGxV.dll Trojan horse Vundo.CW Object was moved to Virus Vault.
C:\Users\Jill\AppData\Local\Temp\fcCTkjjK.dll Trojan horse Vundo.CW Object was moved to Virus Vault.
C:\Users\Jill\AppData\Local\Temp\iifcCsRi.dll Trojan horse Vundo.CW Object was moved to Virus Vault.
C:\Users\Jill\AppData\Local\Temp\khfffCTN.dll Trojan horse Vundo.CW Object was moved to Virus Vault.
C:\Users\Jill\AppData\Local\Temp\ljJdbaxx.dll Trojan horse Vundo.CW Object was moved to Virus Vault.
C:\Users\Jill\AppData\Local\Temp\mlJAsSIc.dll Trojan horse Vundo.CW Object was moved to Virus Vault.
C:\Users\Jill\AppData\Local\Temp\rqRLcASK.dll Trojan horse Vundo.CW Object was moved to Virus Vault.
C:\Users\Jill\AppData\Local\Temp\Setup2.exe Trojan horse Generic13.IQU Object was moved to Virus Vault.
C:\Users\Jill\AppData\Local\Temp\ssqnnNDT.dll Trojan horse Vundo.CW Object was moved to Virus Vault.
C:\Users\Jill\AppData\Local\Temp\tuvWqnlK.dll Trojan horse Vundo.CW Object was moved to Virus Vault.
C:\Users\Jill\AppData\Local\Temp\vTliJBsP.dll Trojan horse Vundo.CW Object was moved to Virus Vault.
C:\Users\Jill\AppData\Local\Temp\wVpPjiFv.dll Trojan horse Vundo.CW Object was moved to Virus Vault.
C:\Users\Jill\AppData\Local\Temp\wvUlmmnK.dll Trojan horse Vundo.CW Object was moved to Virus Vault.
C:\Users\Jill\AppData\Local\Temp\xadabmlp.dll Trojan horse Vundo.CW Object was moved to Virus Vault.
C:\Users\Jill\AppData\Local\Temp\yaywxxvu.dll Trojan horse Vundo.CW Object was moved to Virus Vault.
C:\Users\Jill\AppData\Local\Temp\yayaWOEX.dll Trojan horse Vundo.CW Object was moved to Virus Vault.
C:\Users\Jill\AppData\Roaming\wmhjhdju.dll Trojan horse Downloader.Small.FKL Object was moved to Virus Vault.
C:\Users\Jill\Documents\My Music\ Locked file. Not tested.
C:\Users\Jill\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Jill\Documents\My Videos\ Locked file. Not tested.
C:\Users\Jill\NetHood\ Locked file. Not tested.
C:\Users\Jill\ntuser.dat Locked file. Not tested.
C:\Users\Jill\ntuser.dat.LOG1 Locked file. Not tested.
C:\Users\Jill\ntuser.dat.LOG2 Locked file. Not tested.
C:\Users\Jill\PrintHood\ Locked file. Not tested.
C:\Users\Jill\Templates\ Locked file. Not tested.
C:\Users\Katiebug\AppData\Local\History\ Locked file. Not tested.
C:\Users\Katiebug\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FN0BKL2X\divx[1] Trojan horse BHO.HAA Object was moved to Virus Vault.
C:\Users\Katiebug\Documents\My Music\ Locked file. Not tested.
C:\Users\Katiebug\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Katiebug\Documents\My Videos\ Locked file. Not tested.
C:\Users\Katiebug\NetHood\ Locked file. Not tested.
C:\Users\Katiebug\PrintHood\ Locked file. Not tested.
C:\Users\Katiebug\Templates\ Locked file. Not tested.
C:\Users\Public\Documents\My Music\ Locked file. Not tested.
C:\Users\Public\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Public\Documents\My Videos\ Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\ntuser.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Locked file. Not tested.
C:\Windows\System32\catroot2\edb.log Locked file. Not tested.
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Locked file. Not tested.
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Locked file. Not tested.
C:\Windows\System32\config\components Locked file. Not tested.
C:\Windows\System32\config\COMPONENTS.LOG1 Locked file. Not tested.
C:\Windows\System32\config\COMPONENTS.LOG2 Locked file. Not tested.
C:\Windows\System32\config\default Locked file. Not tested.
C:\Windows\System32\config\DEFAULT.LOG1 Locked file. Not tested.
C:\Windows\System32\config\DEFAULT.LOG2 Locked file. Not tested.
C:\Windows\System32\config\RegBack\COMPONENTS Locked file. Not tested.
C:\Windows\System32\config\RegBack\DEFAULT Locked file. Not tested.
C:\Windows\System32\config\RegBack\SAM Locked file. Not tested.
C:\Windows\System32\config\RegBack\SECURITY Locked file. Not tested.
C:\Windows\System32\config\RegBack\SOFTWARE Locked file. Not tested.
C:\Windows\System32\config\RegBack\SYSTEM Locked file. Not tested.
C:\Windows\System32\config\sam Locked file. Not tested.
C:\Windows\System32\config\SAM.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SAM.LOG2 Locked file. Not tested.
C:\Windows\System32\config\security Locked file. Not tested.
C:\Windows\System32\config\SECURITY.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SECURITY.LOG2 Locked file. Not tested.
C:\Windows\System32\config\software Locked file. Not tested.
C:\Windows\System32\config\SOFTWARE.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SOFTWARE.LOG2 Locked file. Not tested.
C:\Windows\System32\config\system Locked file. Not tested.
C:\Windows\System32\config\SYSTEM.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SYSTEM.LOG2 Locked file. Not tested.
C:\Windows\System32\LogFiles\WMI\RtBackup\ Locked file. Not tested.
D:\System Volume Information\ Locked file. Not tested.

------------------------------------------------------------
Objects scanned     : 480916
Found infections    :   22
Found PUPs          :    0
Healed infections   :   22
Healed PUPs         :    0
Warnings            :    0
------------------------------------------------------------


8.  Windows Defender found nothing...

9.  Restarted laptop in normal mode so I could create a restore point and that's when the RunDLL window errors popped up twice

I have exhausted myself researching on the net and the answer I keep getting is to download Regcleaner to fix the dll errors.  I have always been told not to mess with the registry.  I'm also not sure what I am paying for if it is ligit or not.

Should I run AVG Free, Windows Defender and Trend-Micro all at same time

Should I just run Trend-Micro and then when I want to run virus scan in safe mode turn on AVG free and Windows Defender?

As I am sitting here typing this on my unaffected laptop, the Trend-Micro on my infected laptop began a virus/Malware scan on it's own.

Thank You

Answer

A:

Hi,

1. Run the Microsoft Windows Malicious Software Removal Tool
2. Download, install, update and run:

SUPERAntispyware (freeware) and Malwarebytes' Anti-Malware (freeware).
3. Run this online scan (in safe mode with networking, if possible):
http://onecare.live.com/site/en-us/center/howsafe.htm 
4. See and follow carefully:
"Checking for/Help with Spyware, Malware and Hijackware"

Hope this helps.

 

---
Vincenzo Di Russo
Microsoft® MVP Windows Insider. Internet Explorer, Windows & Security Expert ~ since 2003
Moderator in the Microsoft Community and TechNet Forums

Did this solve your problem?

Sorry this didn't help.

Answer

A:

Hi Fit4lyf8,

 

Thank you for using the Microsoft Answers Forum.  First of all thank you for providing so much information in your post.  It really help to troubleshoot the problem when we have all of the info we need!  Since AVG found so many trojan horse viruses the likelyhood of other files being damaged seems pretty high.  The runDLL error  is also a good indicator.  I believe that the best starting point is to try running the System File Checker.  This tool (SFC.EXE) checks the Windows files in use and, if problems are found, restores a good version of the file.  While running Windows Vista in Normal Mode or in Safe Mode, you can use these steps:

1.       Open a CMD window as an Administrator. (Start orb, All Programs, Accessories, right click on Command Prompt and click Run As Administrator)

2.       Run this command:
sfc /scannow

3.       Watch for the results returned by SFC.

 

Watch carefully for the result SFC shows in the command prompt window. The three possibilities and their conclusions are:

o    SFC Found No Problems
This means Windows Vista is using the correct system file versions, as far as SFC.exe can determine. If you are still encountering problems in Windows it could be from registry issues (SFC checks files, not the registry), software installed on Windows, or hardware.

o    SFC Found and Fixed Problems
This means that SFC may have resolved your issue. Try to reproduce the problem again. If the problem continues, it may be that there were unrelated system file issues. But the presence of these issues could indicate that corruption

o    SFC Found but Could Not Fix Problems
This means that there are more significant issues with Windows system files. It could be that you have corruption in the store SFC uses for recovery. In this situation you may need to reinstall VIsta.

 

Before you decide to reinstall VIsta let us know the results of the System File Scan.  There may be other steps we can take before reinstalling.  I hope that this information is helpful.

 

Thanks,

Jack


Jack
Microsoft Answers Support Engineer
Visit our Microsoft Answers Feedback Forum and let us know what you think.
Jack
Microsoft Answers Support Engineer
Visit our Microsoft Answers Feedback Forum and let us k

Did this solve your problem?

Sorry this didn't help.



 
Question Info

Views: 21,939 Last updated: May 15, 2018 Applies to: