Solved

error message for missing dll when windows xp is loading (after log on)

Posted on 2008-06-17
8
710 Views
Last Modified: 2012-06-27
After I log on, and all programs are initially loading, I get 2 RUNDLL error messages which are quite annoying, it's first asking  for ujknapud.dll followed by pycnnnfe.dll

RUNDLL
Error loading C:\WINDOWS\system32\ujknapud.dll    
The specified module could not be found.

is there a way to figure out what program is using it and disable that program or how can I get rid of these errors.

Thanks,
Kasia
0
Comment
Question by:kasiencja
8 Comments
 
LVL 1

Expert Comment

by:MikeBusby
ID: 21810320
You can try looking online for those files... download them and put them in the right place... but i bet you will have to register them using regsvr32 which is a command line app.
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 21810331
try msconfig and see where they are getting loaded from.
If they are in the registry, it may give you a clue from whence they came..
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 250 total points
ID: 21810334
Looks like a malware dll which has been removed and the registry is still calling for it to startup.
You can run Hijackthis and the relevant startup entry should show up there, you can also use msconfig to disable the startup entry so it won't startup but not the best way to stop the error.

Hijackthis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

Open Hijackthis, click "Do a system scan and save a logfile" please don't fix anything yet.
Please attach the logfile as "Code Snippet".
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 

Author Comment

by:kasiencja
ID: 21810425
Result of Hijackthis scan
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:56:59 AM, on 6/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\mozilla.org\Mozilla\Mozilla.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Henry Einstoss\Desktop\Kasia\HiJackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?product=ssearch&src_id=343&client_id=C4479F3001C7C89C011EB98F&version=4.5.4.0&it=1184695404&loc=Boston, MA&qry=&url=http://runonce.msn.com/?v=msgrv75 (obfuscated)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2DC31FC2-2058-4C65-A4E9-853AB774539B} - C:\WINDOWS\system32\vtUnolKb.dll (file missing)
O2 - BHO: (no name) - {38230ED2-7DA3-4A94-B714-B20D3BD6EFFF} - C:\WINDOWS\system32\jkkIYpqo.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {3DAD274B-7036-4915-8F48-E7A6375F855A} - C:\WINDOWS\system32\xxywXQJB.dll (file missing)
O2 - BHO: (no name) - {5462A112-A532-47FC-89E5-8AC2263F6C98} - C:\WINDOWS\system32\iiffCTMC.dll (file missing)
O2 - BHO: (no name) - {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - C:\Program Files\Starware343\bin\Starware343.dll (file missing)
O2 - BHO: (no name) - {626EBA31-0CDD-4C85-9375-834B0A005F70} - C:\WINDOWS\system32\fccbYooo.dll (file missing)
O2 - BHO: (no name) - {65596E0E-CDBB-4751-8001-D7DDD4CA3684} - C:\WINDOWS\system32\vTLbCUkL.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {95A76EC6-4736-469F-9C40-0329871D4454} - C:\WINDOWS\system32\opnolJYr.dll (file missing)
O2 - BHO: {6d226f32-c7b6-87c8-5874-e248af1091b9} - {9b1901fa-842e-4785-8c78-6b7c23f622d6} - C:\WINDOWS\system32\linawlsn.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {AD950C1A-780F-42A8-8680-B5F71244318A} - C:\WINDOWS\system32\urqRHxvW.dll (file missing)
O2 - BHO: (no name) - {ADEA6A22-3C1D-477F-9ADB-ED682D735DA8} - C:\WINDOWS\system32\wvUnMcdD.dll (file missing)
O2 - BHO: (no name) - {B4312670-E2AE-4523-BB72-48010328DE75} - C:\WINDOWS\system32\tuvULecD.dll (file missing)
O2 - BHO: (no name) - {B7626EDB-F1E3-4569-8E1F-9B3AB01B8281} - C:\WINDOWS\system32\geBsrRiG.dll (file missing)
O2 - BHO: (no name) - {C51435C7-7176-46B4-8D96-6E52801A2336} - C:\WINDOWS\system32\jkkIYsPh.dll (file missing)
O2 - BHO: (no name) - {CADF53EA-5DD6-4C38-B9A3-0F1F0801FFBC} - C:\WINDOWS\system32\urqRJApo.dll (file missing)
O2 - BHO: (no name) - {EAEE6CE6-7892-4583-B0C5-A7D744665A21} - C:\WINDOWS\system32\kHaxwXpP.dll (file missing)
O2 - BHO: (no name) - {F57A8169-543F-4117-8F92-6D13597BDF76} - C:\WINDOWS\system32\nnnnOiGa.dll (file missing)
O3 - Toolbar: Starware Maps Toolbar - {1962c5bc-e475-465b-823b-133e711bceb9} - C:\Program Files\Starware343\bin\Starware343.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Wxp4] C:\WINDOWS\System32\Norton Update.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [BM3da1390c] Rundll32.exe "C:\WINDOWS\system32\pycnnnfe.dll",s
O4 - HKLM\..\Run: [3e920a90] rundll32.exe "C:\WINDOWS\system32\ujknapud.dll",b
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [A00F5BBF7B.exe] C:\DOCUME~1\HENRYE~1\LOCALS~1\Temp\_A00F5BBF7B.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk121YYCA
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O16 - DPF: {01118A01-3E00-11D2-8470-0060089874ED} - https://password.bellsouth.net/sdccommon/download/tgctlsr.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {6AE02E1C-8859-4F57-9097-5A55A56A4CAF} - http://www.biglotron.com/biglobarre/toolbar.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174498476382
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1FD1161-6FCE-4986-9A66-C483AFDB8CD3}: Domain = sympatico.ca
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: nnnmnnmj - nnnmnnmj.dll (file missing)
O20 - Winlogon Notify: __c00E7F5 - C:\WINDOWS\system32\__c00E7F5.dat (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
 
--
End of file - 11292 bytes

Open in new window

0
 
LVL 22

Assisted Solution

by:orangutang
orangutang earned 250 total points
ID: 21810693
Remove these in safe mode:
O2 - BHO: (no name) - {2DC31FC2-2058-4C65-A4E9-853AB774539B} - C:\WINDOWS\system32\vtUnolKb.dll (file missing)
O2 - BHO: (no name) - {38230ED2-7DA3-4A94-B714-B20D3BD6EFFF} - C:\WINDOWS\system32\jkkIYpqo.dll (file missing)
O2 - BHO: (no name) - {3DAD274B-7036-4915-8F48-E7A6375F855A} - C:\WINDOWS\system32\xxywXQJB.dll (file missing)
O2 - BHO: (no name) - {5462A112-A532-47FC-89E5-8AC2263F6C98} - C:\WINDOWS\system32\iiffCTMC.dll (file missing)
O2 - BHO: (no name) - {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - C:\Program Files\Starware343\bin\Starware343.dll (file missing)
O2 - BHO: (no name) - {626EBA31-0CDD-4C85-9375-834B0A005F70} - C:\WINDOWS\system32\fccbYooo.dll (file missing)
O2 - BHO: (no name) - {65596E0E-CDBB-4751-8001-D7DDD4CA3684} - C:\WINDOWS\system32\vTLbCUkL.dll (file missing)
O2 - BHO: (no name) - {95A76EC6-4736-469F-9C40-0329871D4454} - C:\WINDOWS\system32\opnolJYr.dll (file missing)
O2 - BHO: {6d226f32-c7b6-87c8-5874-e248af1091b9} - {9b1901fa-842e-4785-8c78-6b7c23f622d6} - C:\WINDOWS\system32\linawlsn.dll (file missing)
O2 - BHO: (no name) - {AD950C1A-780F-42A8-8680-B5F71244318A} - C:\WINDOWS\system32\urqRHxvW.dll (file missing)
O2 - BHO: (no name) - {ADEA6A22-3C1D-477F-9ADB-ED682D735DA8} - C:\WINDOWS\system32\wvUnMcdD.dll (file missing)
O2 - BHO: (no name) - {B4312670-E2AE-4523-BB72-48010328DE75} - C:\WINDOWS\system32\tuvULecD.dll (file missing)
O2 - BHO: (no name) - {B7626EDB-F1E3-4569-8E1F-9B3AB01B8281} - C:\WINDOWS\system32\geBsrRiG.dll (file missing)
O2 - BHO: (no name) - {C51435C7-7176-46B4-8D96-6E52801A2336} - C:\WINDOWS\system32\jkkIYsPh.dll (file missing)
O2 - BHO: (no name) - {CADF53EA-5DD6-4C38-B9A3-0F1F0801FFBC} - C:\WINDOWS\system32\urqRJApo.dll (file missing)
O2 - BHO: (no name) - {EAEE6CE6-7892-4583-B0C5-A7D744665A21} - C:\WINDOWS\system32\kHaxwXpP.dll (file missing)
O2 - BHO: (no name) - {F57A8169-543F-4117-8F92-6D13597BDF76} - C:\WINDOWS\system32\nnnnOiGa.dll (file missing)
O3 - Toolbar: Starware Maps Toolbar - {1962c5bc-e475-465b-823b-133e711bceb9} - C:\Program Files\Starware343\bin\Starware343.dll (file missing)
O4 - HKLM\..\Run: [BM3da1390c] Rundll32.exe "C:\WINDOWS\system32\pycnnnfe.dll",s
O4 - HKLM\..\Run: [3e920a90] rundll32.exe "C:\WINDOWS\system32\ujknapud.dll",b
O4 - HKCU\..\Run: [A00F5BBF7B.exe] C:\DOCUME~1\HENRYE~1\LOCALS~1\Temp\_A00F5BBF7B.exe
O20 - Winlogon Notify: nnnmnnmj - nnnmnnmj.dll (file missing)
O20 - Winlogon Notify: __c00E7F5 - C:\WINDOWS\system32\__c00E7F5.dat (file missing)
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 21810825
Those entries in Hijackthis with "file missing" are registry loading points of those bad files that are no longer there, those were what's causing the errors.

Just run Hijackthis again(scan only) and checkmark those entries and while all browsers and other windows are closed click "Fix checked":
Fixing those entries should remove the errors.

Also a good idea to clean out your temp folders.
Download and run ATF Cleaner by Atribune.
http://www.atribune.org/ccount/click.php?id=1
 
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser,
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time.

OR:
CCleaner:
http://www.ccleaner.com/download/

Let us know if probme persists.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

There are 2 things you must have in order to connect to the internet behind a router, The "Gateway IP" of the router, which is usually something like 192.168.xxx.1, I've seen routers with default values of: 192.168.0.1, 192.168.1.1, 192.168.11.1, …
We have adopted the strategy to use Computers in Student Labs as the bulletin boards. The same target can be achieved by using a Login Notice feature in Group policy but it’s not as attractive as graphical wallpapers with message which grabs the att…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question