Defender mayhem

G

Guest

I purchased a new desktop system from Dell a couple of weeks ago. I noticed
that it came with some junk preinstalled, so I proceeded to delete the Roxio
software, that had about 8 different entries in the installed software list.
As soon as I finished doing it, things started to go wrong:

-Everytime I turn on the computer, I get two error messages:
"MSASCUI.exe-Bad Image
C:\Program Files\Windows Defender\MpRTMon.DLL is either not desiged to run
on Windows or it contains an error. Try installing the program again"...etc.

"WMI Provider Host stopped working and was closed".

The second one is particularly insistent, and will pop up every so often.
As a result of whatever has happened, I can't access Defender or even
reinstall it (as the installer says it's already part of Vista). My antivirus
(AVG at the time) stopped working completely, and the Security Center has
also stopped responding at all. I'm concerned, because I now have no
antivirus protection at all.
Tried doing a quick reinstall of Vista, but it found an error and couldn't
be completed.
Any help would be much appreciated, since I'm at my wits end with this one.
-----------------Since I posted this, other programs have become unstable or
non responsive: Internet Explorer and Windows Live Messenger

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:15 AM, on 8/19/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\CTxfispi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Users\Plectrum\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.finderg.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C}
- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Browser Address Error Redirector -
{CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows
Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE
C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster
X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common
Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google
Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common
Files\AOL\1186515444\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support
Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-21-3744954288-2266759499-257931790-1000\..\Run: [ehTray.exe]
C:\Windows\ehome\ehTray.exe (User '?')
O4 - HKUS\S-1-5-21-3744954288-2266759499-257931790-1000\..\Run:
[DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P
DellSupportCenter (User '?')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line
Detect\DLG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program
Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} -
C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\Program Files\Google\Google Desktop Search\Plugins\gdSkype\skype4com.dll
(file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner -
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown
owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file
missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program
Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program
Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel
32\IDriverT.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter)
(sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell
Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common
Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. -
C:\Windows\system32\DRIVERS\xaudio.exe
 
R

Robinb

have you tried doing a system restore back prior to the when you deleted
Roxio?
Also if you call Dell the newer computers have a Dell PC Restore and since
you just purchased this a few weeks ago you can call them and they will walk
you through how to restore it back to when it came out of the box.
In XP it is cntrl and F11 Key but i am not sure what it is in Vista

you can take a look at this
http://www.goodells.net/dellrestore/vista.htm

and here

http://support.dell.com/support/top...t?c=us&docid=DC47E7957E35BBC0E030A68F27280D16

But You should call dell because if you did not take out an additional
service contract you have 1yr phone support with them free.

robin

plectrum said:
I purchased a new desktop system from Dell a couple of weeks ago. I noticed
that it came with some junk preinstalled, so I proceeded to delete the
Roxio
software, that had about 8 different entries in the installed software
list.
As soon as I finished doing it, things started to go wrong:

-Everytime I turn on the computer, I get two error messages:
"MSASCUI.exe-Bad Image
C:\Program Files\Windows Defender\MpRTMon.DLL is either not desiged to run
on Windows or it contains an error. Try installing the program
again"...etc.

"WMI Provider Host stopped working and was closed".

The second one is particularly insistent, and will pop up every so often.
As a result of whatever has happened, I can't access Defender or even
reinstall it (as the installer says it's already part of Vista). My
antivirus
(AVG at the time) stopped working completely, and the Security Center has
also stopped responding at all. I'm concerned, because I now have no
antivirus protection at all.
Tried doing a quick reinstall of Vista, but it found an error and couldn't
be completed.
Any help would be much appreciated, since I'm at my wits end with this
one.
-----------------Since I posted this, other programs have become unstable
or
non responsive: Internet Explorer and Windows Live Messenger

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:15 AM, on 8/19/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\CTxfispi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Users\Plectrum\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.finderg.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) -
{22BF413B-C6D2-4d91-82A9-A0F997BA588C}
- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Browser Address Error Redirector -
{CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows
Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE
C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster
X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common
Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google
Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common
Files\AOL\1186515444\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support
Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-21-3744954288-2266759499-257931790-1000\..\Run:
[ehTray.exe]
C:\Windows\ehome\ehTray.exe (User '?')
O4 - HKUS\S-1-5-21-3744954288-2266759499-257931790-1000\..\Run:
[DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe"
/P
DellSupportCenter (User '?')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital
Line
Detect\DLG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program
Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} -
C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\Program Files\Google\Google Desktop
Search\Plugins\gdSkype\skype4com.dll
(file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner -
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown
owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file
missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program
Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program
Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\1050\Intel
32\IDriverT.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter)
(sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell
Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common
Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. -
C:\Windows\system32\DRIVERS\xaudio.exe
Click to expand...
 
R

Robinb

also the roxio cd burner is not bad that comes with Vista and if you want to
purchase a new application you really do not have to uninstall roxio.
Also you shoul know if you remove software and it says it thinks that other
programs are not using it- you should still never remove it because you
never know what program actually is or not using it. And since Vista is
still so quirky I would not remove that part because you do not know what
vista is going to do or not.
As you see in what happened to you.
I am betting one of those dll's Defender actually needed and you messed it
all up when you removed Roxio and told it to remove everything.
A rule of thumb for "craplets" that are put into the computer when bought to
remove are:
ISP trials you are not gonna use- aol, netzero, etc
You can take out all Trial Software unless you plan to purchase it.
The roxio software is basic but it is not bad at all and it is not a trial
software.
Just remember to go into Startup and take them out of there too if they do
not come off when from add/remove (or Programs- as it is called in Vista.
Windows Defender cannot be uninstalled from Vista and if you try to do it
you will wind up with a heap of trouble.
Also go to Run-msgconfig and go to the startup tab and uncheck the things
you do not want to run- but in here you have to be careful because in vista
since it is a pig- needs a bunch of stuff to load properly so be careful
what you take out.
robin



I purchased a new desktop system from Dell a couple of weeks ago. I noticed
that it came with some junk preinstalled, so I proceeded to delete the
Roxio
software, that had about 8 different entries in the installed software
list.
As soon as I finished doing it, things started to go wrong:

-Everytime I turn on the computer, I get two error messages:
"MSASCUI.exe-Bad Image
C:\Program Files\Windows Defender\MpRTMon.DLL is either not desiged to run
on Windows or it contains an error. Try installing the program
again"...etc.

"WMI Provider Host stopped working and was closed".

The second one is particularly insistent, and will pop up every so often.
As a result of whatever has happened, I can't access Defender or even
reinstall it (as the installer says it's already part of Vista). My
antivirus
(AVG at the time) stopped working completely, and the Security Center has
also stopped responding at all. I'm concerned, because I now have no
antivirus protection at all.
Tried doing a quick reinstall of Vista, but it found an error and couldn't
be completed.
Any help would be much appreciated, since I'm at my wits end with this
one.
-----------------Since I posted this, other programs have become unstable
or
non responsive: Internet Explorer and Windows Live Messenger

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:15 AM, on 8/19/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\CTxfispi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Users\Plectrum\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.finderg.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) -
{22BF413B-C6D2-4d91-82A9-A0F997BA588C}
- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Browser Address Error Redirector -
{CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows
Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE
C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster
X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common
Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google
Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common
Files\AOL\1186515444\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support
Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-21-3744954288-2266759499-257931790-1000\..\Run:
[ehTray.exe]
C:\Windows\ehome\ehTray.exe (User '?')
O4 - HKUS\S-1-5-21-3744954288-2266759499-257931790-1000\..\Run:
[DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe"
/P
DellSupportCenter (User '?')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital
Line
Detect\DLG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program
Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} -
C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\Program Files\Google\Google Desktop
Search\Plugins\gdSkype\skype4com.dll
(file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner -
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown
owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file
missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program
Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program
Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\1050\Intel
32\IDriverT.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter)
(sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell
Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common
Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. -
C:\Windows\system32\DRIVERS\xaudio.exe
Click to expand...
 
G

Guest

Something of interest:

http://weblog.infoworld.com/gripeline/archives/2007/07/roxio_takes_vis.html


I also like to get rid of vendor pre-installed crap. Looks like Roxio will
have to stay.

plectrum said:
I purchased a new desktop system from Dell a couple of weeks ago. I noticed
that it came with some junk preinstalled, so I proceeded to delete the Roxio
software, that had about 8 different entries in the installed software list.
As soon as I finished doing it, things started to go wrong:

-Everytime I turn on the computer, I get two error messages:
"MSASCUI.exe-Bad Image
C:\Program Files\Windows Defender\MpRTMon.DLL is either not desiged to run
on Windows or it contains an error. Try installing the program again"...etc.

"WMI Provider Host stopped working and was closed".

The second one is particularly insistent, and will pop up every so often.
As a result of whatever has happened, I can't access Defender or even
reinstall it (as the installer says it's already part of Vista). My antivirus
(AVG at the time) stopped working completely, and the Security Center has
also stopped responding at all. I'm concerned, because I now have no
antivirus protection at all.
Tried doing a quick reinstall of Vista, but it found an error and couldn't
be completed.
Any help would be much appreciated, since I'm at my wits end with this one.
-----------------Since I posted this, other programs have become unstable or
non responsive: Internet Explorer and Windows Live Messenger

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:15 AM, on 8/19/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\CTxfispi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Users\Plectrum\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.finderg.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C}
- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Browser Address Error Redirector -
{CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows
Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE
C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster
X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common
Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google
Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common
Files\AOL\1186515444\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support
Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-21-3744954288-2266759499-257931790-1000\..\Run: [ehTray.exe]
C:\Windows\ehome\ehTray.exe (User '?')
O4 - HKUS\S-1-5-21-3744954288-2266759499-257931790-1000\..\Run:
[DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P
DellSupportCenter (User '?')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line
Detect\DLG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program
Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} -
C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\Program Files\Google\Google Desktop Search\Plugins\gdSkype\skype4com.dll
(file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner -
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown
owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file
missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program
Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program
Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel
32\IDriverT.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter)
(sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell
Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common
Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. -
C:\Windows\system32\DRIVERS\xaudio.exe
Click to expand...
 
G

Guest

Sorry, about the 2nd post. Dell should provide the resources to properly
uninstall Roxio.

plectrum said:
I purchased a new desktop system from Dell a couple of weeks ago. I noticed
that it came with some junk preinstalled, so I proceeded to delete the Roxio
software, that had about 8 different entries in the installed software list.
As soon as I finished doing it, things started to go wrong:

-Everytime I turn on the computer, I get two error messages:
"MSASCUI.exe-Bad Image
C:\Program Files\Windows Defender\MpRTMon.DLL is either not desiged to run
on Windows or it contains an error. Try installing the program again"...etc.

"WMI Provider Host stopped working and was closed".

The second one is particularly insistent, and will pop up every so often.
As a result of whatever has happened, I can't access Defender or even
reinstall it (as the installer says it's already part of Vista). My antivirus
(AVG at the time) stopped working completely, and the Security Center has
also stopped responding at all. I'm concerned, because I now have no
antivirus protection at all.
Tried doing a quick reinstall of Vista, but it found an error and couldn't
be completed.
Any help would be much appreciated, since I'm at my wits end with this one.
-----------------Since I posted this, other programs have become unstable or
non responsive: Internet Explorer and Windows Live Messenger

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:15 AM, on 8/19/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\CTxfispi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Users\Plectrum\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.finderg.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C}
- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Browser Address Error Redirector -
{CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows
Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE
C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster
X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common
Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google
Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common
Files\AOL\1186515444\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support
Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-21-3744954288-2266759499-257931790-1000\..\Run: [ehTray.exe]
C:\Windows\ehome\ehTray.exe (User '?')
O4 - HKUS\S-1-5-21-3744954288-2266759499-257931790-1000\..\Run:
[DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P
DellSupportCenter (User '?')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line
Detect\DLG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program
Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} -
C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\Program Files\Google\Google Desktop Search\Plugins\gdSkype\skype4com.dll
(file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner -
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown
owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file
missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program
Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program
Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel
32\IDriverT.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter)
(sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell
Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common
Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. -
C:\Windows\system32\DRIVERS\xaudio.exe
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

sluggish computer 2
Windows 7 "Windows cannot find svchost.exe?" 1
Windows XP Windows XP Malware, Please Help. 2
Virtumonde 0
Windows XP Dell PC: c:\WINDOWS\system32\wavojami.dll not valid Windows image 2
winfixer and virtumundo.C HELP! 2
nothing like being screwed by a virus 3
Howzit!!! :) 2

Top