Having .NET Framework Problems Please Help

  • Pantyraid
  • Novice
  • Novice
  • Pantyraid
  • Posts: 15

Post 3+ Months Ago

at startup im getting two messages that are exactly the same:

Please set registry key HKLM\Software\Microsoft\.NETFramework\InstallRoot to point to the .NET Framework install location


any help would be great.
Thanks
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • Pantyraid
  • Novice
  • Novice
  • Pantyraid
  • Posts: 15

Post 3+ Months Ago

im also having all kinds of problems with my computer.... pop-ups, aim will randomly send messages to ppl on my buddy list, slow, slp and 0hot are showing up in the task manager, and i was wondering if rundll in the task manager is a trojan or adware or whatever.

here is my hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 2:54:58 PM, on 1/6/06
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\WININIT32.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WINDIR32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\WINDIR32.EXE
C:\WINDOWS\SYSTEM\AMQP.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\QUICKENW\QWDLLS.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\TEMP\WZ18E6\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {ED1E8384-5D29-54A4-3BB5-64F3BE4731C4} - C:\WINDOWS\SYSTEM\URWSQ.DLL
R3 - URLSearchHook: (no name) - {B07DEAA6-3101-6E82-4512-5E50D4503693} - C:\WINDOWS\SYSTEM\AEOPIQ.DLL
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\SYSTEM\AWVUR.DLL
O2 - BHO: (no name) - {ED1E8384-5D29-54A4-3BB5-64F3BE4731C4} - C:\WINDOWS\SYSTEM\URWSQ.DLL
O2 - BHO: (no name) - {B07DEAA6-3101-6E82-4512-5E50D4503693} - C:\WINDOWS\SYSTEM\AEOPIQ.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Microsoft Update 64 BIT] WININIT32.EXE
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [Microsoft Update 64 BIT] WININIT32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Ywp7RXMme] ICW3THR.EXE
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [Molw] "C:\Program Files\tpab\atae.exe" -vt yazr
O4 - HKCU\..\Run: [Hlcmiq] C:\WINDOWS\SYSTEM\amqp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Suar] "C:\Program Files\ibor\ohot.exe" -vt ndrv
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Quicken Startup.lnk = C:\Quickenw\QWDLLS.EXE
O4 - Startup: Billminder.lnk = C:\Quickenw\BILLMIND.EXE
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0588a0b1303 ... xIE601.cab
  • LAbrego
  • brego from LA
  • Web Master
  • User avatar
  • Posts: 2854

Post 3+ Months Ago

Hi Pantyraid, this is what you have to do:

1.- Run HijackThis and check the following items, don't click fix yet:
R3 - URLSearchHook: (no name) - {ED1E8384-5D29-54A4-3BB5-64F3BE4731C4} - C:\WINDOWS\SYSTEM\URWSQ.DLL
R3 - URLSearchHook: (no name) - {B07DEAA6-3101-6E82-4512-5E50D4503693} - C:\WINDOWS\SYSTEM\AEOPIQ.DLL
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\SYSTEM\AWVUR.DLL
O2 - BHO: (no name) - {ED1E8384-5D29-54A4-3BB5-64F3BE4731C4} - C:\WINDOWS\SYSTEM\URWSQ.DLL
O2 - BHO: (no name) - {B07DEAA6-3101-6E82-4512-5E50D4503693} - C:\WINDOWS\SYSTEM\AEOPIQ.DLL
O4 - HKLM\..\Run: [Microsoft Update 64 BIT] WININIT32.EXE
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKLM\..\RunServices: [Microsoft Update 64 BIT] WININIT32.EXE
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Ywp7RXMme] ICW3THR.EXE
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [Molw] "C:\Program Files\tpab\atae.exe" -vt yazr
O4 - HKCU\..\Run: [Hlcmiq] C:\WINDOWS\SYSTEM\amqp.exe
O4 - HKCU\..\Run: [Suar] "C:\Program Files\ibor\ohot.exe" -vt ndrv
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0588a0b1303 ... xIE601.cab

2.- Now close ALL windows & browsers and click FIX CHECKED

3.- Reboot into Safe Mode.
Tap F8 repeatedly when your machine starts to boot up.
Select 'Safe Mode' from the options that appear

4.- Set Windows to 'Show all files & folders'.
Click Start > My Computer> Tools> Folder Options>
On the View tab make sure that you:-
Select 'Show Hidden Files & Folders'
Uncheck 'Hide file extensions for known file types'.
Uncheck 'Hide protected operating system files'.
Click OK.

5.- Delete the following files (don't worry if you can't find all of them):
C:\WINDOWS\SYSTEM\URWSQ.DLL
C:\WINDOWS\SYSTEM\AEOPIQ.DLL
C:\WINDOWS\SYSTEM\AWVUR.DLL
WININIT32.EXE (usually in C:\Windows or C:\windows\system32)
windir32.exe (usually in C:\Windows or C:\windows\system32)
C:\WINDOWS\SYSTEM\amqp.exe

Also delete the following folders with all its contents:
C:\WINDOWS\SYSTEM\KB891711\
C:\Program Files\Common Files\VCClient\
C:\Program Files\tpab\
C:\Program Files\ibor\

6.- Reboot normaly

7.- When finish post a fresh HijackLog here.
  • Pantyraid
  • Novice
  • Novice
  • Pantyraid
  • Posts: 15

Post 3+ Months Ago

wow that seemed to work....thanks alot, i have been working on this for two days now.......here is my log:

Logfile of HijackThis v1.99.1
Scan saved at 4:56:43 PM, on 1/6/06
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\QUICKENW\QWDLLS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\TEMP\WZ25B9\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\SYSTEM\AWVUR.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Update 64 BIT] WININIT32.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [Microsoft Update 64 BIT] WININIT32.EXE
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Quicken Startup.lnk = C:\Quickenw\QWDLLS.EXE
O4 - Startup: Billminder.lnk = C:\Quickenw\BILLMIND.EXE
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab
  • LAbrego
  • brego from LA
  • Web Master
  • User avatar
  • Posts: 2854

Post 3+ Months Ago

You have a few leftovers:

1.- Run HijackThis and check the following items, don't click fix yet:
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\SYSTEM\AWVUR.DLL (file missing)

- if you removed windir32.exe and WININIT32.EXE these should be leftovers:
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKLM\..\Run: [Microsoft Update 64 BIT] WININIT32.EXE
O4 - HKLM\..\RunServices: [Microsoft Update 64 BIT] WININIT32.EXE
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

2.- Now close ALL windows & browsers and click FIX CHECKED

3.- To be sure reboot your computer again.

4.- When finish open HijackThis again, scan and check if those entries were removed.

Post Information

  • Total Posts in this topic: 5 posts
  • Users browsing this forum: No registered users and 42 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.