Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Error dll32.exe

12 Oct 2011   #11

Windows 7 & Windows Vista Ultimate

Hi, yasmeen92.

It appears that I was correct and you got some malicious bits with files downloaded via uTorrent. Please follow these instructions carefully.

Download ComboFix from one of the following locations:

Link 1
Link 2

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

  • [b]Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.

    Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.
  • If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
  • Double-click ComboFix.exe on your desktop and follow the prompts.
  • As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

  • After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

  • Click "Yes" to continue scanning for malware.
  • When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.

My System SpecsSystem Spec
15 Oct 2011   #12

windows 7

Thank you for going through so much trouble for me

heres the .txt

ComboFix 11-10-15.03 - yasmeen 10/15/2011 15:10:09.1.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1256.971.1033.18.1791.995 [GMT 4:00]
Running from: c:\users\yasmeen.lg-PC\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
Infected copy of c:\windows.starter.original\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows.starter.original\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_micro soft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
((((((((((((((((((((((((( Files Created from 2011-09-15 to 2011-10-15 )))))))))))))))))))))))))))))))
2011-10-15 11:21 . 2011-10-15 11:21 -------- d-----w- c:\users\yasmeen\AppData\Local\temp
2011-10-15 11:21 . 2011-10-15 11:21 -------- d-----w- c:\users\YASMEE~1~LG-\AppData\Local\temp
2011-10-15 11:21 . 2011-10-15 11:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-15 11:21 . 2011-10-15 11:21 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-10-14 11:24 . 2011-10-14 11:24 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F8CA085-4785-4C04-9A8F-8C78EA05742A}\offreg.dll
2011-10-14 11:24 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F8CA085-4785-4C04-9A8F-8C78EA05742A}\mpengine.dll
2011-10-13 06:34 . 2011-08-20 04:35 44544 ----a-w- c:\windows.starter.original\system32\licmgr10.dll
2011-10-13 06:34 . 2011-08-20 04:35 163328 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2011-10-13 06:34 . 2011-08-20 03:26 386048 ----a-w- c:\windows.starter.original\system32\html.iec
2011-10-13 06:34 . 2011-10-01 02:59 1638912 ----a-w- c:\windows.starter.original\system32\mshtml.tlb
2011-10-09 17:47 . 2011-10-09 17:47 -------- d-----w- c:\program files\ESET
2011-10-09 13:12 . 2011-10-09 13:12 -------- d-----w- c:\users\yasmeen.lg-PC\AppData\Roaming\Malwarebytes
2011-10-09 13:11 . 2011-10-09 13:11 -------- d-----w- c:\programdata\Malwarebytes
2011-10-09 13:11 . 2011-10-09 13:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-09 13:11 . 2011-08-31 13:00 22216 ----a-w- c:\windows.starter.original\system32\drivers\mbam.sys
2011-10-09 13:07 . 2011-10-09 13:07 -------- d-----w- c:\users\yasmeen.lg-PC\AppData\Roaming\Uniblue
2011-10-09 13:07 . 2011-10-09 13:07 -------- d-----w- c:\program files\Uniblue
2011-10-06 12:24 . 2011-10-06 12:24 -------- d-----w- C:\rei
2011-10-06 12:23 . 2011-10-06 12:23 -------- d-----w- c:\program files\Reimage
2011-09-21 11:34 . 2011-09-24 13:08 -------- d-----w- c:\users\yasmeen.lg-PC\AppData\Roaming\vlc
2011-09-21 11:33 . 2011-09-21 11:33 -------- d-----w- c:\program files\VideoLAN
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2011-10-13 12:15 . 2011-05-30 18:54 414368 ----a-w- c:\windows.starter.original\system32\FlashPlayerCPLApp.cpl
2011-10-03 17:23 . 2011-06-25 22:48 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyAs.dll" [2011-01-17 175912]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 09:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2011-01-17 13:54 175912 ----a-w- c:\program files\MyAshampoo\prxtbMyAs.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyAs.dll" [2011-01-17 175912]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\prxtbMyAs.dll" [2011-01-17 175912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00 avast]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-05-31 399736]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2011-08-18 67456]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-30 273544]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
c:\users\yasmeen.lg-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-8-8 576000]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-9-14 113664]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R3 cpuz134;cpuz134;c:\users\YASMEE~1.LG-\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows.starter.original\system32\Drivers\RtsUStor.sys [2009-06-24 167424]
R3 RtsUIR;Realtek IR Driver;c:\windows.starter.original\system32\DRIVERS\Rts516xIR.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows.starter.original\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows.starter.original\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S3 fspad_wlh32;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows.starter.original\system32\DRIVERS\fspad_wlh32.sys [2010-01-13 43520]
S3 MBAMProtector;MBAMProtector;c:\windows.starter.original\system32\drivers\mbam.sys [2011-08-31 22216]
S3 MTsensor32;PU ACPI UTILITY;c:\windows.starter.original\system32\DRIVERS\PuAcpi32.sys [2009-06-04 14344]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows.starter.original\system32\DRIVERS\rtl8192se.sys [2009-10-02 862208]
S3 SiS6350;SiS6350;c:\windows.starter.original\system32\DRIVERS\SISGRKMD.sys [2010-01-14 465920]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows.starter.original\system32\DRIVERS\SiSGB6.sys [2009-07-13 48128]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows.starter.original\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
2009-07-14 01:14 176128 ----a-w- c:\windows\System32\ie4uinit.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
2009-07-14 01:14 44544 ----a-w- c:\windows\System32\rundll32.exe
Contents of the 'Scheduled Tasks' folder
2011-10-15 c:\windows.starter.original\Tasks\GoogleUpdateTaskUserS-1-5-21-4164346892-3130373211-1317641167-1002Core.job
- c:\users\yasmeen.lg-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-30 18:42]
2011-10-15 c:\windows.starter.original\Tasks\GoogleUpdateTaskUserS-1-5-21-4164346892-3130373211-1317641167-1002UA.job
- c:\users\yasmeen.lg-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-30 18:42]
2011-10-15 c:\windows.starter.original\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-10-09 09:48]
------- Supplementary Scan -------
uStart Page = hxxp://
mLocal Page = c:\windows\System32\blank.htm
TCP: DhcpNameServer =
FF - ProfilePath - c:\users\yasmeen.lg-PC\AppData\Roaming\Mozilla\Firefox\Profiles\3otr3isf.default\
FF - prefs.js: - hxxp://{searchTerms}
FF - prefs.js: - MyAshampoo Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://
FF - prefs.js: keyword.URL - hxxp://
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
------- File Associations -------
JSEFile=c:\windows\System32\WScript.exe "%1" %*
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
HKCU-Run-Skype - c:\program files\Skype\Phone\Skype.exe
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-zOSD - c:\program files\LG Software\LG OSD\HotKey.exe
HKLM-Run-UCam_Menu - c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
HKLM-Run-SiSTray - c:\program files\SiS VGA Utilities\SiSTray.exe
HKLM-Run-KeybdUtility - c:\program files\LG Software\LG OSD\HotKey.exe
HKLM-Run-fspuip - c:\program files\FSP\fspuip.exe
HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
HKLM-Run-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
AddRemove-Adobe AIR - c:\program files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Driver Genius Professional Edition_is1 - c:\program files\Driver-Soft\DriverGenius\unins000.exe
AddRemove-EADM - c:\program files\Electronic Arts\EADM\Uninstall.exe
AddRemove-InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D} - c:\program files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\SETUP.EXE
AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
AddRemove-NSS - c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\\InstStub.exe
AddRemove-PROPLUS - c:\program files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe
AddRemove-SiS VGA Utilities - c:\program files\SiS VGA Utilities\Setup.exe
AddRemove-{01FB4998-33C4-4431-85ED-079E3EEFE75D} - c:\program files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\SETUP.EXE
AddRemove-{96AE7E41-E34E-47D0-AC07-1091A8127911} - c:\program files\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\SETUP.EXE
AddRemove-{9D3D8C60-A55F-4fed-B2B9-173F09590E16} - c:\program files\InstallShield Installation Information\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}\Install.exe
--------------------- LOCKED REGISTRY KEYS ---------------------
@Denied: (Full) (Everyone)
------------------------ Other Running Processes ------------------------
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Uniblue\RegistryBooster\registrybooster.exe
c:\program files\Windows Media Player\wmpnetwk.exe
Completion time: 2011-10-15 15:30:56 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-15 11:30
Pre-Run: 124,497,047,552 bytes free
Post-Run: 124,209,733,632 bytes free
- - End Of File - - E9A26313364BFAD7F98B933A8A344D7C
My System SpecsSystem Spec
15 Oct 2011   #13

Windows 7 & Windows Vista Ultimate

Hi, yasmeen92.

Please see my earlier post with regard to P2P programs and registry cleaners.

As you can see from my report at How Windows PCs Get Infected with Malware, out of date Java JRE and Adobe products have been identified as being used the most by malware.

Thus, please do the following in the order provided:

1. Install the latest version of Adobe Reader from PDF reader, protected mode | Adobe Reader X

2. Please download JavaRa and unzip it to your desktop.

  • Double-click on JavaRa.exe to start the program. (Windows Vista users Right-click JavaRa.exe > Select Run as Administrator)
  • Click on Remove Older Versions to remove older versions of Java.
  • A logfile will pop up. Please save it to a convenient location.

3. Then download and install Java SE Runtime Environment 6u27.

Note: UNCHECK any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

4. Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

  • Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK). Copy/Paste all of the text present inside the code box below:
  • Save this as CFScript.txt and place it on your desktop.
  • Close any open browsers.
  • Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
My System SpecsSystem Spec

08 Dec 2011   #14

windows 7

Hey Corine,

sorry I havent been on for a while because I have been travailing, I downloaded the adobe reader but the Java doesnt see to work
My System SpecsSystem Spec
08 Dec 2011   #15

Microsoft Community Contributor Award Recipient

Windows 8.1 Pro x64

Quote   Quote: Originally Posted by yasmeen92 View Post
Hey Corine,

sorry I havent been on for a while because I have been travailing, I downloaded the adobe reader but the Java doesnt see to work

Sorry to interrupt, but it would speed things up if you told Corrine whether or not you ran the CF custom script :) I'm just trying to save time here as I know Corrine is a very busy person.

My System SpecsSystem Spec
08 Dec 2011   #16

Windows 7 & Windows Vista Ultimate

Quote   Quote: Originally Posted by yasmeen92 View Post
Hey Corine,

sorry I havent been on for a while because I have been travailing, I downloaded the adobe reader but the Java doesnt see to work
Hi, yasmeen92.

It has been a while. There's been a couple updates of Java since I posted those instructions.

Did you run JavaRa? Did you download the offline install of Java? Was there an error message?
My System SpecsSystem Spec
10 Dec 2011   #17

Win7 32 bit

If it's still not fixed, look at your error logs. dll32.exe sounds like a service is crashing and it's not telling you which one. But some of the other errors might just reveal your wayward service or driver.
My System SpecsSystem Spec

 Error dll32.exe

Thread Tools

Similar help and support threads
Thread Forum
Burnt out from error error error! Time to go back to Paper.
Hello there. I have been redirected here by jamanji, whom has been most helpful by the way. My PC crashed a little over a week ago. Rather than retype everything, I would like to give you the link to my post. I am not 'Tech' per se, but I would like to try and resolve my problem myself, To...
System Security
Error 41, Error 1001 and error 6008.
Hello there. Recently my computer have just randomly shutdown meanwhile i'm playing games like CS;GO, League of Legends. The screen will just turn black and it will start to make one hell of annoying noise untill it reboots. I've updated all my drivers. Tested my memory. Tested my RAM. Run a...
BSOD Help and Support
Error copying file: Data error (cyclic redundancy check). CRC Scan ?
Edit: Think my hard drive may be failing and was the cause of my file synchronizing crash. I use it mostly to stream music and video and access the hard drive a lot. Any advice thanks HDDStatus - Tool to check hard disk status, health and reliability Hey, I've been using GoodSync for the...
Backup and Restore
BSOD by ntoskrnl.exe, error d1, error 3b, error 1a
I've just install windows 7 home premium 64bit and got 4 times of BSOD. for the first time error code is 0x0000001a for the 2nd time error code is 0x0000003b for the 3rd time error code is 0x0000003b for the 4th time error code is 0x000000d1 I also attach minidump files and text files that...
BSOD Help and Support
Scan Error Error while Scan::0::LEAD Error: Twain source manager no
hi.... i have promblme , i do not know how to fix it.. i have kodak scnners i1220 plus i have RD Web Access the promblme is.. I have a system based on Oracle has been connted with one scanners( i connected with scanners) When i do a scan shows me this a message (Scan Error Error while...
Hardware & Devices

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 21:24.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App