Minor but frustrating rundll problem in Vista PC

Here’s the problem. Whenever my 18-year-old logs on, on her “limited” user account, she gets a rundll message that fws19.dll cannot be found, and then another error message that xn8if.dll cannot be found. I can’t tell you how long this has been going on, since she doesn’t remember (I don’t use her computer except to fix it).

According to regedit, both dlls are mentioned as “data” in the registry, as follows:

uPc+njuZhfngqRaXms (that is where the data element fws19.dll appears) and
uPc+njuZhfngqNaXms (that is where the data element xn8if.dll appears).

I can’t tell, from the “find” feature, exactly where these strings appear in the registry, only that they are there. (Sorry, my experience with Vista is very limited.)

I am reluctant to just rename those lines, in case it would cause an unrecoverable problem with the computer. I can’t find any information when I google them, so I suspect they are the result of malware.

Scans Run:

I ran the 5 scans as requested. They all ran fine (I basically ran the whole battery twice -- a lot of stuff was cleaned up on the first go-round but I didn’t save the logs properly so I had to do it again). The only problem was RootRepeal which I have never gotten to complete. The last time I tried it gave me an error message that it “could not read our index blocks” after stalling for about a half an hour on its scan of c:\Windows\winsxs\Manifests. No report was issued. I am attaching an earlier RootRepeal report (one from yesterday) where it also bombed out.

Background:

It used to be that my daughter got 5 different rundll messages whenever she logged on, but now after running all the scans you recommended, it is down to 2. It used to be that I got the same error messages when I logged on using the administrator account, but now I don’t get any.

Running the scans cleaned up some things we didn’t expect – for example, we had been having problems logging on to the apple store, and McAfee wasn’t running properly.

But my daughter still gets the dll error messages – a minor problem, but I am worried that this is a sign that something is unfixed and might get worse. She is not a sophisticated computer user and undoubtedly is uploading files packing with malware. I now use McAfee and Prevx to prevent future problems, but I'd like to clean up the current ones (then I plan to upgrade her to Windows 7, hoping that will be more stable).

I'd really appreciate any help or suggestions.

Thanks!

 

I've attached the RootRepeal log from the one time I was able to get a log (yesterday), but I have never been able to get it to run properly.

 

Incidentally, if it would be helpful for me to give you the older logs. (As I mentioned, I ran all the programs you recommended but couldn't figure out where the logs were so I ran them again. I submitted only the most recent "run." But for most of the programs, I now have both the original logs and the re-run logs (which were run after a lot of junk was corrected).

By the way, I think for malwarebytes, you have to click the "log" tab before running the scan in order to have a log generated and saved -- at least that seemed to be the case for me. If I am right, you might want to update your otherwise very helpful instructions. Anyway, as a result I don't have an earlier log for malwarebytes.

 

Many many thanks for your response which I didn't see when I added my last note.

I realize you didn't want me to run the initial scans more than once, but I also couldn't find the logs from my first run. I wasn't careful initially about noticing how the logs were store -- my mistake. So I thought I had no choice but to re-run the programs. Now, belatedly, I have figured it out and have careful notes about how to find/save the logs for each of the programs.

Also, before I read your "read me" and started the majorgeeks process, I had run prevx and cccleaner both of which cleaned out a whole lot of stuff, and don't recall whether I saved logs. Amateur mistake. I also didn't think it mattered which user account I used and no longer recall which one I used.

I do have some of the earlier logs that your "readme" requests though (before I reran them), except I think malwarebytes [which requires hitting "log" before you run the program, and I didn't do that] and rootrepeal [which never ran right].

Also, as you suspected I did run all the scans from my own administrative user account (which was having problems too, so that wasn't necessarily a bad thing), and not from my daughter's limited user account.

So 2 questions:

Should I submit the first round of logs?

And should I now re-run the same battery of scans that your "read me" requests, after changing my daughter's user account to an administrative account and running them from her program? I think that is what you suggested below, but since you also reminded me not to run the programs more than one I want to be sure I am doing the right thing.

Again, many thanks for your help, Chaslang.

 

Thanks! I'm doing it now! (I just wanted confirmation that I should be running it on my daughter's account since you had reminded me that the software should only be run once.)

I really appreciate your help!

 

Running the scans on my daughter's user account seemed to solve the problem that I originally contacted you about (hooray!).

However, I now have a problem with some Dell Support Center software that may be related. I'm trying to resolve it with Dell.

I got a notification from Dell that I should upgrade the Dell Support Center software. I downloaded the new version, but it wouldn't install properly, so I tried to uninstall it, and then used Revo Uninstaller to really get rid of it. But try as I might, every time I restarted the computer, I'd get a message that it was trying to reinstall the software. I tried installing the software from scratch -- thinking I could then uninstall it -- but that would bomb out. Apparently there is a problem with the auinstaller.exe that Dell uses to install its software.

I tell you all this in case you have heard any other complaints about this -- it is possible that 3rd party malware is infecting the Dell installer?

I am hoping this is not a malware problem per se. However, when Dell tried to do a remote session with my computer to fix the problem this morning, the remote session software kept bombing out.

I'm beginning to think I need to wipe this computer clean and start from scratch! I have spent so much time on it!

 

Chaslang: Many thanks for your help -- I couldn't have done it without you and MajorGeeks! I think I finally got the Dell Support Center off permanently (it had kept reinstalling itself) (Dell was no help), and with the malware washed out I should be in good shape.

My next tasks are to strip anything out that might be slowing the computer (does MajorGeeks have recommendations for that?), and then I'm installing Windows 7; then we'll start reinstalling the programs we took off in the troubleshooting process.

So again -- thanks!

 

Thank you so much! Since it is my 19-year old's computer, not mine, I'm not going to worry too much about getting very second of speed out if it that I can. She is bound to fill it up with junk and malware before I can turn around, no matter how hard I try to keep it protected and clean! She tends to "click" on "yes" for everything!

But my next project is my computer, and then my spouse's, so you may hear from me yet again! (Though I don't think there is any malware on those ... at least not yet ... but I'm going to check for it, and get rid of software we don't need.) I have a hardware firewall and run McAfee, but that may not be enough.

You've been great -- I really appreciate it! Take care!