 |
 |
|
|
|
|
Welcome to the { mindfrost82.com } forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact contact us. |
|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread | Display Modes |
08-22-2008, 02:30 AM
|
|||
|
|||
|
RUNDLL Error Loading: ... ACCESS DENIED
Under Win XP Pro SP3
Spyware and virus associated with it was recently removed from System and now every time someone logs in to any profile other than the Administrator the following errors will pop: Loading: c/winnt/system32/ojncembx.dll Access Denied (OK Button only) Loading: c/winnt/system32/mhpfbmxu.dll Access Denied (OK Button only) However if logged as the administrator there are not error pops and the processes described above are running in the background under explorer. Please Advice Thanks 
|
|
08-22-2008, 03:20 AM
|
|||
|
|||
|
Re: RUNDLL Error Loading: ... ACCESS DENIED
Abigail wrote:
> Under Win XP Pro SP3 > Spyware and virus associated with it was recently removed from System and > now every time someone logs in to any profile other than the Administrator > the following errors will pop: > > Loading: C:\Winnt\System32\ojncembx.dll Access Denied (OK Button only) > Loading: C:\Winnt\System32\mhpfbmxu.dll Access Denied (OK Button only) > > However if logged as the administrator there are no error pops and the > processes described above are running in the background under Explorer. > > Please Advise, > Thanks It reads as though the virus is still alive and well in the administrator account. You might run your a/v software from that account. Also try one of these free online virus scans: This one has a choice of a Quick or a Complete check http://www.pcpitstop.com/ Symantec http://security.symantec.com/default...d=ie&venid=sym <url:http://security2.norton.com/us/home.asp?j=1&venid=sym&langid=us&plfid=20&pkj=IHBE XIBVEMBQAUWZKTK> then click the Security check link. http://housecall.antivirus.com/ free online virus scan http://www.ewido.net/en/ http://www.pandasoftware.com/products/activescan.htm When the malware was deleted by your a/v software, the reference to the file was not removed from the registry. Click Start, Run, type REGEDIT, click OK. Press the Home key, press F3, type the name of the file into the search pane. Click "Find Next", and when located, delete the reference to the file. Press F3 to continue the search. You can click File, Export, and save the entry to the Desktop. If you remove it and there's a problem, double-click the .reg file you exported to the Desktop and it'll be added to the registry again. You can create a restore point before editing the registry too. You could click Start, Run, type MSCONFIG, click OK, click the StartUp tab, and deselect the item(s). When you restart the computer, you will be warned that you're running in the Diagnostic mode; click to not alert you again, and OK out. You won't see the message again. But I think it's best to just remove the references from the registry. -- Joe =o)
|
|
08-22-2008, 08:04 PM
|
|||
|
|||
|
Re: RUNDLL Error Loading: ... ACCESS DENIED
Just run Symantec Antivirus with the latest definitions all night (last
night), results are clean. The items previously described were removed with SUPERAntiSpyware; I will run it again tonight selecting full system scan and post results tomorrow. Thanks for your answer. Abigail "Elmo" wrote: > Abigail wrote: > > Under Win XP Pro SP3 > > Spyware and virus associated with it was recently removed from System and > > now every time someone logs in to any profile other than the Administrator > > the following errors will pop: > > > > Loading: C:\Winnt\System32\ojncembx.dll Access Denied (OK Button only) > > Loading: C:\Winnt\System32\mhpfbmxu.dll Access Denied (OK Button only) > > > > However if logged as the administrator there are no error pops and the > > processes described above are running in the background under Explorer. > > > > Please Advise, > > Thanks > > It reads as though the virus is still alive and well in the > administrator account. You might run your a/v software from that > account. Also try one of these free online virus scans: > > This one has a choice of a Quick or a Complete check > http://www.pcpitstop.com/ > > Symantec > http://security.symantec.com/default...d=ie&venid=sym > > <url:http://security2.norton.com/us/home.asp?j=1&venid=sym&langid=us&plfid=20&pkj=IHBE XIBVEMBQAUWZKTK> > then click the Security check link. > > http://housecall.antivirus.com/ free online virus scan > > http://www.ewido.net/en/ > > http://www.pandasoftware.com/products/activescan.htm > > When the malware was deleted by your a/v software, the reference to the > file was not removed from the registry. > > Click Start, Run, type REGEDIT, click OK. Press the Home key, press F3, > type the name of the file into the search pane. Click "Find Next", and > when located, delete the reference to the file. Press F3 to continue > the search. > > You can click File, Export, and save the entry to the Desktop. If you > remove it and there's a problem, double-click the .reg file you exported > to the Desktop and it'll be added to the registry again. You can create > a restore point before editing the registry too. > > You could click Start, Run, type MSCONFIG, click OK, click the StartUp > tab, and deselect the item(s). When you restart the computer, you will > be warned that you're running in the Diagnostic mode; click to not alert > you again, and OK out. You won't see the message again. But I think > it's best to just remove the references from the registry. > > -- > Joe =o) >
|
|
08-23-2008, 07:06 AM
|
|||
|
|||
|
Re: RUNDLL Error Loading: ... ACCESS DENIED
Elmo,
As said in my previous post I just finished performing the additional SpyW scan and cleared some cookies and a couple variants of the same items deleted before, additionally I did the registry corrections that you are recommending there was two references for (ojncembx.dll) and one for (mhpfbmxu.dll) but it did not delete one of the former, though I did a backup of the these reg. files anyway and everything seems like is working properly but down to only one Rundll error now: Error Loading: C:\Winnt\System32\ojncembx.dll Access Denied What should I do next?
|
|
08-23-2008, 08:54 AM
|
|||
|
|||
|
Re: RUNDLL Error Loading: ... ACCESS DENIED
On Fri, 22 Aug 2008 23:06:00 -0700, Abigail
<Abigail@discussions.microsoft.com> wrote: > >Elmo, > >As said in my previous post I just finished performing the additional SpyW >scan and cleared some cookies and a couple variants of the same items deleted >before, additionally I did the registry corrections that you are recommending >there was two references for (ojncembx.dll) and one for (mhpfbmxu.dll) but it >did not delete one of the former, though I did a backup of the these reg. >files anyway and everything seems like is working properly but down to only >one Rundll error now: > >Error Loading: C:\Winnt\System32\ojncembx.dll Access Denied > >What should I do next? Google and d/l Unlocker and see if that helps .
|
|
08-23-2008, 07:58 PM
|
|||
|
|||
|
Re: RUNDLL Error Loading: ... ACCESS DENIED
"jimbo571@operamail.com" wrote: > > Google and d/l Unlocker and see if that helps . > Would you please elaborate some more? What exactly I'm looking for? What it is for and what does it do? After searching for the name you are recommending I get zillions of different things. Thanks in Advance
|
|
08-23-2008, 08:53 PM
|
|||
|
|||
|
Re: RUNDLL Error Loading: ... ACCESS DENIED
Abigail wrote:
> > "jimbo571@operamail.com" wrote: > >> Google and d/l Unlocker and see if that helps . >> > > Would you please elaborate some more? What exactly I'm looking for? What it > is for and what does it do? > > After searching for the name you are recommending I get zillions of > different things. > > Thanks in Advance Try Download.com which is owned by c/net: http://www.download.com/Unlocker/300...-10493998.html -- Joe =o)
|
|
08-24-2008, 06:10 PM
|
|||
|
|||
|
Re: RUNDLL Error Loading: ... ACCESS DENIED
"Elmo" wrote: > Try Download.com which is owned by c/net: > > http://www.download.com/Unlocker/300...-10493998.html > Thanks for the link but the tool does not work under registry or the registry hierarchy entry lists, I even attempted to edit the exported key by removing the entry of the path to the file in question but that only merges back the contents, it does not replace it. This is getting frustrating. Any more suggestions will be appreciated Thanks in advance
|
|
08-25-2008, 01:54 AM
|
|||
|
|||
|
Re: RUNDLL Error Loading: ... ACCESS DENIED
Abigail wrote:
> > "Elmo" wrote: > >> Try Download.com which is owned by c/net: >> >> http://www.download.com/Unlocker/300...-10493998.html >> > > Thanks for the link but the tool does not work under registry or the > registry hierarchy entry lists, > > I even attempted to edit the exported key by removing the entry of the path > to the file in question but that only merges back the contents, it does not > replace it. > This is getting frustrating. > Any more suggestions will be appreciated > > Thanks in advance Run Msconfig, open the Startup folder and see if the entries are there. If so, try deselecting them there. When you restart the computer, you will be asked if you want to run in Diagnostic Mode. Answer yes, and check the box so you aren't asked at each boot. Autoruns might do something for you too, though I've never tried it. 39. AutoRuns - All Programs Running Boot/Login http://www.kellys-korner-xp.com/xp_tweaks.htm -- Joe =o)
|
|
08-25-2008, 02:58 AM
|
|||
|
|||
|
Re: RUNDLL Error Loading: ... ACCESS DENIED
"Elmo" wrote: > > Run Msconfig, open the Startup folder and see if the entries are there. > If so, try deselecting them there. When you restart the computer, you > will be asked if you want to run in Diagnostic Mode. Answer yes, and > check the box so you aren't asked at each boot. > > Autoruns might do something for you too, though I've never tried it. > > 39. AutoRuns - All Programs Running Boot/Login > http://www.kellys-korner-xp.com/xp_tweaks.htm > > -- > Joe =o) > I will need more directions, sorry I'm unfamiliar with it but if I do the Msconfig thing and once I enter the Diagnostic mode, where do I go from there? By reading at similar threads I found and tried something called (StartupTracker3) I think is similar to what you are suggesting (Autoruns). After runing StartupTracker3 in the resulting startuplog under Registry Items you will notice there is a: BMaac9df33 Rundll32.exe "C:\WINNT\system32\ojncembx.dll",s And under running processes: rundll32.exe "C:\WINNT\system32\Rundll32.exe" "C:\WINNT\system32\ojncembx.dll",s Under running Services: None Here is the complete part of the log report: ############################################## 8/24/2008 6:37:34 PM -- Registry -- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunOnce No Items Found -- Registry -- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run Synchronization Manager mobsync.exe /logon NvCplDaemon RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup nwiz nwiz.exe /install vptray C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe NeroFilterCheck C:\WINNT\system32\NeroCheck.exe Adobe Reader Speed Launcher "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" zBrowser Launcher C:\Program Files\Logitech\iTouch\iTouch.exe InCD C:\Program Files\Ahead\InCD\InCD.exe QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime NvMediaCenter RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit SystemTray SysTray.Exe BMaac9df33 Rundll32.exe "C:\WINNT\system32\ojncembx.dll",s TraySantaCruz C:\WINNT\system32\tbctray.exe -- Registry -- HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunOnce No Items Found -- Registry -- HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run NBJ "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" ctfmon.exe C:\WINNT\system32\ctfmon.exe -- Registry -- HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce ^SetupICWDesktop C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop -- Registry -- HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run No Items Found -- Start Menu - Current User -- No Items Found -- Start Menu - All Users -- Adobe Gamma Loader.lnk Microsoft Office.lnk -- Disabled Items -- No Items Found -- Registry - Shell Value - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -- Explorer.exe -- Running Processes -- System Idle Process System smss.exe \SystemRoot\System32\smss.exe csrss.exe winlogon.exe winlogon.exe services.exe C:\WINNT\system32\services.exe lsass.exe C:\WINNT\system32\lsass.exe svchost.exe C:\WINNT\system32\svchost -k DcomLaunch svchost.exe svchost.exe C:\WINNT\System32\svchost.exe -k netsvcs svchost.exe svchost.exe spoolsv.exe C:\WINNT\system32\spoolsv.exe DefWatch.exe "C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe" InCDsrv.exe "C:\Program Files\Ahead\InCD\InCDsrv.exe" Rtvscan.exe "C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe" nvsvc32.exe C:\WINNT\system32\nvsvc32.exe svchost.exe C:\WINNT\system32\svchost.exe -k imgsvc alg.exe explorer.exe C:\WINNT\Explorer.EXE VPTray.exe "C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" reader_sl.exe "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" iTouch.exe "C:\Program Files\Logitech\iTouch\iTouch.exe" InCD.exe "C:\Program Files\Ahead\InCD\InCD.exe" rundll32.exe "C:\WINNT\system32\RUNDLL32.EXE" C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit rundll32.exe "C:\WINNT\system32\Rundll32.exe" "C:\WINNT\system32\ojncembx.dll",s tbctray.exe "C:\WINNT\system32\tbctray.exe" ctfmon.exe "C:\WINNT\system32\ctfmon.exe" StartupTracker3.exe "C:\StartupTracker3\StartupTracker3.exe" wmiprvse.exe ##############################################
|
|
|
| Thread Tools | Search this Thread |
| Display Modes | |
|
|
Linear Mode
