msrating.dll error launching MSN messanger!

Hello, I have msrating.dll errors everytime I launch appl like MSn mesanger or an other chat application I have in my pc, and this terminate the program.
I should say I have deleted (tried to) delete MExplorer because of a adware who always launched a page with Explorer, while I had always used Netscape, and now I'm with Opera.

What 's the problem with this dll? I have downloaded and copied in system folder, I thought I hadnt' but actually there was!
Pardon my crappy english!

 

I have downloaded and copied in system folder, I thought I hadnt' but actually there
That may have made it worse.
That is a Internet Explorer file, and you need to repair IE.
Get your XP CD ready, go to Start\Run, type in 'SFC /SCANNOW' and press Enter. Insert the CD when prompted for it.
I believe you may have something hooked into your system, just trying to delete MExplorer won't fix it.
Please follow the instructions on the link below, and post a HijackThis on here.
http://www.windowsbbs.com/showthread.php?t=37074

 

Dang It! As usual I'm late out of the gate. I have been writing a darned notepad text addressing this issue and now I have nowhere to go with it. Since I spent time writing it I'm going to paste in in here anyway. Much of what I have is as Mark62 called it but it does have a few points not covered by Mark and some details and comments thrown in for F.Y.I. content. Use what you want and ignore the rest:

Keep in mind that I am not familiar with either Opera or Netscape and how (or if) they integrate or use IE files or shared plugins. I do know problems in this area are most likely related to IE. Msrating.dll is an IE file. It could be caused by several things. My best guesstimates; file corruption, file overwrites (mismatched or wrong versions), bad installs/uninstalls/updates, bad malware/adware cleanup, just to name a few. You mentioned having previous malware/adware problems combined with trying to use your own brute method of dealing with the IE problem:

quote:
"I have deleted (tried to) delete MExplorer because of a adware" and "I have downloaded and copied in system folder ".

This does not sound like it was a very good idea. Besides the obvious possible problem of a missing file crippling a system, many files are version specific. Replacing a file by copying may either "fail all together" or cause problems due to wrong version of the file you replaced. Many dlls cannot be installed or replaced properally by using a copy and paste method.

(Note: not sure what you mean by Mexplorer. MSNExplorer????)

One thing to keep in mind is that, while you may use or prefer to use alternative browsers, IE is still part of windows operating system. It is so "integrated into" and "part of the OS ", any "inventive/fly by the seat of pants" methods to repair, fix or eliminate a nuisance can create a bigger problem then you had to begin with. Any problem you choose to ignore or put off dealing with, by using workarounds, always has the same risk. An update, added software, virus, malware/adware does not care that you may use another browser. Shared IE files will still be effected and thereby windows operating system and other applications will be effected. Registry changes play a large part in this. These changes may even effect any application, chat api's as well as your alternative browser behaviors. All may/can be integrated or codependent by the sharing of security settings, common files, plugins, applications and their co-api's.

Regardless you could try something as simple as:
Try to register this dll
regsvr32 msrating.dll /s from the startbutton>runline by either typing or copying the bolded command given.

But..................

My bet is the same as Marks. You still have malware/adware problems....
You still may have malware/adware baggage that you are unaware of. While I'm sure you did your best to insure this or these have been removed thoroughly and permanently sometimes even the best of us need help. Second opinions and expert guided procedures for these cleanups may be needed. Msrating.dll is often associated with malware/adware infestion. These buggers like to mess with your "security settings and permissions" so their own preferred or needed privileges and access permissions can be added. These permissions would allow for the changing or modifying of files/settings of your preferred defaults. All done so to-do scripting, hijacking, redirects, and defaults changes can be done. This bbs board has an excellent (bar none) subforum for help with detecting, cleaning and dealing with critters. Read "welcome" stickie pinned to top of that subforum. Follow requested procedures and paste resultant highjackthis.log up. Many eyes and heads can spot problems you may have missed.

After trying the above: Other things to keep in mind or that you could try......

Have you set or did you use IE's "content advisor "? Any settings or filtering here may have longer reaching co-dependant tentacles then realized (or known to me). Even though it is not your default or prefered browser, does IE open and function without a problem?

Check for "protected system file" mismatch, missing or corruption by using startbutton runline command of sfc /scannow. The xp cd may be required or "requested for ".

Do a repair install of IE. Stickie how-tos pinned in IE forum.

Hold any recent update under suspicion. Check to see if the latest updates you've done involved msrating.dll replacement.
An example of such an update would be:
Microsoft Security Bulletin MS05-020
Cumulative Security Update for Internet Explorer (890923)
http://www.microsoft.com/technet/security/Bulletin/MS05-020.mspx

You may need to uninstall such a recent update and rollback system to a previous time using "system restore ". On the flip side, it may be possible for any new update that you have not installed yet, that includes this file, could take care of the problem. <- Not the prefered method, for it is never a really good idea to install an update with the expectation that it will take care of any running problems you have but in some cases it is worth a shot. It depends on the nature of the problem.

 

thank you so much

for replying, I have just wake up and now have to go, but I'll follow your instructions instantly when I'll be back
Thank you.

 

I have no more IE.exe, just a file in internet esplorer folder called iedw.exe
and I remember I set some filter to avoid opening of a known bad site! (the damned adware dialer!!!)
It used to open and give error for some time, then my sister removed it "completely "...
Anyway, that's my scan file with Hijack This, hope this helps, looks messy to my OS ignorance too!!:

Logfile of HijackThis v1.99.1
Scan saved at 1.56.52, on 05/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\CFusion\cfam\program\ccmgr.exe
C:\Programmi\Sitecom USB ADSL modem DC-204\CnxDslTb.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Program Files\Atnldc\Mjrw.exe
C:\WINDOWS\comm.exe
C:\CFusion\Bin\cfserver.exe
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\CFusion\cfam\Program\dfp.exe
C:\CFusion\cfam\Program\wsm.exe
C:\CFusion\cfam\Program\wsprobe.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\CFusion\Bin\cfexec.exe
C:\CFusion\Bin\cfrdsservice.exe
C:\CFusion\JRun\bin\JRun.exe
C:\CFusion\jrun\bin\jrun.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\CFusion\jre\bin\ntConsoleJava.exe
C:\CFusion\jre\bin\ntConsoleJava.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\CFusion\cfam\bin\CANamingAdapter.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\comm.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Opera\Opera.exe
C:\Programmi\Winamp\winamp.exe
C:\Programmi\WS_FTP Pro\WS_FTP95.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\AKRON\Impostazioni locali\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.sfonditalia.biz?1746
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {00000000-0000-4B18-903D-FD0BE5E3E815} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Programmi\Sitecom USB ADSL modem DC-204\CnxDslTb.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe "
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Sclnyxk] C:\Program Files\Atnldc\Mjrw.exe
O4 - HKLM\..\Run: [Communicator] C:\WINDOWS\comm.exe /i
O4 - HKLM\..\Run: [gcasServ] "C:\Programmi\Microsoft AntiSpyware\gcasServ.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\RunServices: [Microsoft Update] winsys.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: WorldWide-Cash.net - {2997582C-1585-4f15-BF54-3B9AC67329D0} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: WorldWide-Cash.net - {2997582C-1585-4f15-BF54-3B9AC67329D0} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: TesasTeaMails - {B791C86A-A79B-48de-9F62-D3AEC4B7A260} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: TesasTeaMails - {B791C86A-A79B-48de-9F62-D3AEC4B7A260} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: No-Minimum.com - {BA5861E2-9048-40fc-96EB-4EDCC379588F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: No-Minimum.com - {BA5861E2-9048-40fc-96EB-4EDCC379588F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: MistyAndSamsCash - {FBFD8C12-7530-4f0b-8E0A-8EEB4A3D503F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: MistyAndSamsCash - {FBFD8C12-7530-4f0b-8E0A-8EEB4A3D503F} - C:\WINDOWS\System32\shdocvw.dll
O15 - Trusted Zone: www.sfonditalia.biz
O16 - DPF: {AA38B87E-CF40-11D4-B4F3-000000000000} (NetInstaller Control) - http://download.netfraternity.net/netinstaller.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39766BC7-A075-44C9-8B79-DD5FBD191F8D}: NameServer = 130.244.127.169 130.244.127.161
O18 - Filter: text/html - {D7806F98-C55E-4555-8ACF-A62EB03AB008} - (no file)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: ColdFusion Monitoring Service (ClusterCATS Service) - Unknown owner - C:\CFusion\cfam\program\ccmgr.exe
O23 - Service: Cold Fusion Application Server - Macromedia Inc. - C:\CFusion\Bin\cfserver.exe
O23 - Service: ColdFusion Executive (Cold Fusion Executive) - Macromedia Inc. - C:\CFusion\Bin\cfexec.exe
O23 - Service: ColdFusion RDS (Cold Fusion RDS) - Macromedia Inc. - C:\CFusion\Bin\cfrdsservice.exe
O23 - Service: ColdFusion Graphing Server - Unknown owner - C:\CFusion\JRun\bin\JRun.exe
O23 - Service: ColdFusion Management Repository Server (ColdFusion Management Repository) - Unknown owner - C:\CFusion\jrun\bin\jrun.exe" -jrundir "C:\CFusion\jrun" -nt "ColdFusion Management Repository" "cfam (file missing)
O23 - Service: ColdFusion Management Service - Unknown owner - C:\CFusion\cfam\bin\CANamingAdapter.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe




Tomorrow I'll try with reinstalling IE
Bye, thanks a bunch to all

 

I moved your thread over to Removing Spyware and Viruses, and you have them.
First unzip HijackThis into it's own folder, it works better this way, and it did warn you about this.

Just because you deleted Iexplore.Exe (if that is what you mean by IE.Exe) does not mean it is gone. It is half the operating system.
You need to visit these sites.
Housecall, online AV scan
Online Trojan Scan
RAV Online Scan

Open HJT, and click on 'Open misc tools section', then click on "Delete a file on reboot', a File Open window will appear. Copy/Paste the following into it.

C:\WINDOWS\comm.exe

Then click on Open, and you will be prompted to reboot, select No at this time.

Rescan with HJT, and remove these items.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.sfonditalia.biz?1746
O2 - BHO: (no name) - {00000000-0000-4B18-903D-FD0BE5E3E815} - (no file)
O4 - HKLM\..\Run: [Communicator] C:\WINDOWS\comm.exe /i
O4 - HKLM\..\RunServices: [Microsoft Update] winsys.exe
O15 - Trusted Zone: www.sfonditalia.biz
O18 - Filter: text/html - {D7806F98-C55E-4555-8ACF-A62EB03AB008} - (no file)

Reboot into Safe Mode.
Delete all files and folders located in these folders.
C:\Windows\Prefetch
C:\Windows\Temp
C:\Documents and Settings\username\Local Settings\Temp

Find this file and delete it.
winsys.exe

Do you know what this is?
C:\Program Files\Atnldc\Mjrw.exe
I only found one reference to a file with that name, over in a Wilders Security forum.

 

I tried to reinstall IE but unsuccessfully.
I inserted the Win XP cd, but Installation from Control Panel then Installation Application, it took just 6 second to "install" dont' know what...anything!

So I followed instruction to remove bad files with Hijack this....
Now I have them in the trashcan because I'm afraid could have erased something will be needed in future (WINDOWS/TEMP etc..Is it possible?)
Circa the winsys.exe I havent found it! It is maybe because I sucessfully deleted with Hijack This??

I can't use scans of the sites you markp62 recommended me. I still have no IE, and they don't work with other browsers

Sorry I don't know english traslation of specific windows function , hope you will understand!

 

How to install Internet Explorer
Go To Control Panel, select Add\Remove Programs
Now, in this window, look at the left column, you will see Add/Remove Windows Componets. If you select the correct one you will have a new window pop up called 'Windows Componets Wizard'. Put a check mark next to Internet Explorer, then click on Next and follow the prompts, or do what it tells you to do.
Then look for the Shortcut for Internet Explorer, it may be on the Taskbar in the Quicklinks, it may be on the Desktop, and it may be at Start\All Programs.

How to find Winsys.Exe
In Windows Explorer, go to Tools, select Folder Options. Click on the View tab.
Click on the little circle next to 'Show Hidden Files and Folders'.
Then uncheck the box for 'Hide protected operating system files'. Right after you do this you will get a warning about this, click on Yes you want to do this. Then click on Apply, then Ok to close the Folder Options windows.
Now search for Winsys.Exe.

 

I already did that way to install Explorer but didnt work, no shortcut and no expolrer installed

 

If you were to go to Start\Run and type in "C:\Program Files\Internet Explorer\Iexplore.Exe" and press Enter, does anything happen?

 

no..

.exe it's nowhere...

Thank you to everyone has tried to solve my pc sickness, but I'm going to clear out hard disk and reinstall everything from the start. Too much troubles and I miss functions such as HTML webmail editor of IE and a few other!

Next time I will call you before the situation get so worse. With this Message Board I'm sure I will not have so many problems with my computer anymore (I do formatting twice every year because of messing up...)

Bye, See you !


-Elena-