Winpup32

  • Thread starter Thread starter Zukeeper
  • Start date Start date
Z

Zukeeper

Hi ya'll,

I have an odd problem on my computer, I'm hoping that someone can help.
When launching some apps, there can be up to a 30 second delay before the
app comes up. Additionally, Windows Explorer has a delay (sometimes) when
deleting files, but not if I just drag the files to the Recycle folder.

AdAware and Spybot Search-and-Destroy find nothing out of the ordinary, but
Xoftspy reports MainPean Dialer and 2 instances of Winpup32 in the registry.
However, after googling and finding specific instructions for the manual
removal of those items, I find no trace of them.

Any ideas?

Thanks.
 
Joel Shannon said:
Oh yes and it never hurts to run an online scan:

http://www.pandasoftware.com/activescan


--
*********** www.ShannonAndShannon.com ***********
- Your Friendly Computer and Internet Solutionists
- Web Design, Search Engine Optimization & Hosting -
- Ask about our Remote Support and Virus Removal -
****** USA TOLL FREE 1.877.213.9731 ******
Click to expand...
Nothing unusual in the tasklist. Here's the log from Hijack This:

Logfile of HijackThis v1.97.7
Scan saved at 9:29:31 PM, on 5/10/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\NVSVC.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\DLA\TFSWCTRL.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\TEMP\LOOK\HIJACKTHIS.EXE

O2 - BHO: Guard-IE - {D2F719F3-106A-402B-9996-3A5B12ACA564} - C:\PROGRAM
FILES\FAILSAFE\GUARDIE\PNIE.DLL
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} -
C:\WINDOWS\system\dla\tfswshx.dll
O3 - Toolbar: Guard-IE - {37C8204D-97C3-4127-BB28-1BFF3FA2F7DA} - C:\PROGRAM
FILES\FAILSAFE\GUARDIE\PNIE.DLL
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} -
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSCSHELLEXTENSION.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update
Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system\dla\tfswctrl.exe
O4 - HKLM\..\Run: [EPoXTray] RunDll32.exe
EPOXTRAY.CPL,EPoXTrayInstallOnTaskBar
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program
Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
O9 - Extra button: @C:\PROGRAM FILES\FAILSAFE\GUARDIE\PNIE.DLL,-100 (HKLM)
O9 - Extra 'Tools' menuitem: @C:\PROGRAM
FILES\FAILSAFE\GUARDIE\PNIE.DLL,-100 (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37944.935150463
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

I'm going to check on 'mmtask.tsk' right now, I don't see anything else that
is suspicious. Thanks for the help.
 
Zukeeper said:
Joel Shannon said:
Oh yes and it never hurts to run an online scan:

http://www.pandasoftware.com/activescan


--
*********** www.ShannonAndShannon.com ***********
- Your Friendly Computer and Internet Solutionists
- Web Design, Search Engine Optimization & Hosting -
- Ask about our Remote Support and Virus Removal -
****** USA TOLL FREE 1.877.213.9731 ******
ordinary,
but
Click to expand...
Nothing unusual in the tasklist. Here's the log from Hijack This:

Logfile of HijackThis v1.97.7
Scan saved at 9:29:31 PM, on 5/10/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\NVSVC.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\DLA\TFSWCTRL.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\TEMP\LOOK\HIJACKTHIS.EXE

O2 - BHO: Guard-IE - {D2F719F3-106A-402B-9996-3A5B12ACA564} - C:\PROGRAM
FILES\FAILSAFE\GUARDIE\PNIE.DLL
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} -
C:\WINDOWS\system\dla\tfswshx.dll
O3 - Toolbar: Guard-IE - {37C8204D-97C3-4127-BB28-1BFF3FA2F7DA} - C:\PROGRAM
FILES\FAILSAFE\GUARDIE\PNIE.DLL
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} -
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSCSHELLEXTENSION.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update
Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system\dla\tfswctrl.exe
O4 - HKLM\..\Run: [EPoXTray] RunDll32.exe
EPOXTRAY.CPL,EPoXTrayInstallOnTaskBar
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program
Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
O9 - Extra button: @C:\PROGRAM FILES\FAILSAFE\GUARDIE\PNIE.DLL,-100 (HKLM)
O9 - Extra 'Tools' menuitem: @C:\PROGRAM
FILES\FAILSAFE\GUARDIE\PNIE.DLL,-100 (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37944.935150463
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

I'm going to check on 'mmtask.tsk' right now, I don't see anything else that
is suspicious. Thanks for the help.
Click to expand...

Goto www.webimmune.net and upload the referenced file in these keys, unless
of course you know exactly what it is? Seems randomish to me.

O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} -
C:\WINDOWS\system\dla\tfswshx.dll

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system\dla\tfswctrl.exe

Did you try the coolwebsearch removal tool? Download here
http://www.soft32.com/download_19014.html, the version they have is current.
Normally I'd point to Merjins site but he's been DOSSed for a while now.

Ian
 
Goto www.webimmune.net and upload the referenced file in these keys, unless
of course you know exactly what it is? Seems randomish to me.

O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} -
C:\WINDOWS\system\dla\tfswshx.dll

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system\dla\tfswctrl.exe

Did you try the coolwebsearch removal tool? Download here
http://www.soft32.com/download_19014.html, the version they have is current.
Normally I'd point to Merjins site but he's been DOSSed for a while now.

Ian
Click to expand...
Indeed they do seem random but DLA is an app for using a cd-rw or dvd-rw
like a big floppy or a hard disk.
Thanks for the reply. Computer seems ok for the moment but the hunt goes
on.
 
Back
Top