Winpup32

[Zukeeper]

Hi ya'll,

I have an odd problem on my computer, I'm hoping that someone can help.
When launching some apps, there can be up to a 30 second delay before the
app comes up. Additionally, Windows Explorer has a delay (sometimes) when
deleting files, but not if I just drag the files to the Recycle folder.

AdAware and Spybot Search-and-Destroy find nothing out of the ordinary, but
Xoftspy reports MainPean Dialer and 2 instances of Winpup32 in the registry.
However, after googling and finding specific instructions for the manual
removal of those items, I find no trace of them.

Any ideas?

Thanks.

 

[Joel Shannon]

Run hijack this and post the log here by clicking save log.

http://www.spywareinfo.com/~merijn/downloads.html

Chances are there is some process taking up all your cpu if you look in the
task manager?

--
*********** www.ShannonAndShannon.com ***********
- Your Friendly Computer and Internet Solutionists
- Web Design, Search Engine Optimization & Hosting -
- Ask about our Remote Support and Virus Removal -
****** USA TOLL FREE 1.877.213.9731 ******

 

[Joel Shannon]

Oh yes and it never hurts to run an online scan:

http://www.pandasoftware.com/activescan


--
*********** www.ShannonAndShannon.com ***********
- Your Friendly Computer and Internet Solutionists
- Web Design, Search Engine Optimization & Hosting -
- Ask about our Remote Support and Virus Removal -
****** USA TOLL FREE 1.877.213.9731 ******

 

[Zukeeper]

Oh yes and it never hurts to run an online scan:

http://www.pandasoftware.com/activescan


--
*********** www.ShannonAndShannon.com ***********
- Your Friendly Computer and Internet Solutionists
- Web Design, Search Engine Optimization & Hosting -
- Ask about our Remote Support and Virus Removal -
****** USA TOLL FREE 1.877.213.9731 ******

Nothing unusual in the tasklist. Here's the log from Hijack This:

Logfile of HijackThis v1.97.7
Scan saved at 9:29:31 PM, on 5/10/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\NVSVC.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\DLA\TFSWCTRL.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\TEMP\LOOK\HIJACKTHIS.EXE

O2 - BHO: Guard-IE - {D2F719F3-106A-402B-9996-3A5B12ACA564} - C:\PROGRAM
FILES\FAILSAFE\GUARDIE\PNIE.DLL
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} -
C:\WINDOWS\system\dla\tfswshx.dll
O3 - Toolbar: Guard-IE - {37C8204D-97C3-4127-BB28-1BFF3FA2F7DA} - C:\PROGRAM
FILES\FAILSAFE\GUARDIE\PNIE.DLL
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} -
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSCSHELLEXTENSION.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update
Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system\dla\tfswctrl.exe
O4 - HKLM\..\Run: [EPoXTray] RunDll32.exe
EPOXTRAY.CPL,EPoXTrayInstallOnTaskBar
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program
Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
O9 - Extra button: @C:\PROGRAM FILES\FAILSAFE\GUARDIE\PNIE.DLL,-100 (HKLM)
O9 - Extra 'Tools' menuitem: @C:\PROGRAM
FILES\FAILSAFE\GUARDIE\PNIE.DLL,-100 (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37944.935150463
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

I'm going to check on 'mmtask.tsk' right now, I don't see anything else that
is suspicious. Thanks for the help.

 

[AkHibby]

Oh yes and it never hurts to run an online scan:

http://www.pandasoftware.com/activescan


--
*********** www.ShannonAndShannon.com ***********
- Your Friendly Computer and Internet Solutionists
- Web Design, Search Engine Optimization & Hosting -
- Ask about our Remote Support and Virus Removal -
****** USA TOLL FREE 1.877.213.9731 ******
ordinary,
but

Nothing unusual in the tasklist. Here's the log from Hijack This:

Logfile of HijackThis v1.97.7
Scan saved at 9:29:31 PM, on 5/10/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\NVSVC.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\DLA\TFSWCTRL.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\TEMP\LOOK\HIJACKTHIS.EXE

O2 - BHO: Guard-IE - {D2F719F3-106A-402B-9996-3A5B12ACA564} - C:\PROGRAM
FILES\FAILSAFE\GUARDIE\PNIE.DLL
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} -
C:\WINDOWS\system\dla\tfswshx.dll
O3 - Toolbar: Guard-IE - {37C8204D-97C3-4127-BB28-1BFF3FA2F7DA} - C:\PROGRAM
FILES\FAILSAFE\GUARDIE\PNIE.DLL
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} -
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSCSHELLEXTENSION.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update
Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system\dla\tfswctrl.exe
O4 - HKLM\..\Run: [EPoXTray] RunDll32.exe
EPOXTRAY.CPL,EPoXTrayInstallOnTaskBar
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program
Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
O9 - Extra button: @C:\PROGRAM FILES\FAILSAFE\GUARDIE\PNIE.DLL,-100 (HKLM)
O9 - Extra 'Tools' menuitem: @C:\PROGRAM
FILES\FAILSAFE\GUARDIE\PNIE.DLL,-100 (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37944.935150463
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

I'm going to check on 'mmtask.tsk' right now, I don't see anything else that
is suspicious. Thanks for the help.

Goto www.webimmune.net and upload the referenced file in these keys, unless
of course you know exactly what it is? Seems randomish to me.

O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} -
C:\WINDOWS\system\dla\tfswshx.dll

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system\dla\tfswctrl.exe

Did you try the coolwebsearch removal tool? Download here
http://www.soft32.com/download_19014.html, the version they have is current.
Normally I'd point to Merjins site but he's been DOSSed for a while now.

Ian

 

[Zukeeper]

Goto www.webimmune.net and upload the referenced file in these keys, unless
of course you know exactly what it is? Seems randomish to me.

O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} -
C:\WINDOWS\system\dla\tfswshx.dll

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system\dla\tfswctrl.exe

Did you try the coolwebsearch removal tool? Download here
http://www.soft32.com/download_19014.html, the version they have is current.
Normally I'd point to Merjins site but he's been DOSSed for a while now.

Ian

Indeed they do seem random but DLA is an app for using a cd-rw or dvd-rw
like a big floppy or a hard disk.
Thanks for the reply. Computer seems ok for the moment but the hunt goes
on.