Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

can't delete win.dll [RESOLVED]


  • This topic is locked This topic is locked

#16
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
Geez. Sorry you had to go through all that. :tazz:

Can you download and install:
http://www.diamondcs...ex.php?page=apm

Reboot into safe mode and check every running process to see if win.dll is loaded in it. You can select th processes one by one in the top window and check in the bottom window if win.dll is in the list.

Let me know which processes have win.dll loaded.

Regards,

Pieter
  • 0

Advertisements


#17
rmprudente

rmprudente

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
This is getting more and more frustrating by the minute. For whatever reason my internet conection has slowed down some. Anyway, I ran the Advanced Process manager in safe mode and normal and none of the processes showed that they were using win.dll. ????huh??? But, the progran didn't show 3 processes. system, system idle process and something called OPXPApp.exe. Don't know what that is so I did a search. the first file was OPXPAPP.exe-00F09EDB.pe in C:\windows\prefetch and the other file was OPXApp.exe in C:\Program Files\Softex\Omnipass. I'm gonna do an online search here in a bit to see if I can figure out what the program is and what it's for.
  • 0

#18
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
Omnipass: http://www.liutiliti...brary/Omniserv/

Can you send me a (preferably zipped) copy of win.dll ?

pieterATwilderssecurity.org (replace AT with @)

Regards,

Pieter
  • 0

#19
rmprudente

rmprudente

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Did the zipped copy email to you ok? Once I managed to zip it I sent it without looking to see if I remembered to change what I wrote. Initally I had trouble with it.
  • 0

#20
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
Not sure. What I received was a corrupt fragment (22 bytes in size)

Try sending the original, maybe that'll work better.

Regards,

Pieter
  • 0

#21
rmprudente

rmprudente

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
I still can't send the origional, I get an error popup that says "some files could not be found, and could not be attached to the message" And the Norton popup comes up like it does every time I try to do anything with that file.
  • 0

#22
rmprudente

rmprudente

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Ok, 22bytes was the correct size of the zip file, and apparently I don't even have to click on win.dll for the Norton popup to show up. Just moving the mouse pointer over it is all it takes. Also, my Dad told me about a good resourse site called www.systeminternals.com and from there I dl'd a program called rootkitrevealer and even that didn't come up with anything but my norton protected recycle bin files. No viruses.
  • 0

#23
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
Download:
http://www.sysintern.../autoruns.shtml

Unzip it to your C:\Documents and Settings\(current username) folder

Then start the command prompt and behind the
C:\Documents and Settings\(current username) prompt type Autoruns\autoruns.exe

In the program that opens click "view" menu, uncheck all entries.
Then, select (check) the "Show Appinit DLLs", the "Show Explorer Addons"
and "Hide Signed Microsoft entries".
Click the refresh button and go
to "File" menu, 'Save as' and remember where you save the created text file. Paste the content of the saved file into your next post.

Regards,

Pieter
  • 0

#24
rmprudente

rmprudente

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ AlcxMonitor Realtek Audio - Event Monitor Realtek Semiconductor Corp. c:\windows\alcxmntr.exe

+ CamMonitor HpqCmon MFC Application c:\program files\hewlett-packard\digital imaging\unload\hpqcmon.exe

+ ccApp Common Client CC App Symantec Corporation c:\program files\common files\symantec shared\ccapp.exe

+ ccRegVfy Common Client Registry Integrity Verifier Symantec Corporation c:\program files\common files\symantec shared\ccregvfy.exe

+ HotKeysCmds hkcmd Module Intel Corporation c:\windows\system32\hkcmd.exe

+ HPDJ Taskbar Utility HP c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe

+ hpsysdrv hpsysdrv Hewlett-Packard Company c:\windows\system\hpsysdrv.exe

+ IgfxTray igfxTray Module Intel Corporation c:\windows\system32\igfxtray.exe

+ Logitech Utility Logitech Launcher Application Logitech Inc. c:\windows\logi_mwx.exe

+ NAV Agent Norton AntiVirus Agent Symantec Corporation c:\program files\norton systemworks\norton antivirus\navapw32.exe

+ PS2 PS2 EXE Hewlett-Packard Company c:\windows\system32\ps2.exe

+ Recguard Recguard MFC Application c:\windows\sminst\recguard.exe

+ Reminder Application Remind_XP SoftThinks c:\windows\creator\remind_xp.exe

+ SSC_UserPrompt Norton Security Center Helper Symantec Corporation c:\program files\common files\symantec shared\security center\usrprmpt.exe

+ StorageGuard Sonic Update Manager Sonic Solutions c:\program files\common files\sonic\update manager\sgtray.exe

+ Symantec NetDriver Monitor Symantec Security Drivers Install Monitor Symantec Corporation c:\program files\symnetdrv\sndmon.exe

+ TkBellExe RealNetworks Scheduler RealNetworks, Inc. c:\program files\common files\real\update_ob\realsched.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ AcroIEHlprObj Class AcroIEHelper Module c:\program files\adobe\acrobat 5.0\reader\activex\acroiehelper.ocx

+ CNavExtBho Class Norton AntiVirusNAVShellExt Module Symantec Corporation c:\program files\norton systemworks\norton antivirus\navshext.dll

+ Yahoo! Companion BHO Yahoo! Toolbar 5.5 for Internet Explorer Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn\ycomp5_5_7_0.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ SpySubtract Shell Extension SpySubtract Shell Extension InterMute, Inc. c:\old puter stuff\system tools\spysubtract\sshook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Desktop Explorer NVIDIA Desktop Explorer, Version 43.03 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Desktop Explorer Menu NVIDIA Desktop Explorer, Version 43.03 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll

+ OmniPass Shell Extension OPShellE Module Softex Incorporated c:\program files\softex\omnipass\opshelle.dll

+ SampleView ShellvRTF XSS c:\windows\system32\shellvrtf.dll

+ Share-to-Web Upload Folder S2WNSRES Hewlett-Packard c:\program files\hewlett-packard\hp share-to-web\hpgs2wns.dll

+ Shell Extensions for RealOne Player RealOne Player Shell Extensions RealNetworks c:\program files\real\realone player\rpshellext.dll

+ SpySubtract Shell Extension SpySubtract Shell Extension InterMute, Inc. c:\old puter stuff\system tools\spysubtract\sshook.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ hptoolkt.dll hp toolkit toolbar Hewlett-Packard Company c:\hp\explorebar\hptoolkt.dll

+ Norton AntiVirus Norton AntiVirusNAVShellExt Module Symantec Corporation c:\program files\norton systemworks\norton antivirus\navshext.dll

+ ycomp5_5_7_0.dll Yahoo! Toolbar 5.5 for Internet Explorer Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn\ycomp5_5_7_0.dll
  • 0

#25
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
:tazz:

When you check only the "Show Appinit DLLs" and hit refresh does anything show up at all?

Regards,

Pieter
  • 0

Advertisements


#26
rmprudente

rmprudente

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Yep, here's the log with only "show appinit dll's" checked

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

+ C:\WINDOWS\system32\userinit.exe Userinit Logon Application Microsoft Corporation c:\windows\system32\userinit.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

+ Explorer.exe Windows Explorer Microsoft Corporation c:\windows\explorer.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ AlcxMonitor Realtek Audio - Event Monitor Realtek Semiconductor Corp. c:\windows\alcxmntr.exe

+ CamMonitor HpqCmon MFC Application c:\program files\hewlett-packard\digital imaging\unload\hpqcmon.exe

+ ccApp Common Client CC App Symantec Corporation c:\program files\common files\symantec shared\ccapp.exe

+ ccRegVfy Common Client Registry Integrity Verifier Symantec Corporation c:\program files\common files\symantec shared\ccregvfy.exe

+ HotKeysCmds hkcmd Module Intel Corporation c:\windows\system32\hkcmd.exe

+ HPDJ Taskbar Utility HP c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe

+ hpsysdrv hpsysdrv Hewlett-Packard Company c:\windows\system\hpsysdrv.exe

+ IgfxTray igfxTray Module Intel Corporation c:\windows\system32\igfxtray.exe

+ Logitech Utility Logitech Launcher Application Logitech Inc. c:\windows\logi_mwx.exe

+ NAV Agent Norton AntiVirus Agent Symantec Corporation c:\program files\norton systemworks\norton antivirus\navapw32.exe

+ PS2 PS2 EXE Hewlett-Packard Company c:\windows\system32\ps2.exe

+ Recguard Recguard MFC Application c:\windows\sminst\recguard.exe

+ Reminder Application Remind_XP SoftThinks c:\windows\creator\remind_xp.exe

+ SSC_UserPrompt Norton Security Center Helper Symantec Corporation c:\program files\common files\symantec shared\security center\usrprmpt.exe

+ StorageGuard Sonic Update Manager Sonic Solutions c:\program files\common files\sonic\update manager\sgtray.exe

+ Symantec NetDriver Monitor Symantec Security Drivers Install Monitor Symantec Corporation c:\program files\symnetdrv\sndmon.exe

+ TkBellExe RealNetworks Scheduler RealNetworks, Inc. c:\program files\common files\real\update_ob\realsched.exe
  • 0

#27
rmprudente

rmprudente

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Lookie what I found : Remind_XP - Remind_XP.exe - Process Information

Process File: Remind_XP or Remind_XP.exe
Process Name: SoftThinks CD Creator Reminder

Description:
Remind_XP.exe is a process belonging to the SoftThinks CD Creator CD/DVD Writer amd serves as a reminder to register for full product support. This is a non-essential process. Disabling or enabling this is down to user preference Note: Remind_XP.exe is also a process which is registered as a Trojan.Win32.FTP. This Trojan allows attackers to access your computer, stealing passwords and personal data. It is a registered security risk and should be removed immediately. Please see additional details regarding this process.
  • 0

#28
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
Have you tried Killbox with the End Explorer option?
Make sure NAV resident is off when you try.

Regards,

Pieter
  • 0

#29
cgarcia1

cgarcia1

    New Member

  • Member
  • Pip
  • 1 posts
Hi there! I actually just went through something similar for the last 5 hours! grrrr!
BUT I finally found the solution...

With Norton (NAV) running the autoprotect, go into the options menu>NAV options
Click on "autoprotect" in left column
Click on "advanced" tab
Check the "load autoprotect at system boot" check box

Make sure your autoprotect settings are set to "try to repair then quarantine if unsuccessful"

Click ok

reboot

Once your started up, go back into NAV and click the reports tab>
view quarantined items

Here you'll see the file__.dll (mine was wav.dll)
Now you can delete it! finally!!!

be sure to use hijackthis to remove the processes from startup. (it will indicate that the file was not found).

remove those and you're done!

GOOD LUCK!!!! :tazz:
  • 0

#30
rmprudente

rmprudente

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
With Norton (NAV) running the autoprotect, go into the options menu>NAV options
Click on "autoprotect" in left column
Click on "advanced" tab
Check the "load autoprotect at system boot" check box

Make sure your autoprotect settings are set to "try to repair then quarantine if unsuccessful"



Tried it, didn't work. Thanks though. :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP