Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

winlogon.exe


  • Please log in to reply

#1
rob.jackson

rob.jackson

    New Member

  • Member
  • Pip
  • 3 posts
Shortly after startup winlogon.exe gives this error

szAppName : winlogon.exe szAppVer : 0.0.0.0 szModName : wspdxm.dll
szModVer : 0.0.0.0 offset : 00013cd8


The appcompat.txt gives this

<?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="wspdxm.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
<MATCHING_FILE NAME="wspdxm.dll" SIZE="417792" />
</EXE>
<EXE NAME="kernel32.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
<MATCHING_FILE NAME="kernel32.dll" SIZE="983552" CHECKSUM="0x4CE79457" BIN_FILE_VERSION="5.1.2600.2180" BIN_PRODUCT_VERSION="5.1.2600.2180" PRODUCT_VERSION="5.1.2600.2180" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xFF848" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2180" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2180" LINK_DATE="08/04/2004 07:56:36" UPTO_LINK_DATE="08/04/2004 07:56:36" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
</DATABASE>


Anyone have a clue about the cause of this?
  • 0

Advertisements


#2
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
Download Dllcompare here: http://www.downloads.../DllCompare.exe and put it on your desktop. Open Dllcompare. It is preset to scan the System32 directory, so nothing other than you clicking the [Run locate.com] button is required.

When the scan is complete, you will see in blue Completed the scan, Click Compare to Continue at which time you will click the [Compare] button.

It will sort through the files it found and determine which should be flagged as "No access" and display them in the lower box.

In a few minutes it will complete *in blue Completed

Click the button [Make a Log of what was Found]

Post that log.

Regards,
  • 0

#3
rob.jackson

rob.jackson

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
here is the dll log:

* DLLCompare Log version()
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

C:\WINDOWS\SYSTEM32\bfackbox.dll Thu Jul 14 2005 3:45:18p ..S.R 417,792 408.00 K
C:\WINDOWS\SYSTEM32\ckfgnt.dll Thu Jul 14 2005 3:45:26p ..S.R 417,792 408.00 K
C:\WINDOWS\SYSTEM32\mniwave.dll Fri Jul 15 2005 8:03:50a ..S.R 417,792 408.00 K
C:\WINDOWS\SYSTEM32\mwapsspc.dll Fri Jul 15 2005 1:03:16a ..S.R 417,792 408.00 K
C:\WINDOWS\SYSTEM32\pbmas.dll Thu Jul 14 2005 12:13:36p ..S.R 417,792 408.00 K
C:\WINDOWS\SYSTEM32\pnqsp.dll Thu Jul 14 2005 11:50:20p ..S.R 417,792 408.00 K
C:\WINDOWS\SYSTEM32\smbrccsp.dll Thu Jul 14 2005 1:16:22p ..S.R 417,792 408.00 K
C:\WINDOWS\SYSTEM32\srbrccsp.dll Thu Jul 14 2005 1:16:16p ..S.R 417,792 408.00 K
C:\WINDOWS\SYSTEM32\ualmon.dll Tue Jul 12 2005 1:28:42a ..S.R 417,792 408.00 K
C:\WINDOWS\SYSTEM32\uspnpmgr.dll Wed Jul 13 2005 6:25:24p ..S.R 417,792 408.00 K
C:\WINDOWS\SYSTEM32\vboy.dll Thu Jul 14 2005 2:16:20p ..S.R 417,792 408.00 K
C:\WINDOWS\SYSTEM32\vmr.dll Thu Jul 14 2005 5:10:24p ..S.R 417,792 408.00 K
C:\WINDOWS\SYSTEM32\vrpodbc.dll Thu Jul 14 2005 2:16:14p ..S.R 417,792 408.00 K
C:\WINDOWS\SYSTEM32\vsame.dll Thu Jul 14 2005 5:10:18p ..S.R 417,792 408.00 K
C:\WINDOWS\SYSTEM32\wb2_32.dll Thu Jul 14 2005 9:11:30p ..S.R 417,792 408.00 K
C:\WINDOWS\SYSTEM32\wspdxm.dll Thu Jul 14 2005 10:32:20p ..S.R 417,792 408.00 K
C:\WINDOWS\SYSTEM32\wwvdmoe2.dll Thu Jul 14 2005 9:11:18p ..S.R 417,792 408.00 K
________________________________________________

1,302 items found: 1,302 files (17 H/S), 0 directories.
Total of file sizes: 270,051,294 bytes 257.54 M

Administrator Account = True

--------------------End log---------------------
  • 0

#4
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
*Click Here to download Killbox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Standard File Kill option option.

One by one paste these paths to files in the box for Full Path of File to Delete:

C:\WINDOWS\SYSTEM32\bfackbox.dll
C:\WINDOWS\SYSTEM32\ckfgnt.dll
C:\WINDOWS\SYSTEM32\mniwave.dll
C:\WINDOWS\SYSTEM32\mwapsspc.dll
C:\WINDOWS\SYSTEM32\pbmas.dll
C:\WINDOWS\SYSTEM32\pnqsp.dll
C:\WINDOWS\SYSTEM32\smbrccsp.dll
C:\WINDOWS\SYSTEM32\srbrccsp.dll
C:\WINDOWS\SYSTEM32\ualmon.dll
C:\WINDOWS\SYSTEM32\uspnpmgr.dll
C:\WINDOWS\SYSTEM32\vboy.dll
C:\WINDOWS\SYSTEM32\vmr.dll
C:\WINDOWS\SYSTEM32\vrpodbc.dll
C:\WINDOWS\SYSTEM32\vsame.dll
C:\WINDOWS\SYSTEM32\wb2_32.dll
C:\WINDOWS\SYSTEM32\wspdxm.dll
C:\WINDOWS\SYSTEM32\wwvdmoe2.dll


After every file click the red-and-white "Delete File" button. Click "Yes" at the prompt.

Let me know if any of these files can not be deleted this way.

Regards,
  • 0

#5
rob.jackson

rob.jackson

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thanks but I fixed the problem with l2mfix.bat. Although I'm not exactly sure, I believe the Look2me Spyware was installed by the uninstallation program used for "A Better Internet". But I cant say for sure.

Rob
  • 0

#6
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
Hi Rob,

It's your computer, so your decision, but the files I listed are present and hidden from you on your computer. You do the math. :tazz:

Regards,
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP