wlnotify.dll Hangs on Start Up - help please!

Discussion in 'Malware Help (A Specialist Will Reply)' started by reprobation, Jun 12, 2006.

  1. reprobation

    reprobation Private E-2

    Hi, this is my first post - but i've been reading on major geeks for a loooong time.

    I've recently run into a problem with wlnotify.dll initiating upon start up - when it does, the whole system hangs for about 3 minutes. This is extremely annoying! I can't figure out what it is - I've run everything from Norton, to HJT, to Spybot, Adaware, AWC, i just can't figure it out.

    So please guys.. Help Me!!!!
    Thanks! - Chris
     
    reprobation, Jun 12, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
      • Bitdefender
      • Panda Scan
      • HijackThis
    .
     
    chaslang, Jun 12, 2006
    #2
  3. reprobation

    reprobation Private E-2

    StartupList report, 6/12/2006, 2:51:15 AM
    StartupList version: 1.52.2
    Started from : C:\Documents and Settings\Reprobation\Desktop\HijackThis.EXE
    Detected: Windows XP (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 (6.00.2600.0000)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\WINDOWS\System32\perfcl.exe
    G:\QuickTime\qttask.exe
    C:\WINDOWS\System32\perfcl.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\System32\svchost.exe
    E:\Steam\Steam.exe
    C:\Program Files\Xfire\Xfire.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Reprobation\Desktop\HijackThis.exe

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\SYSTEM32\Userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    IntelliPoint = "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    SmcService = C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    PerformCl = C:\WINDOWS\System32\perfcl.exe
    QuickTime Task = "G:\QuickTime\qttask.exe" -atboottime

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    [AutorunsDisabled]
    QuickTime Task = "G:\QuickTime\qttask.exe" -atboottime
    seeve = C:\WINDOWS\seeve.exe
    PerformCl = C:\WINDOWS\System32\perfcl.exe

    [OptionalComponents]
    *No values found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    [AutorunsDisabled]
    WareOut = "C:\Program Files\WareOut\WareOut.exe"

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=*Registry value not found*
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry value not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------


    Enumerating Task Scheduler jobs:

    Symantec NetDetect.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [{41564D57-9980-0010-8000-00AA00389B71}]
    CODEBASE = http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab

    --------------------------------------------------

    Enumerating Windows NT logon/logoff scripts:
    *No scripts set to run*

    Windows NT checkdisk command:
    BootExecute = autocheck autochk *

    Windows NT 'Wininit.ini':
    PendingFileRenameOperations: C:\DOCUME~1\REPROB~1\LOCALS~1\TEMPOR~1\Content.IE5\index.dat||C:\DOCUME~1\REPROB~1\Cookies\index.dat||C:\DOCUME~1\REPROB~1\LOCALS~1\History\History.IE5\index.dat||C:\DOCUME~1\REPROB~1\LOCALS~1\History\History.IE5\MSHIST~1\index.dat|||\

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    SysTray: C:\WINDOWS\System32\stobject.dll
    UPnPMonitor: C:\WINDOWS\System32\upnpui.dll
    WebCheck: C:\WINDOWS\System32\webcheck.dll

    --------------------------------------------------
    End of report, 4,780 bytes
    Report generated in 0.030 seconds
     

    Attached Files:

    reprobation, Jun 12, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please follow ALL of the directions given in message number 2.

    No place in those directions did it ask for a startup list. Also please do not attach any logs of any kind inline. They must be attachments. And why did you put it inline and also as an attachment.
     
    chaslang, Jun 12, 2006
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds