error loading c:\WINDOWS\system32\winsys16_061230.dll

  1. 09-04-2008  #1
    natkonan
    natkonan is offline Newbie

    error loading c:\WINDOWS\system32\winsys16_061230.dll

    Everytime I start my computer I get the above message RUNDLL message in the title. I did the SDFix and this is the report I got back. I know nothing about computers-so please help me in 1-2-3 steps. I really appreciate it.

    Here is the REPORT

    b]SDFix: Version 1.167 [/b]
    Run by Henry on Fri 05/16/2008 at 05:22 PM

    Microsoft Windows XP [Version 5.1.2600]
    Running From: C:\DOCUME~1\Henry\Desktop\SDFix\SDFix

    Checking Services :


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting


    Checking Files :

    No Trojan Files Found






    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-16 17:32:15
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\90403E1900063D11C8EF10054038389C\Usage]
    "MSOfficeDocumentImaging"=dword:38b00d6f
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update]
    "OfflineDetectionPending"=dword:00000001

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
    "C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Progra m Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:Re alPlayer"
    "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*isabled:Kodak Software Updater"
    "C:\\WINDOWS\\system32\\lxczcoms.exe"="C:\\WINDOWS \\system32\\lxczcoms.exe:*:Enabled:Lexmark Communications System"
    "C:\\Program Files\\PPMate\\ppmate.exe"="C:\\Program Files\\PPMate\\ppmate.exe:*:Enabled:PPMate"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\Last.fm\\LastFM.exe"="C:\\Program Files\\Last.fm\\LastFM.exe:*:Enabled:Last.fm"
    "C:\\Program Files\\PPLive\\PPLive.exe"="C:\\Program Files\\PPLive\\PPLive.exe:*:Enabled:PPLive"
    "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCas t Adver"
    "C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
    "C:\\Program Files\\PPMate\\ppmnet.exe"="C:\\Program Files\\PPMate\\ppmnet.exe:*:Enabled:PPMate"
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
    "C:\\Program Files\\SopCast\\sopvod.exe"="C:\\Program Files\\SopCast\\sopvod.exe:*:Enabled:sopvod"
    "C:\\Program Files\\iolo\\System Mechanic Professional 7\\Personal Firewall\\ioloFW.exe"="C:\\Program Files\\iolo\\System Mechanic Professional 7\\Personal Firewall\\ioloFW.exe:*:Enabled:iolo Firewallr"
    "C:\\Program Files\\iolo\\System Mechanic Professional 7\\AntiVirus\\ioloAV.exe"="C:\\Program Files\\iolo\\System Mechanic Professional 7\\AntiVirus\\ioloAV.exe:*:Enabled:iolo AntiVirusr"
    "C:\\Program Files\\iolo\\System Mechanic Professional 7\\AntiVirus\\iAVEmailScanner.exe"="C:\\Program Files\\iolo\\System Mechanic Professional 7\\AntiVirus\\iAVEmailScanner.exe:*:Enabled:iolo AntiVirusr Email Protection"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    Remaining Files :


    File Backups: - C:\DOCUME~1\Henry\Desktop\SDFix\SDFix\backups\back ups.zip

    Files with Hidden Attributes :

    Sat 16 Feb 2008 167,936 ..SHR --- "C:\WINDOWS\system32\AlxRes061230.exe"
    Sat 16 Feb 2008 79,872 ..SHR --- "C:\WINDOWS\system32\winsys32_061230.dll"
    Wed 13 Feb 2008 63,488 ..SH. --- "C:\WINDOWS\system32\xydzyh.exe"

    Finished!

  3. 10-04-2008  #2
    VopThis
    VopThis is offline Senior Member (Canada)
    Save 20% on AVG Internet Security 2012 Suite!
    Download ComboFix from one of the following links below:

    Here or Here to your Desktop.


    **Note: If you already have Combofix, delete previous copy(s) and download the latest version. It is important that it is saved directly to your desktop**

    Combofix will disconnect your machine from the Internet and restore connections before it completes its run. If Combofix terminates prematurely and breaks the Internet connections, they can be restored manually by rebooting the machine. Note: If you have an "always on" connection (DSL/cable), unplug the cable from the modem before running Combofix. Do not reconnect before Combofix has finished its scan.
    • Very Important! Temporarily disable your:
      • anti-virus,
      • script blocking and
      • any anti-malware real-time protection
      before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HijackThis log in your next reply

    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    ComboFix SHOULD NOT be used unless requested by a forum helper.
+ Reply to Thread
« seriously need help | Another computer needs cleaning - vundo, etc.(RESOLVED) »