can't find dsppldfl.dll

Hi,
Every time I start my computer I get a popup saying
Can't find the module dsppldfl.dll....

I click on it and it disappears. Haven't seen any problems ebcause
of this, except that my AVG virus program asks the computer to be restarted
after each virus update....looking into that now.

I made a search couldn't fine anything on this dll file..

Anyone that can help?

Best
---Hank

 

Thanks for really quick reply. I got Hijacthis and I
enclose a log file to start with.
I understand I shall paste it in, no attached file...
See below
---Hank

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:08, on 2008-05-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Intel\Wireless\Bin\EvtEng.exe
C:\Program\Intel\Wireless\Bin\S24EvMon.exe
C:\Program\Intel\Wireless\Bin\WLKeeper.exe
C:\Program\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Intel\Wireless\Bin\1XConfig.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\AVG\AVG8\avgwdsvc.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program\Java\jre1.6.0_05\bin\jusched.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\Intel\Wireless\Bin\RegSrvc.exe
C:\Program\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program\Dell\QuickSet\quickset.exe
C:\Program\Apoint\Apoint.exe
C:\Program\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
C:\Program\Dell\Media Experience\DMXLauncher.exe
C:\Program\Keybreeze\Keybreeze.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\AVG\AVG8\avgtray.exe
C:\Program\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\AVG\AVG8\avgrsx.exe
C:\Program\Evernote\Evernote3\UniClipper.exe
C:\Program\HACE\Mmm\Mmm.exe
C:\Program\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program\Picasa2\PicasaMediaDetector.exe
C:\Program\AVG\AVG8\avgemc.exe
C:\Program\Digital Line Detect\DLG.exe
C:\Program\SqueezeCenter\SqueezeTray.exe
C:\Program\4t Tray Minimizer\4t-min.exe
C:\Program\Evernote\Evernote3\Evernote.exe
C:\Program\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11635C4A-ECC7-4ED7-A172-FA5D54D3E3EE} - C:\WINDOWS\system32\wvUNfGvS.dll (file missing)
O2 - BHO: (no name) - {18D03B01-0DF1-4173-89AF-D38FDBC22D33} - C:\WINDOWS\system32\mlJyYopP.dll (file missing)
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll
O2 - BHO: (no name) - {E0F99C27-215A-4CB9-8695-0BD6882A9856} - C:\WINDOWS\system32\byXQGvuR.dll (file missing)
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program\PandoBar\bar\1.bin\PANDOBAR.DLL
O2 - BHO: (no name) - {F8FCDA8E-E6C7-498E-B743-64A8E477E347} - C:\WINDOWS\system32\yayATlmJ.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program\PandoBar\bar\1.bin\PANDOBAR.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [UpdateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Keybreeze] C:\Program\Keybreeze\Keybreeze.exe /a
O4 - HKLM\..\Run: [BM03ce6bca] Rundll32.exe "C:\WINDOWS\system32\dsppldfl.dll ",s
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [UniClipper] "C:\Program\Evernote\Evernote3\UniClipper.exe "
O4 - HKCU\..\Run: [Mmm] "C:\Program\HACE\Mmm\Mmm.exe "
O4 - HKCU\..\Run: [Pando] "C:\Program\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [RoboForm] "C:\Program\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe "
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: 4t Tray Minimizer.lnk = C:\Program\4t Tray Minimizer\4t-min.exe
O4 - Startup: Evernote.lnk = C:\Program\Evernote\Evernote3\Evernote.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: SqueezeCenter Tray Tool.lnk = C:\Program\SqueezeCenter\SqueezeTray.exe
O8 - Extra context menu item: Add to Evernote - res://C:\Program\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: Add to Evernote - res://C:\Program\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: Anpassa meny - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fyll i formulär - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RF verktygsfält - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Spara formulär - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Fyll i formulär - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fyll i formulär - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Spara - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Spara formulär - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF verktygsfält - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program\Evernote\Evernote3\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program\Evernote\Evernote3\enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1207243786083
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: wvUNfGvS - wvUNfGvS.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SqueezeMySQL - Unknown owner - C:\Program\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11527 bytes

 

Hi HankD
Welcome.

Please do this.

Download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

Double click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select 'Perform Quick Scan', then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Post the entire report in your next reply along with a fresh HijackThis log.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Thanks
Geri

 

Thanks a lot!!
I've done that now, below the two logs.
Best
---Hank

Malwarebytes' Anti-Malware 1.12
Database version: 786

Scan type: Quick Scan
Objects scanned: 34767
Time elapsed: 13 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM03ce6bca (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:51:38, on 2008-05-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Intel\Wireless\Bin\EvtEng.exe
C:\Program\Intel\Wireless\Bin\S24EvMon.exe
C:\Program\Intel\Wireless\Bin\WLKeeper.exe
C:\Program\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Intel\Wireless\Bin\1XConfig.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\AVG\AVG8\avgwdsvc.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program\Java\jre1.6.0_05\bin\jusched.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\Intel\Wireless\Bin\RegSrvc.exe
C:\Program\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program\Dell\QuickSet\quickset.exe
C:\Program\Apoint\Apoint.exe
C:\Program\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
C:\Program\Dell\Media Experience\DMXLauncher.exe
C:\Program\Keybreeze\Keybreeze.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\AVG\AVG8\avgtray.exe
C:\Program\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\AVG\AVG8\avgrsx.exe
C:\Program\Evernote\Evernote3\UniClipper.exe
C:\Program\HACE\Mmm\Mmm.exe
C:\Program\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program\Picasa2\PicasaMediaDetector.exe
C:\Program\AVG\AVG8\avgemc.exe
C:\Program\Digital Line Detect\DLG.exe
C:\Program\SqueezeCenter\SqueezeTray.exe
C:\Program\4t Tray Minimizer\4t-min.exe
C:\Program\Evernote\Evernote3\Evernote.exe
C:\Program\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\SQUEEZ~1\server\SQUEEZ~1.EXE
C:\Program\uTorrent\uTorrent.exe
C:\WINDOWS\explorer.exe
C:\Program\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11635C4A-ECC7-4ED7-A172-FA5D54D3E3EE} - C:\WINDOWS\system32\wvUNfGvS.dll (file missing)
O2 - BHO: (no name) - {18D03B01-0DF1-4173-89AF-D38FDBC22D33} - C:\WINDOWS\system32\mlJyYopP.dll (file missing)
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll
O2 - BHO: (no name) - {E0F99C27-215A-4CB9-8695-0BD6882A9856} - C:\WINDOWS\system32\byXQGvuR.dll (file missing)
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program\PandoBar\bar\1.bin\PANDOBAR.DLL
O2 - BHO: (no name) - {F8FCDA8E-E6C7-498E-B743-64A8E477E347} - C:\WINDOWS\system32\yayATlmJ.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program\PandoBar\bar\1.bin\PANDOBAR.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [UpdateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Keybreeze] C:\Program\Keybreeze\Keybreeze.exe /a
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [UniClipper] "C:\Program\Evernote\Evernote3\UniClipper.exe "
O4 - HKCU\..\Run: [Mmm] "C:\Program\HACE\Mmm\Mmm.exe "
O4 - HKCU\..\Run: [Pando] "C:\Program\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [RoboForm] "C:\Program\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe "
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: 4t Tray Minimizer.lnk = C:\Program\4t Tray Minimizer\4t-min.exe
O4 - Startup: Evernote.lnk = C:\Program\Evernote\Evernote3\Evernote.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: SqueezeCenter Tray Tool.lnk = C:\Program\SqueezeCenter\SqueezeTray.exe
O8 - Extra context menu item: Add to Evernote - res://C:\Program\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: Add to Evernote - res://C:\Program\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: Anpassa meny - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fyll i formulär - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RF verktygsfält - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Spara formulär - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Fyll i formulär - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fyll i formulär - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Spara - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Spara formulär - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF verktygsfält - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program\Evernote\Evernote3\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program\Evernote\Evernote3\enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1207243786083
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: wvUNfGvS - wvUNfGvS.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SqueezeMySQL - Unknown owner - C:\Program\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11601 bytes

 

Hi HankD

OK Please do this.

Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {11635C4A-ECC7-4ED7-A172-FA5D54D3E3EE} - C:\WINDOWS\system32\wvUNfGvS.dll (file missing)
O2 - BHO: (no name) - {18D03B01-0DF1-4173-89AF-D38FDBC22D33} - C:\WINDOWS\system32\mlJyYopP.dll (file missing)
O2 - BHO: (no name) - {E0F99C27-215A-4CB9-8695-0BD6882A9856} - C:\WINDOWS\system32\byXQGvuR.dll (file missing)
O2 - BHO: (no name) - {F8FCDA8E-E6C7-498E-B743-64A8E477E347} - C:\WINDOWS\system32\yayATlmJ.dll (file missing)
O20 - Winlogon Notify: wvUNfGvS - wvUNfGvS.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked.

Close HJT.

Please reboot your computer. Let me know if you get the error message.


Now do this

Please download Deckard's System Scanner (dss.exe) and save it to your Desktop.
Note: You must be logged onto an account with administrator privileges to complete the following.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy and then paste the contents of main.txt and extra.txt in your next reply.

Please post the "main.txt" log only for now.

Thanks
Geri

I see you have P2P software ([color= "Red"] Limewire, BitTorrent uTorrent Pando etc… [/color]) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at Windowsbbs Virus and Spyware removal.

 

Hi Geri
Thanks for your replies!
When I started my computer this morning the error message was gone!
I will study your reply and proceed with the scans.
So, these are infections that my AVG program did not find.
And would not be found by any other virus program?

Thanks again for your help
---Hank

 

Hi Hank

AV's, Firewalls and Spyware programs can only detect what the know of, so new infections and infections that change their files can get through until the data is added to the protection programs.

P2P files sharing is IMO one of the easiest ways to become infected, many times a person wants this program or that song or what ever and they tend to ignore the warning from their protection programs and download it any way. I see it all the time maybe 8 out of 10 people that end up here with infections are using some kind of P2P file sharing programs.

Really your best defense is yourself. Don't use P2P file sharing, you want something, save up and buy it. don't surf explicit sites. don't click on banners or pop ups. Always scan email attachments before opening them or don't open them at all, even from people you know, they may have just became infected themselves.

A little common sense will go a long way when using the Internat.

Click here get a free lap top for just taking a survey...NOT!
Just as in real life, very seldom do you get something for nothing only here you not only don't get it, you get something you didn't want. Infected.

Geri