Forum - DLL-files.com

First, we do not analyze HJT logs here, there are forums on the web for this
purpose.
Actually it likely IS malware related as valid .dll files used by Windows
will not be stored in that directory. Download and run Malwarebytes and post
back the results. http://malwarebytes.org/

--
The following is a signature, don't take it personally unless it applies to
you.
How to ask a question http://support.microsoft.com/kb/555375


------
"Amanda8308" <Amanda8308.3yz7vb@DoNotSpam.com> wrote in message
news:Amanda8308.3yz7vb@DoNotSpam.com...
>
> I am not too sure what exactly happened, but every time that I start up
> my computer I get this error message:
> C:\DOCUME~1\Owner\LOCALS~1\Temp\72371091741don.dll The specified module
> could not be found. I know that it wasnt malaware that did this, I
> believe it was me that accidently deleted this through Search and
> Destroy. I have tried to undo the changes but it is still the same. Any
> or all help is greatly appreicated =)
>
> Here is my Hijackthis Log:
>
> Logfile of Trend Micro HijackThis v2.0.2
> Scan saved at 8:27:54 AM, on 23/09/2009
> Platform: Windows XP SP3 (WinNT 5.01.2600)
> MSIE: Internet Explorer v8.00 (8.00.6001.18702)
> Boot mode: Normal
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\Program Files\Windows Defender\MsMpEng.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
> C:\Program Files\Common Files\Apple\Mobile Device
> Support\bin\AppleMobileDeviceService.exe
> C:\Program Files\AskBarDis\bar\bin\AskService.exe
> C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
> C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
> C:\Program Files\Bonjour\mDNSResponder.exe
> C:\WINDOWS\system32\CTsvcCDA.EXE
> C:\Program Files\Java\jre6\bin\jqs.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\system32\MsPMSPSv.exe
> C:\WINDOWS\system32\SearchIndexer.exe
> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
> C:\PROGRA~1\AVG\AVG8\avgemc.exe
> C:\PROGRA~1\AVG\AVG8\avgrsx.exe
> C:\PROGRA~1\AVG\AVG8\avgnsx.exe
> C:\Program Files\AVG\AVG8\avgcsrvx.exe
> C:\WINDOWS\Explorer.EXE
> C:\PROGRA~1\AVG\AVG8\avgtray.exe
> C:\Program Files\Analog Devices\Core\smax4pnp.exe
> C:\WINDOWS\system32\dla\tfswctrl.exe
> C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
> C:\Program Files\Java\jre6\bin\jusched.exe
> C:\WINDOWS\system32\hkcmd.exe
> C:\WINDOWS\system32\igfxpers.exe
> C:\Program Files\Windows Defender\MSASCui.exe
> C:\Program Files\iTunes\iTunesHelper.exe
> C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
> C:\WINDOWS\system32\ctfmon.exe
> C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
> C:\Program Files\Messenger\msmsgs.exe
> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
> C:\Program Files\Windows Desktop Search\WindowsSearch.exe
> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
> C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
> C:\Program Files\iPod\bin\iPodService.exe
> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
> C:\Program Files\Internet Explorer\iexplore.exe
> C:\Program Files\Internet Explorer\iexplore.exe
> c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication
> Foundation\infocard.exe
> C:\Program Files\Windows Live\Messenger\msnmsgr.exe
> C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
> C:\WINDOWS\system32\SearchProtocolHost.exe
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://www.google.ca/
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> http://go.microsoft.com/fwlink/?LinkId=69157
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
> = http://go.microsoft.com/fwlink/?LinkId=54896
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
> http://go.microsoft.com/fwlink/?LinkId=54896
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://go.microsoft.com/fwlink/?LinkId=69157
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
>
> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
> Settings,ProxyOverride = *.local
> R3 - URLSearchHook: Yahoo! Toolbar -
> {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
> C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
> O2 - BHO: &Yahoo! Toolbar Helper -
> {02478D38-C3F9-4efb-9B51-7695ECA05670} -
> C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
> O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -
> C:\Program Files\Common
> Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
> O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} -
> C:\Program Files\AskBarDis\bar\bin\askBar.dll
> O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -
> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program
> Files\AVG\AVG8\avgssie.dll
> O2 - BHO: Spybot-S&D IE Protection -
> {53707962-6F74-2D53-2644-206D7942484F} -
> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -
> C:\WINDOWS\system32\dla\tfswshx.dll
> O2 - BHO: Groove GFS Browser Helper -
> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -
> C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
> O2 - BHO: Windows Live Sign-in Helper -
> {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common
> Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
> O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
> {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program
> Files\Java\jre6\bin\jp2ssv.dll
> O2 - BHO: JQSIEStartDetectorImpl -
> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program
> Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
> O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
> - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
> O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
> C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
> O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} -
> C:\Program Files\AskBarDis\bar\bin\askBar.dll
> O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
> O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog
> Devices\Core\smax4pnp.exe
> O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
> O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
> Files\Sonic\Update Manager\sgtray.exe" /r
> O4 - HKLM\..\Run: [DVDLauncher] "C:\Program
> Files\CyberLink\PowerDVD\DVDLauncher.exe"
> O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
> Files\Java\jre6\bin\jusched.exe"
> O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
> O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
> O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
> O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows
> Defender\MSASCui.exe" -hide
> O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
> Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
> Files\QuickTime\qttask.exe" -atboottime
> O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
> Files\iTunes\iTunesHelper.exe"
> O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft
> Office\Office12\GrooveMonitor.exe"
> O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
> O4 - HKCU\..\Run: [WeatherEye] C:\Program
> Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
> O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program
> Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
> /background
> O4 - HKCU\..\Run: [yahoo!] C:\WINDOWS\system32\rundll32.exe
> C:\DOCUME~1\Owner\LOCALS~1\Temp\72371091741don.dll,Sets
> O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search
> & Destroy\TeaTimer.exe
> O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program
> Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
> O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
> (User 'LOCAL SERVICE')
> O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
> (User 'NETWORK SERVICE')
> O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
> (User 'SYSTEM')
> O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
> (User 'Default user')
> O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft
> Office\Office12\GROOVE.EXE
> O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows
> Desktop Search\WindowsSearch.exe
> O8 - Extra context menu item: E&xport to Microsoft Excel -
> res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
> O9 - Extra button: Send to OneNote -
> {2670000A-7350-4f3c-8081-5663EE0C6C49} -
> C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
> O9 - Extra 'Tools' menuitem: S&end to OneNote -
> {2670000A-7350-4f3c-8081-5663EE0C6C49} -
> C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
> O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
> C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
> O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
> {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
> O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
> {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
> Diagnostic\xpnetdiag.exe
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> C:\Program Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\msmsgs.exe
> O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
> - http://update.microsoft.com/windowsu...?1252171355875
> O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo
> Uploader 5 Control) -
> http://upload.facebook.com/controls/...Uploader55.cab
> O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
> O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD}
> - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
> O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
> C:\Program Files\AVG\AVG8\avgpp.dll
> O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
> O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program
> Files\Common Files\Apple\Mobile Device
> Support\bin\AppleMobileDeviceService.exe
> O23 - Service: ASKService - Unknown owner - C:\Program
> Files\AskBarDis\bar\bin\AskService.exe
> O23 - Service: ASKUpgrade - Unknown owner - C:\Program
> Files\AskBarDis\bar\bin\ASKUpgrade.exe
> O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies
> CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
> O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ,
> s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
> O23 - Service: Bonjour Service - Apple Inc. - C:\Program
> Files\Bonjour\mDNSResponder.exe
> O23 - Service: Creative Service for CDROM Access - Creative Technology
> Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
> O23 - Service: iPod Service - Apple Inc. - C:\Program
> Files\iPod\bin\iPodService.exe
> O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun
> Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
> O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program
> Files\Lavasoft\Ad-Aware\AAWService.exe
> O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation -
> C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
> O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. -
> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
> --
> End of file - 10614 bytes
>
>
> --
> Amanda8308
> ------------------------------------------------------------------------
> Amanda8308's Profile: http://forums.techarena.in/members/137962.htm
> View this thread:
> http://forums.techarena.in/windows-xp-s ... 250334.htm
>
> http://forums.techarena.in
>

Amanda8308 wrote:
> I am not too sure what exactly happened, but every time that I
> start up my computer I get this error message:
> C:\DOCUME~1\Owner\LOCALS~1\Temp\72371091741don.dll The specified
> module could not be found. I know that it wasnt malaware that did
> this, I believe it was me that accidently deleted this through
> Search and Destroy. I have tried to undo the changes but it is
> still the same. Any or all help is greatly appreicated =)
>
> Here is my Hijackthis Log:
<snipped>

Here's what you should do...

Start button --> RUN
(no "RUN"? Press the "Windows Key" + R on your keyboard)
--> type in:
winver
--> Click OK.

The picture at the top of the window that opens will give you the general
(Operating System name and flavor) while the line starting with the word
"version" will give you the rest of the story.

Post _both_ in response to this message verbatim.

Start button --> RUN
(no "RUN"? Press the "Windows Key" + R on your keyboard)
--> type in:
MSCONFIG
--> Click OK.

Go to the "Startup" tab of MSCONFIG. Find where the offending startup item
is (likely in the registry) and use that information to manually go and
remove the entry from the registry (do not just uncheck it.)

Then, continue the cleanup...

Fix your file/registry permissions...

Ignore the title and follow the sub-section under "Advanced Troubleshooting"
titled, "Method 1: Reset the registry and the file permissions"
http://support.microsoft.com/kb/949377
*will take time
(** Ignore the last step - you should have SP3 installed - but don't do it
during the cleanup.)

Reboot and ...

Download/install this:
http://support.microsoft.com/kb/290301

After installing, do the following:

Start button --> RUN --> type in:
"%ProgramFiles%\Windows Installer Clean Up\msizap.exe" g!
--> Click OK.
(The quotation marks and percentage signs and spacing should be exact.)

Download, install, run, update and perform a full scan (separately) with the
following two applications (freeware versions are the ones to use for this):

SuperAntiSpyware
http://www.superantispyware.com/

MalwareBytes
http://www.malwarebytes.com/

After performing a full scan with one and then the other and removing
whatever they both find completely, you may uninstall these products,
if you wish.

Download and run the MSRT manually:
http://www.microsoft.com/security/malwa ... fault.mspx

Reboot.

Download/Install the latest Windows Installer (for your OS):
( Windows XP 32-bit : WindowsXP-KB942288-v3-x86.exe )
http://www.microsoft.com/downloadS/deta ... laylang=en

Reboot.

and...

Download the latest version of the Windows Update agent from here (x86):
http://go.microsoft.com/fwlink/?LinkID=91237
.... and save it to the root of your C:\ drive. After saving it to the root
of the C:\ drive, do the following:

Close all Internet Explorer windows and other applications.

Start button --> RUN and type in:
%SystemDrive%\windowsupdateagent30-x86.exe /WUFORCE
--> Click OK.

(If asked, select "Run.) --> Click on NEXT --> Select "I agree" and click on
NEXT --> When it finishes installing, click on "Finish"...

Reboot.

Then follow the instructions here:

How do I reset Windows Update components?
http://support.microsoft.com/kb/971058

Reboot.

CHKDSK
How to scan your disks for errors
http://support.microsoft.com/kb/315265
* will take time and a reboot

Defragment
How to Defragment your hard drives
http://support.microsoft.com/kb/314848
* will take time

Ensure your hardware drivers are up to date (from the hardware
manufacturer's respective web pages.) Never get hardware drivers
for hardware that was not created/sold by Microsoft from Microsoft.

Reboot...

Log on as an user with administrative rights and open Internet Explorer
and visit http://windowsupdate.microsoft.com/ and select to do a
CUSTOM scan...

Every time you are about to click on something while at these web pages -
first press and hold down the CTRL key while you click on it. You can
release the CTRL key after clicking each time.

Once the scan is done, select just _ONE_ of the high priority updates
(deselect any others) and install it.

Reboot again.

If it did work - try the web page again - selecting no more than 3-5 at a
time. Rebooting as needed.

The Optional Software updates are generally safe - although I recommend
against the "Windows Search" one and any of the "Office Live" ones or
"Windows Live" ones for now. I would completely avoid the
Optional Hardware updates. Also - I do not see any urgent need to install
Internet Explorer 8 at this time.

Seriously - do all that. This is like antibiotics - don't skip a single
step, don't quit because you think things will be okay now - go through
until the end, until you have done everything given in the order given. If
you have a problem with a step come ask and let someone here get you
through that step. If you don't understand how to do a step, come back and
ask here about that step and let someone walk you through it.

Then - when done - let everyone here know if it worked for you - or if you
have more issues.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

There is a reference to the deleted file in one of your start up points. If
that is all you want to fix, run msconfig.exe, click on the startup tab,
find the reference to the deleted file, remove the check mark, close
msconfig and reboot. When a screen appears, mark the "do not show" box and
then continue on.

--
Regards

Ron Badour
MS MVP
Windows Desktop Experience


"Amanda8308" <Amanda8308.3yz7vb@DoNotSpam.com> wrote in message
news:Amanda8308.3yz7vb@DoNotSpam.com...
>
> I am not too sure what exactly happened, but every time that I start up
> my computer I get this error message:
> C:\DOCUME~1\Owner\LOCALS~1\Temp\72371091741don.dll The specified module
> could not be found. I know that it wasnt malaware that did this, I
> believe it was me that accidently deleted this through Search and
> Destroy. I have tried to undo the changes but it is still the same. Any
> or all help is greatly appreicated =)
>
> Here is my Hijackthis Log:
>
> Logfile of Trend Micro HijackThis v2.0.2
> Scan saved at 8:27:54 AM, on 23/09/2009
> Platform: Windows XP SP3 (WinNT 5.01.2600)
> MSIE: Internet Explorer v8.00 (8.00.6001.18702)
> Boot mode: Normal
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\Program Files\Windows Defender\MsMpEng.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
> C:\Program Files\Common Files\Apple\Mobile Device
> Support\bin\AppleMobileDeviceService.exe
> C:\Program Files\AskBarDis\bar\bin\AskService.exe
> C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
> C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
> C:\Program Files\Bonjour\mDNSResponder.exe
> C:\WINDOWS\system32\CTsvcCDA.EXE
> C:\Program Files\Java\jre6\bin\jqs.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\system32\MsPMSPSv.exe
> C:\WINDOWS\system32\SearchIndexer.exe
> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
> C:\PROGRA~1\AVG\AVG8\avgemc.exe
> C:\PROGRA~1\AVG\AVG8\avgrsx.exe
> C:\PROGRA~1\AVG\AVG8\avgnsx.exe
> C:\Program Files\AVG\AVG8\avgcsrvx.exe
> C:\WINDOWS\Explorer.EXE
> C:\PROGRA~1\AVG\AVG8\avgtray.exe
> C:\Program Files\Analog Devices\Core\smax4pnp.exe
> C:\WINDOWS\system32\dla\tfswctrl.exe
> C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
> C:\Program Files\Java\jre6\bin\jusched.exe
> C:\WINDOWS\system32\hkcmd.exe
> C:\WINDOWS\system32\igfxpers.exe
> C:\Program Files\Windows Defender\MSASCui.exe
> C:\Program Files\iTunes\iTunesHelper.exe
> C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
> C:\WINDOWS\system32\ctfmon.exe
> C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
> C:\Program Files\Messenger\msmsgs.exe
> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
> C:\Program Files\Windows Desktop Search\WindowsSearch.exe
> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
> C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
> C:\Program Files\iPod\bin\iPodService.exe
> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
> C:\Program Files\Internet Explorer\iexplore.exe
> C:\Program Files\Internet Explorer\iexplore.exe
> c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication
> Foundation\infocard.exe
> C:\Program Files\Windows Live\Messenger\msnmsgr.exe
> C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
> C:\WINDOWS\system32\SearchProtocolHost.exe
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://www.google.ca/
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> http://go.microsoft.com/fwlink/?LinkId=69157
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
> = http://go.microsoft.com/fwlink/?LinkId=54896
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
> http://go.microsoft.com/fwlink/?LinkId=54896
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://go.microsoft.com/fwlink/?LinkId=69157
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
>
> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
> Settings,ProxyOverride = *.local
> R3 - URLSearchHook: Yahoo! Toolbar -
> {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
> C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
> O2 - BHO: &Yahoo! Toolbar Helper -
> {02478D38-C3F9-4efb-9B51-7695ECA05670} -
> C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
> O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -
> C:\Program Files\Common
> Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
> O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} -
> C:\Program Files\AskBarDis\bar\bin\askBar.dll
> O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -
> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program
> Files\AVG\AVG8\avgssie.dll
> O2 - BHO: Spybot-S&D IE Protection -
> {53707962-6F74-2D53-2644-206D7942484F} -
> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -
> C:\WINDOWS\system32\dla\tfswshx.dll
> O2 - BHO: Groove GFS Browser Helper -
> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -
> C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
> O2 - BHO: Windows Live Sign-in Helper -
> {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common
> Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
> O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
> {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program
> Files\Java\jre6\bin\jp2ssv.dll
> O2 - BHO: JQSIEStartDetectorImpl -
> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program
> Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
> O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
> - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
> O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
> C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
> O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} -
> C:\Program Files\AskBarDis\bar\bin\askBar.dll
> O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
> O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog
> Devices\Core\smax4pnp.exe
> O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
> O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
> Files\Sonic\Update Manager\sgtray.exe" /r
> O4 - HKLM\..\Run: [DVDLauncher] "C:\Program
> Files\CyberLink\PowerDVD\DVDLauncher.exe"
> O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
> Files\Java\jre6\bin\jusched.exe"
> O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
> O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
> O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
> O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows
> Defender\MSASCui.exe" -hide
> O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
> Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
> Files\QuickTime\qttask.exe" -atboottime
> O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
> Files\iTunes\iTunesHelper.exe"
> O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft
> Office\Office12\GrooveMonitor.exe"
> O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
> O4 - HKCU\..\Run: [WeatherEye] C:\Program
> Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
> O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program
> Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
> /background
> O4 - HKCU\..\Run: [yahoo!] C:\WINDOWS\system32\rundll32.exe
> C:\DOCUME~1\Owner\LOCALS~1\Temp\72371091741don.dll,Sets
> O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search
> & Destroy\TeaTimer.exe
> O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program
> Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
> O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
> (User 'LOCAL SERVICE')
> O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
> (User 'NETWORK SERVICE')
> O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
> (User 'SYSTEM')
> O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
> (User 'Default user')
> O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft
> Office\Office12\GROOVE.EXE
> O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows
> Desktop Search\WindowsSearch.exe
> O8 - Extra context menu item: E&xport to Microsoft Excel -
> res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
> O9 - Extra button: Send to OneNote -
> {2670000A-7350-4f3c-8081-5663EE0C6C49} -
> C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
> O9 - Extra 'Tools' menuitem: S&end to OneNote -
> {2670000A-7350-4f3c-8081-5663EE0C6C49} -
> C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
> O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
> C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
> O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
> {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
> O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
> {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
> Diagnostic\xpnetdiag.exe
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> C:\Program Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\msmsgs.exe
> O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
> - http://update.microsoft.com/windowsu...?1252171355875
> O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo
> Uploader 5 Control) -
> http://upload.facebook.com/controls/...Uploader55.cab
> O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
> O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD}
> - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
> O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
> C:\Program Files\AVG\AVG8\avgpp.dll
> O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
> O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program
> Files\Common Files\Apple\Mobile Device
> Support\bin\AppleMobileDeviceService.exe
> O23 - Service: ASKService - Unknown owner - C:\Program
> Files\AskBarDis\bar\bin\AskService.exe
> O23 - Service: ASKUpgrade - Unknown owner - C:\Program
> Files\AskBarDis\bar\bin\ASKUpgrade.exe
> O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies
> CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
> O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ,
> s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
> O23 - Service: Bonjour Service - Apple Inc. - C:\Program
> Files\Bonjour\mDNSResponder.exe
> O23 - Service: Creative Service for CDROM Access - Creative Technology
> Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
> O23 - Service: iPod Service - Apple Inc. - C:\Program
> Files\iPod\bin\iPodService.exe
> O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun
> Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
> O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program
> Files\Lavasoft\Ad-Aware\AAWService.exe
> O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation -
> C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
> O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. -
> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
> --
> End of file - 10614 bytes
>
>
> --
> Amanda8308
> ------------------------------------------------------------------------
> Amanda8308's Profile: http://forums.techarena.in/members/137962.htm
> View this thread:
> http://forums.techarena.in/windows-xp-s ... 250334.htm
>
> http://forums.techarena.in
>

On Sep 23, 12:34

Amanda8308 wrote:
> I am not too sure what exactly happened, but every time that I start up
> my computer I get this error message:
> C:\DOCUME~1\Owner\LOCALS~1\Temp\72371091741don.dll The specified module
> could not be found. I know that it wasn't malware that did this, I
> believe it was me that accidentally deleted this through Search and
> Destroy. I have tried to undo the changes but it is still the same. Any
> or all help is greatly appreciated =)

So you think a legitimate startup program was installed into a Temp
folder? I don't think so..

It's more likely some malware was deleted by your a/v software, or SS&D
but the reference to the file was not removed from the registry.

Click Start, Run, type REGEDIT, click OK. Press the Home key, press F3,
type the name of the file into the search pane. Click "Find Next", and
when located, delete the reference to the file. Press F3 to continue
the search.

You can click File, Export, and save the entry to the Desktop. If you
remove it and there's a problem, double-click the .reg file you exported
to the Desktop and it'll be added to the registry again. You can create
a restore point before editing the registry too.

You could click Start, Run, type MSCONFIG, click OK, click the StartUp
tab, and deselect the item(s). When you restart the computer, you will
be warned that you're running in the Diagnostic mode; click to not alert
you again, and OK out. You won't see the message again. But I think
it's best to just remove the references from the registry.

--
Joe =o)

Jose,

I did what you said, I had downloaded Malwarebytes and it got rid of
what was giving me the error message, which I am extremely happy about..
Now the next thing is trying to speed this thing up just a bit..


--
Amanda8308
------------------------------------------------------------------------
Amanda8308's Profile: http://forums.techarena.in/members/137962.htm
View this thread: http://forums.techarena.in/windows-xp-s ... 250335.htm

http://forums.techarena.in

Amanda8308 wrote:
> I did what you said, I had downloaded Malwarebytes and it got rid of
> what was giving me the error message, which I am extremely happy
> about.. Now the next thing is trying to speed this thing up just a
> bit..

Yeah...

Gone through the list I originally gave you yet? Need it repeated?

Here's what you should do...

Start button --> RUN
(no "RUN"? Press the "Windows Key" + R on your keyboard)
--> type in:
winver
--> Click OK.

The picture at the top of the window that opens will give you the general
(Operating System name and flavor) while the line starting with the word
"version" will give you the rest of the story.

Post _both_ in response to this message verbatim.
Then, continue the cleanup...

Fix your file/registry permissions...

Ignore the title and follow the sub-section under "Advanced Troubleshooting"
titled, "Method 1: Reset the registry and the file permissions"
http://support.microsoft.com/kb/949377
*will take time
(** Ignore the last step - you should have SP3 installed - but don't do it
during the cleanup.)

Reboot and ...

Download/install this:
http://support.microsoft.com/kb/290301

After installing, do the following:

Start button --> RUN --> type in:
"%ProgramFiles%\Windows Installer Clean Up\msizap.exe" g!
--> Click OK.
(The quotation marks and percentage signs and spacing should be exact.)

Download, install, run, update and perform a full scan (separately) with the
following two applications (freeware versions are the ones to use for this):

SuperAntiSpyware
http://www.superantispyware.com/

MalwareBytes
http://www.malwarebytes.com/

After performing a full scan with one and then the other and removing
whatever they both find completely, you may uninstall these products,
if you wish.

Download and run the MSRT manually:
http://www.microsoft.com/security/malwa ... fault.mspx

Reboot.

Download/Install the latest Windows Installer (for your OS):
( Windows XP 32-bit : WindowsXP-KB942288-v3-x86.exe )
http://www.microsoft.com/downloadS/deta ... laylang=en

Reboot.

and...

Download the latest version of the Windows Update agent from here (x86):
http://go.microsoft.com/fwlink/?LinkID=91237
.... and save it to the root of your C:\ drive. After saving it to the root
of the C:\ drive, do the following:

Close all Internet Explorer windows and other applications.

Start button --> RUN and type in:
%SystemDrive%\windowsupdateagent30-x86.exe /WUFORCE
--> Click OK.

(If asked, select "Run.) --> Click on NEXT --> Select "I agree" and click on
NEXT --> When it finishes installing, click on "Finish"...

Reboot.

Then follow the instructions here:

How do I reset Windows Update components?
http://support.microsoft.com/kb/971058

Reboot.

CHKDSK
How to scan your disks for errors
http://support.microsoft.com/kb/315265
* will take time and a reboot

Defragment
How to Defragment your hard drives
http://support.microsoft.com/kb/314848
* will take time

Ensure your hardware drivers are up to date (from the hardware
manufacturer's respective web pages.) Never get hardware drivers
for hardware that was not created/sold by Microsoft from Microsoft.

Reboot...

Log on as an user with administrative rights and open Internet Explorer
and visit http://windowsupdate.microsoft.com/ and select to do a
CUSTOM scan...

Every time you are about to click on something while at these web pages -
first press and hold down the CTRL key while you click on it. You can
release the CTRL key after clicking each time.

Once the scan is done, select just _ONE_ of the high priority updates
(deselect any others) and install it.

Reboot again.

If it did work - try the web page again - selecting no more than 3-5 at a
time. Rebooting as needed.

The Optional Software updates are generally safe - although I recommend
against the "Windows Search" one and any of the "Office Live" ones or
"Windows Live" ones for now. I would completely avoid the
Optional Hardware updates. Also - I do not see any urgent need to install
Internet Explorer 8 at this time.

Seriously - do all that. This is like antibiotics - don't skip a single
step, don't quit because you think things will be okay now - go through
until the end, until you have done everything given in the order given. If
you have a problem with a step come ask and let someone here get you
through that step. If you don't understand how to do a step, come back and
ask here about that step and let someone walk you through it.

Then - when done - let everyone here know if it worked for you - or if you
have more issues.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html