Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hello, help please tdlwsp.dll

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hello, help please tdlwsp.dll

Unread postby Pontuzz » November 11th, 2009, 9:26 pm

Hello, i am not very good with pc's but every time i login to windows it's very slow and after a while my F-secure 2010 Detects a dll named tdlwsp.dll as a trojan, i let the program remove it and i perform a reinstall, now after some minutes it detects it again? i have been googling for like 3 days straight about a solution that i could understand but i cant find any, Formatting isint an option due to the number of invaluble photos i have of my family and friends, Please help me!?
I used Hijack this as best i could:
-------------Hijack this logfile-----------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:25:40, on 2009-11-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program\F-Secure\Common\FSMA32.EXE
C:\Program\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program\F-Secure\Common\FSHDLL32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program\TeamViewer\Version4\TeamViewer_Service.exe
C:\Program\F-Secure\Anti-Virus\fssm32.exe
C:\Program\F-Secure\FWES\Program\fsdfwd.exe
C:\Program\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program\ASUS\AI Nap\AiNap.exe
C:\Program\Analog Devices\SoundMAX\smax4.exe
C:\Program\Trust\GM-4600 Gamer Mouse\Amoumain.exe
C:\Program\Razer\Tarantula\razerhid.exe
C:\Program\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program\Delade filer\InstallShield\UpdateService\issch.exe
C:\Program\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\WhatPulse\WhatPulse.exe
C:\Program\Launchy\Launchy.exe
C:\Program\WinZip\WZQKPICK.EXE
C:\Program\F-Secure\FSGUI\fscuif.exe
C:\Documents and Settings\Ägaren\Lokala inställningar\Apps\2.0\0BK6P8X6.4AB\5NZEB02K.OR5\curs..tion_eee711038731a406_0004.0000_10385b9343e6ff88\CurseClient.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program\F-Secure\NRS\iescript\baselitmus.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program\F-Secure\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Ai Nap] "C:\Program\ASUS\AI Nap\AiNap.exe"
O4 - HKLM\..\Run: [GameFace Messenger] C:\Program\GameFace Messenger\GameFace.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program\Trust\GM-4600 Gamer Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Tarantula] C:\Program\Razer\Tarantula\razerhid.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program\Delade filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\Program\DELADE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "d:\games\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [WhatPulse] C:\Program\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CurseClientStartup.ccip
O4 - Startup: Dropbox.lnk = ?
O4 - Startup: MagicDisc.lnk = C:\Program\MagicDisc\MagicDisc.exe
O4 - Startup: Xfire.lnk = C:\Program\Xfire\Xfire.exe
O4 - Global Startup: Jensen AirLink 7554 Wlan Utility.lnk = C:\Program\JensenScandinavia\Jensen AirLink 7554 Wlan Utility\Installer\WINXP\AWU.exe
O4 - Global Startup: Launchy.lnk = C:\Program\Launchy\Launchy.exe
O4 - Global Startup: WeGame.lnk = C:\Program\WeGame\wegame.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: S&end to OneNote - res://C:\Program\MI1933~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5981778950
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll
O21 - SSODL: DefaultVideo - {9cd65c38-dbfb-483d-8a48-7f7b4716305b} - C:\Program\Delade filer\Default\DefaultVideo.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program\Delade filer\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program\WinPcap\rpcapd.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program\TeamViewer\Version4\TeamViewer_Service.exe

--
End of file - 12353 bytes

-----------EDIT---------------
I was thinking,, since F-secure can find it, and remove it, but it reinstalls using sys restore (i think) can i turn off sys restore, delete it and then restart and turn it on?

Thanks in advance // Pontus
Pontuzz
Active Member
 
Posts: 2
Joined: November 11th, 2009, 9:15 pm
Location: Sweden
Advertisement
Register to Remove

Re: Hello, help please tdlwsp.dll

Unread postby Pontuzz » November 12th, 2009, 5:56 am

I think the steps i took worked, but im not sure yet,, i will wait some days then ill post and tell if the problem has appeared again
Pontuzz
Active Member
 
Posts: 2
Joined: November 11th, 2009, 9:15 pm
Location: Sweden

Re: Hello, help please tdlwsp.dll

Unread postby NonSuch » November 12th, 2009, 6:04 pm

This topic is now closed.

As it appears your issues may have been resolved, your topic has been closed. If you find that you still require help, please open a new thread in the Malware Removal forum and wait for assistance. DO NOT reply to your own topic until you have received a response from a helper. Be patient. There will be others who have been waiting longer than you, so do not expect an immediate reply.

>Guideline for posting your HijackThis log<
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 29 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware