Placed Malware in Chest but now start up programs looking for the dll

[superhans]

Avast found netdtoh.dll which it identified as malware so I placed this in the chest

I have searched for netdtoh.dll on the internet and can find no info so assume it is a virus

however

now several programs / processes say that cannot run on startup because netdtoh.dll is missing

do I need to stop the computer looking for this file some how?

Thanks

any help would be very greatly appreciated!

PS I have run a registry cleaner and spybot search and destroy

PPS firefox and itunes not working but other programs ok

PPPS netdtoh.dll was in the system32 folder - said something about system32 malware GEN

[DavidR]

There have to be some registry associations/hooking to this file and possible a startup entry.

What exactly are the errors displayed ?

Strange that this file name returns zero hits on a google search, considering it is in the system32 folder.

If you haven't already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).

• 1.  MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.
• 2. SUPERantispyware On-Demand only in free version.

Don't worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.
Also available a portable version of SAS, http://www.superantispyware.com/portablescanner.html, no installation required.

[superhans]

the errors are when i try to start any program and several on start up

they all take the form

userinit.exe - unable to locate component

x - the application has failed to start because netdtoh.dll was not found. Re-installing the application may fix this problem.


on start up I get pop up boxes as above for all of the following....

userinit.exe, explorer.exe, xRaidSetup.exe, rundll.exe, ashDisp.exe, smax4pnp.exe, schedhlp.exe, xinside.exe, cledx.exe, nokiamusic.exe, nwiz.exe

etc etc

I did think maybe the dll identified as malware was required by the system so i foolishly restored it which got rid of all these error boxes but the netdtoh.dll was again identified by avast as malware

any help as to how I should proceed - much appreciated

[superhans]

interestingly i'm just running the MBAM setup and as I do so I get the same message saying MBAM setup can't locate netdtoh.dll so it can't start

I click on ok and then the setup process for MBAM continues anyway

wierd!

[superhans]

the only thing that malware bytes is finding is disabled.securityCenter


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3954

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

04/04/2010 20:57:25
mbam-log-2010-04-04 (20-57-25).txt

Scan type: Quick scan
Objects scanned: 103599
Time elapsed: 3 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

/* log file ends */


It's just the error message that I'm getting on launch of any program - also just made photoshop crash

[DavidR]

The problem appears to be related to a registry entry that attempts to redirect the userint.exe to use the netdtoh.dll instead.

userinit.exe - unable to locate component

x - the application has failed to start because netdtoh.dll was not found. Re-installing the application may fix this problem.

Unfortunately reinstalling the application won't do anything as the application looks for userint.exe which has been redirected to the missing/removed malware file netdtoh.dll, so we need to try and remove this redirection.

- Also useful as a diagnostic tool - FileHippo Download - HiJackThis and post the contents of the HJT log file here. - HJT Information HiJackThis Tutorial.

Download and run HJT and post the contents of the log file (cut and paste or attach the log file) into this topic, you may need to split it over two or more posts depending on how large it is.

Hopefully this will show the redirection of the userint.exe and we can fix it with HiJackThis.

####
Run MBAM again and allow it to take care of (Remove) the Bad registry value that it found.

[superhans]

it doesn't just happen for userint.exe

the same error comes up for all of the other exe's I listed above and whenever I start many programs

will run HiJack this to get log file and post it

Thank you for you help

greatly appreciated

[DavidR]

I know that, thisis basically what I said in my last post

Unfortunately reinstalling the application won't do anything as the application looks for userint.exe which has been redirected to the missing/removed malware file netdtoh.dll, so we need to try and remove this redirection.

If any program refers to the userint.exe file then that is redirected to the netdtoh.dll which is missing resulting in the error.

[superhans]

For example i've just installed HiJack this and got the following error

HiJackThis.exe - Unable to locate component

This application has failed to start because netdtoh.dll was not found. Re-installing the application may fix this problem.


hit ok and the application works fine though

[superhans]

HiJack This Log Part 1...  

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 22:45:13, on 04/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Portrait Displays\HP Display Assistant\DTHtml.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MOTU\Audio\MFWAKeys.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\COMMON~1\Nokia\MPLATF~1\NOKIAM~1.EXE
C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

[superhans]

HiJack this log Part 2...

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Nokia FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [DT HWP] C:\Program Files\Portrait Displays\HP Display Assistant\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: MOTU Pedal Handler.lnk = C:\Program Files\MOTU\Audio\MFWAKeys.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TwonkyMedia - PacketVideo - C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe

--
End of file - 9514 bytes

[DavidR]

That's weird as there is no reference to userinit.exe or netdtoh.dll in the hijackthis log, which blows my guess out of the water. Unless it is hidden from hijackthis, which is becoming more common as it doesn't seem to be keeping pace with malware developments.

You don't appear to have an active firewall - It should be capable of blocking unauthorised outbound Internet Connections. - What is your firewall ?

Fix using HJT:
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
I think this is related to the ASK toolbar which many consider spyware as it will gather data on your searches, which might be used for targeted ads. As a search engine it doesn't come close to google anyway. So if you know what the ASK toolbar came with I would disable it or uninstall it and do a custom install without the Ask toolbar.

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)

Other than those, which are unrelated to the problem, I don't see anything obvious.

####
However, there are some google references to userinit.exe being associated with malware, probably in a different location to the legit userinit.exe file which should be in the windows\system32 folder. So try a search on your system for userinit.exe and see where it is found ?

~~~~
You could try an on-line scanner and see if that reports anything, once you have established connection to the on-line scanner of your choice and just before you do the scan, stop File System Shield, start after completion.

On-line Virus Scanners and other useful Links Security-Ops.eu.tt

****
Other than the above, I'm at a bit of a loss as to what else to suggest, if this is malware related as it seems it will need stronger tools and someone with more malware removal experience than me.

[CharleyO]

***

Below is an analysis of your HJT log showing any known problems :

We couldn't detect any active process of a firewall on your system. Possible reasons:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don't use any firewall at all.
We recommend you to use a firewall. Download and install one or activate windows xp´s own firewall.

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
Very bad entry that must be fixed. Related to AskTbar.
http://www.spyandseek.com/Search.php?search_for=9CB65206-89C4-402c-BA80-02D8C59F9B1D&search=SAS-Search   ( 3rd - 5th entries on list )

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
Unnecessary (deactivated) entry that can be fixed. A5SRCHAS.DLL - Ask_Jeeves. See this link :
http://www.benedelman.org/spyware/installations/askjeeves-banner/

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
Unnecessary (deactivated) entry that can be fixed. ASKTBAR.DLL - Ask_Jeeves. See above link.

O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
Unnecessary (deactivated) entry that can be fixed. ASKTBAR.DLL - Ask_Jeeves. See above link.



Overview of running tasks :


smss.exe   
System process   
Session Manager Subsystem

winlogon.exe   
System process   
Microsoft Windows Logon Process

services.exe   
System process   
Windows Service Controller

lsass.exe   
System process   
Local Security Authority Service

svchost.exe   
System process   
Microsoft Service Host Process

svchost.exe   
System process   
Microsoft Service Host Process

svchost.exe   
System process   
Microsoft Service Host Process

aswUpdSv.exe   
Virusscan   
Avast Anti-Virus Component

AAWService.exe   
Anti Add/Spyware software   
Ad-Aware 2007 Service

ashServ.exe   
Virusscan   
Avast

Explorer.EXE   
System process   
Microsoft Windows Explorer

spoolsv.exe   
System process   
Microsoft Printer Spooler Service

mDNSResponder.exe   
Backgroundtask   
Bonjour for Windows Component

DTSRVC.exe   
Backgroundtask   
Display Tuning Service

jqs.exe   
Backgroundtask   
Java Quick Starter Service

nvsvc32.exe   
Application   
NVIDIA Driver Helper Service

RpcAgentSrv.exe   
Driver   
SANDRA.AGENT.SRV

svchost.exe   
System process   
Microsoft Service Host Process

ashMaiSv.exe   
Virusscan   
Avast Anti-Virus Component

ashWebSv.exe   
Virusscan   
avast! Web Scanner

smax4pnp.exe   
Application   
Soundmax agent

ashDisp.exe   
Virusscan   
Avast AntiVirus

RUNDLL32.EXE   
System process   
Microsoft Rundll32

schedhlp.exe   
Backgroundtask   
Acronis True Image Component

DTHtml.exe   
Backgroundtask   
Display Tune

jusched.exe   
Backgroundtask   
Sun Java Update Scheduler

ctfmon.exe   
System process   
Alternative User Input Services

MFWAKeys.exe   
Unknown task     FireWire Audio pedal control functions
Unknown task    ( See http://www.motu.com/techsupport/technotes/what-is-mfwakeys-exe-process-for )

svchost.exe   
System process   
Microsoft Service Host Process

AAWTray.exe   
Backgroundtask   
AAWTray Application

NOKIAM~1.EXE   
Driver   
Nokia M Platform

ServiceLayer.exe   
Backgroundtask   
Nokia Connectivity Library

NclUSBSrv.exe   
Backgroundtask   
Nokia USB Media Server

NclRSSrv.exe   
Backgroundtask   
Nokia Serial Media Server

HookManager.exe   
Backgroundtask   
Context Menu Utility

iexplore.exe   
Application   
Microsoft Internet Explorer

iexplore.exe   
Application   
Microsoft Internet Explorer

iexplore.exe   
Application   
Microsoft Internet Explorer

iexplore.exe   
Application   
Microsoft Internet Explorer

iexplore.exe   
Application   
Microsoft Internet Explorer

SUPERAntiSpyware.exe   
Anti Add/Spyware software   
SUPERAntiSpyware

msiexec.exe   
System process   
Windows Installer Component

HiJackThis.exe   
Application   
Merijn Hijackthis


***

[superhans]

Windows Firewall is listed as on in the security center

I've run a boot time scan and AVAST didn't find any more virus'

So it's just the error message that I'm getting all the time now looking for that netdtoh.dll

I get these three things looking for netdtoh.dll before the login box pops up

winlogon.exe, services.exe, lscass.exe

then login box

then all the start up services ask for netdtoh.dll

Have attached a jpg of the error message

[bong2x]

ok can you fix or reinstall your mbam?

maybe its the system of mbam that is missing

Regards!!!