Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

\?\C:\WINDOWS\system32\winlogon.exe


  • This topic is locked This topic is locked

#1
akozak

akozak

    New Member

  • Member
  • Pip
  • 3 posts
I installed mcafee total protection 2007 and everything started going wrong. first all i could see was the desktop background, the oolbar and all the icons were gone. Then i received a fatal system error. It restarted ok, and everything seemed fine but mcafee kept finding a trojan that keeps sending out emails. I cant get rid of it. Also, i dont have my windows xp media center edition cd. i dont know what to do

here is my hijack this logfile

Logfile of HijackThis v1.99.1
Scan saved at 12:23:48 PM, on 12/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Mcafee\MWL\MWLGui.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Alex\Desktop\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Alex\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1CC38BD5-D397-4EEF-8856-DBD3F08C80D1} - C:\WINDOWS\system32\tbudhndb.dll
O2 - BHO: Microsoft Explorer - {3657900C-451D-8645-8CBA-C735910FA104} - C:\WINDOWS\system\brwctl32.dll
O2 - BHO: CIEPl Object - {3D70343E-636E-4FDC-AFF1-5907C3C4021F} - C:\WINDOWS\system32\dssoundi.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {74CABDF6-E242-41EB-9BBF-021D395E112F} - C:\WINDOWS\system32\apioeddu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NBCUniversal Media Manager Tray] "C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe" /CustomId:NBCUniversal
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\system32\mstask.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min
O4 - HKCU\..\Run: [WinMedia] C:\36110103225640931031.exe
O4 - HKCU\..\Run: [Winstm] C:\36110103225640933593.exe
O4 - HKCU\..\Run: [Winste] C:\36110103225640933593.exe
O4 - HKCU\..\Run: [Winsty] C:\36110103225640933593.exe
O4 - HKCU\..\Run: [Winstt] C:\36110103225640933593.exe
O4 - HKCU\..\Run: [Winstv] C:\36110103225640933593.exe
O4 - HKCU\..\Run: [Winstq] C:\36110103225640933593.exe
O4 - HKCU\..\Run: [Winstg] C:\36110103225640933593.exe
O4 - HKCU\..\Run: [Winstl] C:\36110103225640933593.exe
O4 - HKCU\..\Run: [dlynsmlv] C:\WINDOWS\system32\dlynsmlv.exe
O4 - HKCU\..\Run: [Winstu] C:\36110103225640933593.exe
O4 - HKCU\..\Run: [Winstz] C:\36110103225640933593.exe
O4 - HKCU\..\Run: [Winstk] C:\36110103225640933593.exe
O4 - HKCU\..\Run: [Winsta] C:\36110103225640933593.exe
O4 - HKCU\..\Run: [Winstp] C:\36110103225640933593.exe
O4 - HKCU\..\Run: [Winstf] C:\36110103225640933593.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\1.1.514.27546\GoogleUpdater.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/ch...urce/ImlCID.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: dssoundi - C:\WINDOWS\SYSTEM32\dssoundi.dll
O20 - Winlogon Notify: dupytxfd - C:\WINDOWS\SYSTEM32\dupytxfd.dll
O20 - Winlogon Notify: iatnenvf - C:\WINDOWS\SYSTEM32\iatnenvf.dll
O20 - Winlogon Notify: iqufdylv - iqufdylv.dll (file missing)
O20 - Winlogon Notify: setdrv32 - C:\WINDOWS\SYSTEM32\setdrv32.dll
O20 - Winlogon Notify: tdatlbhg - C:\WINDOWS\SYSTEM32\apioeddu.dll
O20 - Winlogon Notify: uvkcxsoh - uvkcxsoh.dll (file missing)
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Documents and Settings\Alex\Desktop\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBackMonitor - - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello akozak

Welcome to G2Go. :whistling:
My name is Matthew and I will be helping you with your Malware problem.
As I am still in training I will be helping you under supervision of our expert teachers,so there may be a delay between posts.

I will be back with you as soon as possible.
  • 0

#3
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello akosak

You have a very infected log.
This will take quite a few steps to fix.
I will need you to download a few tools to get you cleaned up.

Please download the Killbox by Option^Explicit.

Note:In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.

    After that please download VundoFix.exe to your desktop.

    After that download AVG Anti-Spyware from HERE and save that file to your desktop.
    This is a 30 day trial of the program
    • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
    • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    • On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".<<<<<*This is VERY important*
    • Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
      Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

      Please download ATF Cleaner by Atribune.
      This program is for XP and Windows 2000 only


      I see that you have Limewire in your log.
      Any type of P2P file sharing program is running a security risk.
      It is very easy to download malware without even knowing it through these types of programs.
      See Here for more information on P2P programs.

      I highly recommend removing Limewire.
      (We will do that in a little bit if you choose to.)

      Please re-open Hjthis and hit scan only.
      Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
      O2 - BHO: (no name) - {1CC38BD5-D397-4EEF-8856-DBD3F08C80D1} - C:\WINDOWS\system32\tbudhndb.dll
      O2 - BHO: Microsoft Explorer - {3657900C-451D-8645-8CBA-C735910FA104} - C:\WINDOWS\system\brwctl32.dll
      O2 - BHO: CIEPl Object - {3D70343E-636E-4FDC-AFF1-5907C3C4021F} - C:\WINDOWS\system32\dssoundi.dll
      O2 - BHO: (no name) - {74CABDF6-E242-41EB-9BBF-021D395E112F} - C:\WINDOWS\system32\apioeddu.dll
      O4 - HKCU\..\Run: [WinMedia] C:\36110103225640931031.exe
      O4 - HKCU\..\Run: [Winstm] C:\36110103225640933593.exe
      O4 - HKCU\..\Run: [Winste] C:\36110103225640933593.exe
      O4 - HKCU\..\Run: [Winsty] C:\36110103225640933593.exe
      O4 - HKCU\..\Run: [Winstt] C:\36110103225640933593.exe
      O4 - HKCU\..\Run: [Winstv] C:\36110103225640933593.exe
      O4 - HKCU\..\Run: [Winstq] C:\36110103225640933593.exe
      O4 - HKCU\..\Run: [Winstg] C:\36110103225640933593.exe
      O4 - HKCU\..\Run: [Winstl] C:\36110103225640933593.exe
      O4 - HKCU\..\Run: [dlynsmlv] C:\WINDOWS\system32\dlynsmlv.exe
      O4 - HKCU\..\Run: [Winstu] C:\36110103225640933593.exe
      O4 - HKCU\..\Run: [Winstz] C:\36110103225640933593.exe
      O4 - HKCU\..\Run: [Winstk] C:\36110103225640933593.exe
      O4 - HKCU\..\Run: [Winsta] C:\36110103225640933593.exe
      O4 - HKCU\..\Run: [Winstp] C:\36110103225640933593.exe
      O4 - HKCU\..\Run: [Winstf] C:\36110103225640933593.exe
      O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
      O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
      O20 - Winlogon Notify: dssoundi - C:\WINDOWS\SYSTEM32\dssoundi.dll
      O20 - Winlogon Notify: dupytxfd - C:\WINDOWS\SYSTEM32\dupytxfd.dll
      O20 - Winlogon Notify: iatnenvf - C:\WINDOWS\SYSTEM32\iatnenvf.dll
      O20 - Winlogon Notify: iqufdylv - iqufdylv.dll (file missing)
      O20 - Winlogon Notify: setdrv32 - C:\WINDOWS\SYSTEM32\setdrv32.dll
      O20 - Winlogon Notify: tdatlbhg - C:\WINDOWS\SYSTEM32\apioeddu.dll
      O20 - Winlogon Notify: uvkcxsoh - uvkcxsoh.dll (file missing)


      Now close Hjt.
    • Please double-click Killbox.exe to run it.
    • Select:
      • "Delete on Reboot
      • then Click on the "All Files" button.
    • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C

      C:\WINDOWS\system32\tbudhndb.dll
      C:\WINDOWS\system\brwctl32.dll
      C:\WINDOWS\system32\dssoundi.dll
      C:\WINDOWS\system32\apioeddu.dll
      C:\36110103225640931031.exe
      C:\36110103225640933593.exe
      C:\36110103225640933593.exe
      C:\36110103225640933593.exe
      C:\36110103225640933593.exe
      C:\36110103225640933593.exe
      C:\36110103225640933593.exe
      C:\36110103225640933593.exe
      C:\36110103225640933593.exe
      C:\WINDOWS\system32\dlynsmlv.exe
      C:\36110103225640933593.exe
      C:\36110103225640933593.exe
      C:\36110103225640933593.exe
      C:\36110103225640933593.exe
      C:\36110103225640933593.exe
      C:\36110103225640933593.exe
      C:\WINDOWS\SYSTEM32\dupytxfd.dll
      C:\WINDOWS\SYSTEM32\iatnenvf.dll
      C:\WINDOWS\SYSTEM32\setdrv32.dll
    • Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
    • Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "OK" at any PendingRenameOperations prompt.
    If your computer does not restart automatically, please restart it manually


    After re-boot run Vundo fix. (it is located on your desktop)
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

After that [*]reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

Choose your usual account.

Please go to the Control Panel > Add/Remove Programs and remove the following :
Limewire <<<(Optional)
Bodog Poker

Now close Control Panel.

Now: using Windows Explorer (to get there right-click your Start button and go to "Explore")
Delete these folders listed below:
C:\Program Files\LimeWire
C:\Program Files\Bodog Poker

Exit Windows Explorer.


Next Run AVG-Anti-Spyware:

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
[*]Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
[*]Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
[*]AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
[*]If you have any infections you will prompted, then select "Apply all actions"
[*]Next select the "Reports" icon at the top.
[*]Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
[*]Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

Next run Atf cleaner (it is located on your desktop)
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.


If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu


After that I will need you to rename Hijack this.
To do this:
On your desktop right click on HijackThis.exe and click rename.
Rename it to clean.exe

Please post back with these logs:
*new (renamed hjt log)
*Vundo log
*AVg anti spyware log

  • 0

#4
akozak

akozak

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
can i uninstall mcafee before i follow your instructions, at the moment it is very hard for me to get anything done on my copmputer because mcafee keeps blocking emails and its making the system run very slowly.
  • 0

#5
akozak

akozak

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
i got the where i start the computer in safe mode. when i did that all i could see was a black background that said safe mode. In normal mode all i could see was my background. i had to use msconfig and do a system restore. I think i might just copy all my music and files to an external hard drive, then do a dell pc restore.
  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts

i got the where i start the computer in safe mode. when i did that all i could see was a black background that said safe mode. In normal mode all i could see was my background. i had to use msconfig and do a system restore. I think i might just copy all my music and files to an external hard drive, then do a dell pc restore.


If you do not wish to continue getting help please let me know.
If you do still want help we can start from where your pc is now.
The choice is yours. :whistling:

Otherwise if you continue to have problems please contact a staff member here at G2Go and have this thread re-opened.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Ad-Aware-Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Sywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

IE-SPYAD- puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Cleanup-Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Google- Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.

Trillian or Miranda-These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

Castle Cops To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
  • 0

#7
OwNt

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP