Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I keep getting these RUN DLL windows [CLOSED]


  • This topic is locked This topic is locked

#1
Cyborger

Cyborger

    New Member

  • Member
  • Pip
  • 1 posts
Last year my computer caught a virus and I finally got rid of it but I've been having a problem with my computer ever since. The problem is, whenever I turn on my computer and I get to main screen with my icons, these two small windows pop up.

One says:

RUNDLL

Error loading E:\Program Files\xoluzylg\jivoxefg.dll

The specified module could not be found.

The other one says:

RUNDLL

Error loading E:\WINDOWS\system32\txwbyqyp.dll

The specified module could not be found.

Here are some pictures of what they look like. If anyone knows how to get rid of these, please help.

Posted Image Posted Image

Here's the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:54 PM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\system32\LEXBCES.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\LEXPPS.EXE
E:\WINDOWS\Explorer.EXE
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
e:\Program Files\Cox\Applications\App\syssvcnt.exe
E:\Program Files\Symantec AntiVirus\DefWatch.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Symantec AntiVirus\Rtvscan.exe
E:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
E:\Program Files\QuickTime\QTTask.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
E:\WINDOWS\system32\WgaTray.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Documents and Settings\Administrator\My Documents\Important Things\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\Userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0ED8C21C-6657-445E-85A6-34913E87C3A5} - E:\WINDOWS\system32\awtro.dll (file missing)
O2 - BHO: (no name) - {10FEFBB5-3409-28C8-2974-34B60D49F0CE} - E:\WINDOWS\system32\cnqeqjn.dll (file missing)
O2 - BHO: (no name) - {36888FB9-330A-7BAF-2974-34B60D49F1CF} - E:\WINDOWS\system32\kiqi.dll (file missing)
O2 - BHO: (no name) - {36898FB9-330A-7BAF-2974-34B60D49F1CF} - E:\WINDOWS\system32\kiqi.dll (file missing)
O2 - BHO: (no name) - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - (no file)
O2 - BHO: (no name) - {3D4F1889-A568-C0AA-1A17-828DBE24D3C9} - E:\WINDOWS\SYSTEM32\EILEIYT.DLL (file missing)
O2 - BHO: (no name) - {3DF9DDB4-300D-2CFA-2974-34B60D49F2C8} - E:\WINDOWS\system32\zcyb.dll (file missing)
O2 - BHO: (no name) - {40FFF616-E1D9-4DFC-B45B-69396F839FE8} - E:\WINDOWS\system32\cbxwu.dll (file missing)
O2 - BHO: (no name) - {41F0F2BD-3C5F-28CE-2974-34B60D49F3CB} - E:\WINDOWS\system32\tdtfi.dll (file missing)
O2 - BHO: (no name) - {433E128A-D26C-C09A-1A17-828DBE24D3C9} - E:\WINDOWS\SYSTEM32\EILEIYT.DLL (file missing)
O2 - BHO: (no name) - {43FFAAB4-3A0E-2CCE-2974-34B60D49F2C8} - E:\WINDOWS\system32\zcyb.dll (file missing)
O2 - BHO: (no name) - {48FDF8B9-3909-7B9B-2974-34B60D49F1CF} - E:\WINDOWS\system32\kiqi.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {98712648-EEA8-FF5E-89DE-EEABAC720091} - E:\WINDOWS\system32\xsjiwrdg.dll (file missing)
O2 - BHO: (no name) - {B4B5AD2B-3099-2C08-EC58-367611690094} - E:\WINDOWS\system32\qwlmtrn.dll (file missing)
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - E:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (file missing)
O2 - BHO: (no name) - {E603274B-E8AB-FF6A-89DE-EEABAC720091} - E:\WINDOWS\system32\xsjiwrdg.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - (no file)
O4 - HKLM\..\Run: [ESP] E:\Program Files\Cox\Applications\app\start.exe
O4 - HKLM\..\Run: [NI.UERS_0001_N91M2007] "E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CDHRABZG\ErrorSafeFreeInstall[1].exe" -nag
O4 - HKLM\..\Run: [{00-00-00-04-ZN}] E:\Documents and Settings\Administrator\Local Settings\Temp\T0CHD001.exe CHD003
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "E:\WINDOWS\system32\txwbyqyp.dll",sitypnow
O4 - HKLM\..\Run: [mhuzspgl] rundll32.exe "E:\Program Files\xoluzylg\jivoxefg.dll",Init
O4 - HKLM\..\Run: [SC2] E:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Performance Center] E:\Program Files\Ascentive\Performance Center\APCMain.exe -m
O4 - Startup: TA_Start.lnk = E:\Documents and Settings\Administrator\Local Settings\Temp\T0CHD001.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///E:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///E:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///E:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///E:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www3.authenti.../bin/wizard.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O20 - Winlogon Notify: awtro - E:\WINDOWS\system32\awtro.dll (file missing)
O20 - Winlogon Notify: cbxwu - E:\WINDOWS\system32\cbxwu.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ESP Security System Service (AuthSysSvc) - Authentium, Inc. - e:\Program Files\Cox\Applications\App\syssvcnt.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - E:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - E:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - E:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - E:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 8819 bytes

Edited by Cyborger, 01 July 2008 - 08:00 AM.

  • 0

Advertisements


#2
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,


Please download combofix here http://download.blee.../ /ComboFix.exe

It is important that you save this file to your desktop.

Please go here to install the recovery console and for a guide on using combofix.
Please note: Installing the Recovery Console plays a vital part in making this process of cleaning your computer safe, please don't overlook this!

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a Hijack This log in your next reply.

A quick heads up, if you click on combofix's window when it's running, you may cause it to stall.

Edited by Mike, 01 July 2008 - 08:53 AM.

  • 0

#3
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP