• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Keebz

Error Protector

14 posts in this topic

Greetings,

 

Moments ago I saw a few popups flash up on my screen and I've never had popups before. I've never contracted a virus either, but here I am with Outerinfo and ErrorProtector installed on my computer. I'm not sure if ErrorProtector got all the way through because I stopped it in the middle of installing. Either way I have a nasty problem and I'd really love some help and to be popup free! I'm not sure how to go about this but here is my HJT log. That seems to be what people are doing. I'm sorry about not knowing the protocol! I'm just really worried right now. Thanks much.

 

A few notes: My Trend Micro expired quite awhile ago and I don't have any other antivirus other than it.

I run Ad-aware and SpyBot semi-frequently. At least once a week.

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 9:09:04 PM, on 4/21/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\LxrJD31s.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wscntfy.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\updater.exe

C:\PROGRA~1\COMMON~1\CURITY~1\explorer.exe

C:\WINDOWS\F?nts\w?auclt.exe

C:\Program Files\Ipwindows\ipwins.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PCCMAIN.EXE

C:\WINDOWS\system32\mshta.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PccSScan.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Kevin\Desktop\HiJackThis_v2.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\dwwin.exe

C:\Program Files\Internet Explorer\iexplore.exe

 

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 3959 bytes

Edited by Keebz

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi,

 

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

 

Open your Control Panel in *Add/Remove Programs* look for the following

 

Think-Adz Search Assistant

Enhanced Ads by Think-Adz

Surfsidekick

Oin

Yazzle by Oin

YazzleActiveX By OIN

Purityscan by Oin

Snowballwars by Oin

Cowabanga by OIN

(Anything) by OIN

Zolero

Tizzletalk

MediaTickets

Cowabanga

and any other programs you didn't install or don't recognize - if your not sure please ask first

 

If found, click on it and click remove.

 

Do not restart the computer

 

Then, download and run this OiUninstaller.exe uninstaller: follow the instructions on this page.

http://www.outerinfo.com/howto.html

 

When done,

 

Restart the computer in normal mode.

 

Submit a fresh HijackThis log for review.

Share this post


Link to post
Share on other sites

Hello, thanks for your concern. So I tried the uninstaller but my Windows Defender just detected it as severely dangerous spyware and wouldn't let me continue with the operation. I did remove Outerinfo through add/remove programs though. As for an update on my computer protection, I got rid of TrendMicro, which I coudln't update, for AVG which is just the free version. I can post my most current HJT log though. I've run Adaware, Spybot and AVG scans today but everyday they just find the same things over and over again, sadly. The most prominent problems seem to be popups with WinAntivirusPro and other popups as well as something called purityscan. Thanks again, I hope to hear back soon.

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 9:20:41 PM, on 04/26/07

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\LxrJD31s.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Documents and Settings\Kevin\Desktop\Anti-Spyware\HiJackThis_v2.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.google.com/uninstall-feedback.html?hl=en

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {3F9D0C61-737D-44D1-BD80-91AF857061CC} - C:\WINDOWS\system32\ljjjggg.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {57AE4374-2C24-44AB-B220-7CE8171DAE4f} - C:\WINDOWS\system32\nehrpclr.dll (file missing)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: (no name) - {8A9FEC0C-9DED-4794-AF67-93D3847041B0} - C:\WINDOWS\system32\ddaba.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\isdkfnad.dll",setvm

O4 - HKLM\..\Run: [infoData] rundll32.exe "C:\WINDOWS\system32\piohxuyd.dll",realset

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O20 - Winlogon Notify: ddaba - C:\WINDOWS\system32\ddaba.dll

O20 - Winlogon Notify: ljjjggg - ljjjggg.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 7976 bytes

Share this post


Link to post
Share on other sites
Then, download and run this OiUninstaller.exe uninstaller: follow the instructions on this page.

http://www.outerinfo.com/howto.html

 

When done,

 

Restart the computer in normal mode.

 

Repeat this step. Let Windows defender accept this tool. I would not send you to a bad site.

 

Then Submit a fresh HijackThis log.

Share this post


Link to post
Share on other sites

I disabled Windows Defender and ran the uninstaller. Here is my new HJT log.

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 11:34:48 AM, on 04/27/07

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\LxrJD31s.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Kevin\Desktop\Anti-Spyware\HiJackThis_v2.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.google.com/uninstall-feedback.html?hl=en

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {3F9D0C61-737D-44D1-BD80-91AF857061CC} - C:\WINDOWS\system32\ljjjggg.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {57AE4374-2C24-44AB-B220-7CE8171DAE4f} - C:\WINDOWS\system32\nehrpclr.dll (file missing)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: (no name) - {AAB0DE2F-1C1F-4A12-82CF-60EE97914BDE} - C:\WINDOWS\system32\ddaba.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\isdkfnad.dll",setvm

O4 - HKLM\..\Run: [infoData] rundll32.exe "C:\WINDOWS\system32\piohxuyd.dll",realset

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O20 - Winlogon Notify: ddaba - C:\WINDOWS\system32\ddaba.dll

O20 - Winlogon Notify: ljjjggg - ljjjggg.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 8217 bytes

Share this post


Link to post
Share on other sites

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

 

Now the VundoMondo infection.

 

Please download Atribune's VundoFix.exe from this site:

http://www.atribune.org/ccount/click.php?id=4 and place it on your desktop.

 

Double-click VundoFix.exe to run it.

 

Click the Scan for Vundo button.

 

Once it's done scanning, click the Remove Vundo button.

 

You will receive a prompt asking if you want to remove the files,

click YES

 

Once you click yes, your desktop will go blank as it starts removing

Vundo.

 

When completed, it will prompt that it will reboot your computer,

click OK.

  • Close all open Explorer windows and browsers
  • Run HijackThis
  • Click on the Scan button and when complete
  • Put a check beside all of the items listed below
  • Click on the "Fix Checked" button
  • When complete and all files removed, close the application.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: (no name) - {3F9D0C61-737D-44D1-BD80-91AF857061CC} - C:\WINDOWS\system32\ljjjggg.dll (file missing)

O2 - BHO: (no name) - {57AE4374-2C24-44AB-B220-7CE8171DAE4f} - C:\WINDOWS\system32\nehrpclr.dll (file missing)

O2 - BHO: (no name) - {AAB0DE2F-1C1F-4A12-82CF-60EE97914BDE} - C:\WINDOWS\system32\ddaba.dll

O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\isdkfnad.dll",setvm

O20 - Winlogon Notify: ddaba - C:\WINDOWS\system32\ddaba.dll

O20 - Winlogon Notify: ljjjggg - ljjjggg.dll (file missing)

 

Delete these files in bold if found.

 

C:\WINDOWS\system32\ddaba.dll

C:\WINDOWS\system32\isdkfnad.dll

 

Restart the computer to complete the fix.

 

Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)

Panda Online

- Once you are on the Panda site click the Scan your PC button

- A new window will open...click the Check Now button

- Enter your Country

- Enter your State/Province

- Enter your e-mail address and click send

- Select either Home User or Company

- Click the big Scan Now button

- If it wants to install an ActiveX component allow it

- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)

- When download is complete, click on Local Disks to start the scan

- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

 

Copy the results of the ActiveScan and paste them here along with a new HijackThis log and the vundofix.txt file from the vundofix folder into this topic.

Share this post


Link to post
Share on other sites

Hello and thanks much for helping. I started with the Vundo removal then moved onto HJT. I believe that the Vundo remover may have removed at least one of the .dlls that I was supposed to remove with HJT. If that wasn't supposed to happen, then for some reason I couldn't find:

 

O2 - BHO: (no name) - {3F9D0C61-737D-44D1-BD80-91AF857061CC} - C:\WINDOWS\system32\ljjjggg.dll (file missing)

O2 - BHO: (no name) - {57AE4374-2C24-44AB-B220-7CE8171DAE4f} - C:\WINDOWS\system32\nehrpclr.dll (file missing)

O20 - Winlogon Notify: ddaba - C:\WINDOWS\system32\ddaba.dll

 

I'm very sure that ddaba.dll was removed by Vundo and when I went to search for them in the system32 folder it wasn't there along with the other .dll. Here are my reports, but I wasn't sure where to find the Vundofix report. The only new folder I could find was in my C drive called VundoFix Backups. I hope that's it. There weren't any folder on my desktop or anything. Here are my new reports. I look forward to your future posts and thanks much again.

 

 

HJT

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 2:05:12 AM, on 04/29/07

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\LxrJD31s.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Documents and Settings\Kevin\Desktop\Anti-Spyware\HiJackThis_v2.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.google.com/uninstall-feedback.html?hl=en

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {57AE4374-2C24-44AB-B220-7CE8171DAE4f} - C:\WINDOWS\system32\svevlqnn.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\uegtwexg.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [infoData] rundll32.exe "C:\WINDOWS\system32\piohxuyd.dll",realset

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 7971 bytes

 

 

PANDA ONLINE VIRUS SCAN

 

Incident Status Location

 

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\ComboFix\nircmd.cfexe

Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies-1.txt[www.winantiviruspro.com/]

Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies-1.txt[www.winantivirus.com/]

Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies-1.txt[winantivirus.com/]

Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies-1.txt[.winantivirus.com/]

Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies-2.txt[www.winantiviruspro.com/]

Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies-2.txt[www.winantivirus.com/]

Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies-2.txt[winantivirus.com/]

Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies-2.txt[.winantivirus.com/]

Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies-3.txt[.gostats.com/]

Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies-4.txt[.gostats.com/]

Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies-5.txt[.gostats.com/]

Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies-6.txt[www.winantiviruspro.com/]

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies-6.txt[.terra.com.br/]

Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies-6.txt[.adultfriendfinder.com/]

Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies-7.txt[www.winantivirus.com/]

Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies-7.txt[winantivirus.com/]

Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies-7.txt[.winantivirus.com/]

Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies-8.txt[www.winantivirus.com/]

Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies-8.txt[winantivirus.com/]

Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies-8.txt[.winantivirus.com/]

Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies-9.txt[www.winantivirus.com/]

Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies-9.txt[winantivirus.com/]

Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies-9.txt[.winantivirus.com/]

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies.txt[.statcounter.com/]

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies.txt[.phg.hitbox.com/]

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies.txt[.hitbox.com/]

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies.txt[.2o7.net/]

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies.txt[.advertising.com/]

Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies.txt[.xiti.com/]

Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies.txt[.gostats.com/]

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies.txt[.mediaplex.com/]

Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies.txt[.adtech.de/]

Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies.txt[.adultfriendfinder.com/]

Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies.txt[.as-eu.falkag.net/]

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies.txt[.tribalfusion.com/]

Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies.txt[stats1.reliablestats.com/]

Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies.txt[.cs.sexcounter.com/]

Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies.txt[www.winantiviruspro.com/]

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies.txt[.atwola.com/]

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\x0t2paww.default\cookies.txt[.terra.com.br/]

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Kevin\Cookies\kevin@fastclick[1].txt

Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Kevin\Cookies\kevin@findwhat[1].txt

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Kevin\Cookies\kevin@mediaplex[1].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Kevin\Cookies\kevin@zedo[2].txt

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Kevin\Desktop\Anti-Spyware\ComboFix.exe[ComboFixT\nircmd.cfexe]

Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\Kevin\Local Settings\Temp\YazzleBundle-1281.exe

Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\posrfess.dll.bad

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ahwcccpx.dll

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\aqrmihos.dll

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\myjqffpf.dll

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\noismevf.dll

 

VUNDO

C:\WINDOWS\system32\abadd.bak1

C:\WINDOWS\system32\abadd.bak2

C:\WINDOWS\system32\abadd.ini

C:\WINDOWS\system32\ddaba.dll

C:\WINDOWS\system32\ljjjggg.dll

C:\WINDOWS\system32\posrfess.dll

Share this post


Link to post
Share on other sites

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

 

1. Please download The Avenger by Swandog46 to your Desktop.

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Copy all the text in Bold contained in the code box below (including the first line, which is a command to the tool Files to delete: to your Clipboard by highlighting it and pressing (Ctrl+C):

 

Files to Delete:

 

C:\WINDOWS\system32\ahwcccpx.dll

C:\WINDOWS\system32\aqrmihos.dll

C:\WINDOWS\system32\myjqffpf.dll

C:\WINDOWS\system32\noismevf.dll

C:\WINDOWS\system32\abadd.bak1

C:\WINDOWS\system32\abadd.bak2

C:\WINDOWS\system32\abadd.ini

C:\WINDOWS\system32\ddaba.dll

C:\WINDOWS\system32\ljjjggg.dll

C:\WINDOWS\system32\posrfess.dll

C:\WINDOWS\system32\svevlqnn.dll

C:\WINDOWS\system32\uegtwexg.dll

C:\WINDOWS\system32\piohxuyd.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

 

3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

Disable Microsoft Windows Defender:

We need to disable your Microsoft Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.

  • Open Microsoft Windows Defender. Click Start, Programs, Windows Defender
  • Click on Tools, General Settings.
  • Under Real-time protection options, unselect the Turn on real-time protection check box
  • Click Save

After all of the fixes are complete it is very important that you enable Real-time Protection again.

  • Close all open Explorer windows and browsers
  • Run HijackThis
  • Click on the Scan button and when complete
  • Put a check beside all of the items listed below if found.
  • Click on the "Fix Checked" button
  • When complete and all files removed, close the application.

O2 - BHO: (no name) - {57AE4374-2C24-44AB-B220-7CE8171DAE4f} - C:\WINDOWS\system32\svevlqnn.dll

O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\uegtwexg.dll

O4 - HKLM\..\Run: [infoData] rundll32.exe "C:\WINDOWS\system32\piohxuyd.dll",realset

 

Restart the computer to complete the fix.

 

Enable Microsoft Windows Defender.

 

Download CCleaner from here to clean temp files from your computer.

  • Double click on the file to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree.
  • Click next to use the default install location. Click Install then finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • Uncheck "Cookies" under "Internet Explorer".
  • if you are running Firefox: , then click on the "Applications" tab and uncheck "Cookies" under "Firefox".
  • Click Run Cleaner to run the program.
  • Caution : It is not recommended to use the 'Issues' tab as it is known to find legitimate items.
  • After it has completed it's process, click Exit.

5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HijackThis log by using Add/Reply.

Share this post


Link to post
Share on other sites

Hello again. I went through all the steps without a hitch, but after I restarted I was getting a RunDll error for piohxuyd.dll, which is one of the dlls that was removed with the programs. I didn't know if this information was needed or not. Thanks again! I hope my computer will return to full health soon with your help.

 

HJT

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 6:04:08 PM, on 04/29/07

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\LxrJD31s.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\dllhost.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Kevin\Desktop\HiJackThis_v2.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.google.com/uninstall-feedback.html?hl=en

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 7615 bytes

 

Avenger

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\qrrcvqny

 

*******************

 

Script file located at: \??\C:\Documents and Settings\ymykhljf.txt

Script file opened successfully.

 

Script file read successfully

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

File C:\WINDOWS\system32\ahwcccpx.dll deleted successfully.

File C:\WINDOWS\system32\aqrmihos.dll deleted successfully.

File C:\WINDOWS\system32\myjqffpf.dll deleted successfully.

File C:\WINDOWS\system32\noismevf.dll deleted successfully.

 

 

File C:\WINDOWS\system32\abadd.bak1 not found!

Deletion of file C:\WINDOWS\system32\abadd.bak1 failed!

 

Could not process line:

C:\WINDOWS\system32\abadd.bak1

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\abadd.bak2 not found!

Deletion of file C:\WINDOWS\system32\abadd.bak2 failed!

 

Could not process line:

C:\WINDOWS\system32\abadd.bak2

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\abadd.ini not found!

Deletion of file C:\WINDOWS\system32\abadd.ini failed!

 

Could not process line:

C:\WINDOWS\system32\abadd.ini

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\ddaba.dll not found!

Deletion of file C:\WINDOWS\system32\ddaba.dll failed!

 

Could not process line:

C:\WINDOWS\system32\ddaba.dll

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\ljjjggg.dll not found!

Deletion of file C:\WINDOWS\system32\ljjjggg.dll failed!

 

Could not process line:

C:\WINDOWS\system32\ljjjggg.dll

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\posrfess.dll not found!

Deletion of file C:\WINDOWS\system32\posrfess.dll failed!

 

Could not process line:

C:\WINDOWS\system32\posrfess.dll

Status: 0xc0000034

 

File C:\WINDOWS\system32\svevlqnn.dll deleted successfully.

File C:\WINDOWS\system32\uegtwexg.dll deleted successfully.

File C:\WINDOWS\system32\piohxuyd.dll deleted successfully.

 

Completed script processing.

 

*******************

 

Finished! Terminate.

Share this post


Link to post
Share on other sites

Your log is clean.

The error could be caused by some remnant items in the registry.

 

Download the Registry Search Tool from here:

http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip

 

Unzip to your Desktop and double click on regsrch.vbs

(if you have script protection, please allow this to run)

 

In the dialog that opens enter the following:

piohxuyd

 

Press 'OK'

 

The search will run for a while then alert you when it is finished.

 

Press 'OK' and copy the contents of the WordPad window and post in this thread.

Share this post


Link to post
Share on other sites

Sorry for the late reply! I ran the scan and it didn't find anything nor does the rundll error pop up anymore. Everything seems well! Many, many thanks for your help, it's VERY much appreciated! Please take care.

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0