0

Hi,
Thanks for anyone that wants to help. I read a few threads about this reoccuring issue & i believe i have the same sort of problem. I ran hijackthis, followed the same intruction & deleted the files from HD but they seem to almost always appear again on next startup as if they install automatically. Is there a permanent way to remove these files.


Will post Hijackthis logfile if necessary, but it is clean compared to others with same problem. The files just keep popping up on every restart.....

also computer is slower when they do pop up again (this is how i can tell they have magically reappeared.

regards,
mimidog

3
Contributors
18
Replies
19
Views
8 Years
Discussion Span
Last Post by crunchie
Featured Replies
  • [QUOTE]i have followed judy's instruction to the best of my ability & my computer is still slow, does not respond on shutdown & has some unknown dll on startup in msconfig. Any other ideas other than malwarebytes?[/QUOTE] MBA-M was NOT run correctly it it had been the infection would be … Read More

  • No anger whatsoever :). Just telling the truth. Go check out all our other posts to see how we help out 'noob's.' All we are asking is that you follow direction. If you cannot do that, that is not [i]my[/i] problem. BTW I am not an admin and neither is … Read More

0

Hi and welcome to daniweb,
Think people have a misconception about HiJackThis. It is NOT really a "fixer" program. It is a program used to get a "snapshot" of what may be running on a computer and that is the way it should be thought of, period. Yes, at times, fixes are done with HiJackThis but only AFTER all other clean-up steps are finished. Just fixing something with HJT doesn't usually remove an infected file from the computer, it just removes it from the log, maybe from auto starting and the like. But it DOESN'T fix anything really. Plus, by using HJT to attempt to fix can actually cause problems IF you remove the wrong program from auto starts or services.
Also, just because another thread sounds like what a person's computer is doing and then following those same steps could also lead to disaster. Many infections exhibit the same symptoms BUT require different solutions.
Please begin with these steps:
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

If you are unable to update MBA-M, go to http://www.gt500.org/malwarebytes/database.jsp and download the latest database, then run it.

Reboot the computer

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.

* Be sure the option to Remove found threats is and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.
Reboot the computer
Run a Full System Scan with HJT and save the log.
Post back here with the MBA-M log, the ESET Scanner log and finally with the HJT log.
Judy

0

hi,
thanks for the info, i did everything you said including the online scan. I do not have any antivirus software as i have not found one that really works.

Below is my hijack log which shows the rundll32.exe file having been created again after i removed it on the last restart. This time is has a different name "mbjdkdma.dll".

P.S. fixing this in hjthis & deleting it in system32 will only stop it temporarily. It will popup again on restart with a different name......

Logfile of HijackThis v1.99.1
Scan saved at 16:26:58, on 4/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\K-Meleon\k-meleon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [08731529] rundll32.exe "C:\WINDOWS\system32\mbjdkdma.dll",b
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\rsvpsp.dll' missing
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00D5ABE.dat
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

0

You need to follow Judy's directions. Where is the MBA-M log?
Your hijackthis version is about 3 years out of date.
Run Hijackthis then select "View the list of backups." Place a tick next to every entry in the list and then hit the "Restore" button on the right.
Close Hijackthis.
Uninstall Hijackthis from add/remove programs, then download the latest version.
Download and run MBA-M as per Judy's instructions. Reboot when done.
Scan with Hijackthis and post both it's log and MBA-M's log.

0

Hi Crunchie,
Sorry, where do i get the latest versions of hijack & Malwarebytes?

From this log, is it possible to see what is making my computer slow.....

regards,
Mimidog

0

letmegooglethatforyou
Judy provided a link for MBA-M in her post.

Yes I can see the problem, but you need to run MBA-M to fix them.

well thats good to hear.

So the latest version of hijack is 2.02 & malwarebytes is 1.36?
(just making sure)

so all i have to do is run these and it will be fixed?
will post logs soon. Thanks

regards,
mimidog

0

well thats good to hear.

So the latest version of hijack is 2.02 & malwarebytes is 1.36?
(just making sure)
regards,
mimidog

Obviously those are the latest versions, why would we post links to OLD versions?

so all i have to do is run these and it will be fixed?

Not necessarily.

0

I do not have any antivirus software as i have not found one that really works.

This by the way, is one of the silliest statements I have ever heard. There are numerous anti-virus programs available which work very well, some you have to pay for and some are FREE. What is the point of cleaning a computer if you don't use an anti-virus program?

0

This by the way, is one of the silliest statements I have ever heard. There are numerous anti-virus programs available which work very well, some you have to pay for and some are FREE. What is the point of cleaning a computer if you don't use an anti-virus program?

its just that i've tried nearly all of them & they seem like a waste of time. Some are rogues, others just drink up ur memory & others just don't detect anything. I'd rather fix problems they way you guys do, that way i learn a lot more & don't have to bother with programs & such.

will post logs now.
regards,
mimidog

0

The problem with that, is that when you do get infected, you will spread the infection around the internet!

0

its just that i've tried nearly all of them & they seem like a waste of time. Some are rogues, others just drink up ur memory & others just don't detect anything. I'd rather fix problems they way you guys do, that way i learn a lot more & don't have to bother with programs & such.

will post logs now.
regards,
mimidog

IF you would bother to read PC Protection - How To Avoid Infections
You will NOT find Rogue programs. You will find LEGITIMATE, GOOD, TRUSTWORTHY protection programs.
You would rather fix problems the way we do...WE don't have any problems personally, we are helping others who have problems. Do you know why WE don't have any problems with computer infections? Because WE use anti-virus programs, we use firewalls, we use anti-malware applications to protect us from computer users like you That said.....
even if you wanted to "fix problems the way you guys do"...you HAVE NOT. You have not followed one bit of instruction we have given to you.
No, the way YOU try to fix a computer is to delete rundll32.exe...you ARE aware that RUNDLL32.EXE IS a legitimate Windows File and that not all instances of it are bad? Probably not.

crunchie
The problem with that, is that when you do get infected, you will spread the infection around the internet!

You are absolutely right Crunchie, but he doesn't care.

0

IF you would bother to read PC Protection - How To Avoid Infections
You will NOT find Rogue programs. You will find LEGITIMATE, GOOD, TRUSTWORTHY protection programs.
You would rather fix problems the way we do...WE don't have any problems personally, we are helping others who have problems. Do you know why WE don't have any problems with computer infections? Because WE use anti-virus programs, we use firewalls, we use anti-malware applications to protect us from computer users like you That said.....
even if you wanted to "fix problems the way you guys do"...you HAVE NOT. You have not followed one bit of instruction we have given to you.
No, the way YOU try to fix a computer is to delete rundll32.exe...you ARE aware that RUNDLL32.EXE IS a legitimate Windows File and that not all instances of it are bad? Probably not.

You are absolutely right Crunchie, but he doesn't care.

Look, no need to have a go at me, i've just been answering your questions.

I apologise if i've offended you, i'm just after a bit of help. As you can probably tell i'm a noob, but i want to learn & care enough to do whatever you guys tell me......

this is my hijack log (latest version):
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:39:47, on 4/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zamaan's Software\System Up Time Monitor 5.0\SystemUpTimeMonitor.exe
C:\Program Files\K-Meleon\k-meleon.exe
C:\Program Files\uTorrent\utorrent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [08731529] rundll32.exe "C:\WINDOWS\system32\qiyofcek.dll",b
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\rsvpsp.dll' missing
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00D5ABE.dat
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--

& the Malware-bytes log:
Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

4/29/2009 21:38:00
mbam-log-2009-04-29 (21-37-50).txt

Scan type: Full Scan (C:\|D:\|G:\|H:\|)
Objects scanned: 75859
Time elapsed: 12 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 12
Registry Values Infected: 3
Registry Data Items Infected: 7
Folders Infected: 0
Files Infected: 170

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\qiyofcek.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\vtUmMedA.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\tnrnfn.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\xlrtmwss.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\__c00D5ABE.dat (Trojan.Agent) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{81c9216b-38a7-446d-a179-3ad298467860} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{81c9216b-38a7-446d-a179-3ad298467860} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{df8a37cd-783f-475b-a366-8d888b802ee0} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{df8a37cd-783f-475b-a366-8d888b802ee0} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{41b88b2b-dd1a-4942-ba14-c066138f85f1} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{81c9216b-38a7-446d-a179-3ad298467860} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df8a37cd-783f-475b-a366-8d888b802ee0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\08731529 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{41b88b2b-dd1a-4942-ba14-c066138f85f1} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{41b88b2b-dd1a-4942-ba14-c066138f85f1} (Trojan.Vundo.H) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\vtummeda -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\vtummeda -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: c:\windows\system32\__c00d5abe.dat -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\tnrnfn.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\vtUmMedA.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\AdeMmUtv.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\AdeMmUtv.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\dacmccjl.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ljccmcad.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\gvwkspsd.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\dspskwvg.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jooilnpx.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\xpnliooj.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jpbkltti.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ittlkbpj.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\lwecyhxt.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\txhycewl.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\qiyofcek.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\kecfoyiq.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\tlsppcab.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\bacppslt.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\udekusdf.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fdsukedu.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\umoarkfi.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ifkraomu.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\xlrtmwss.dll (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\hbpwswas.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\pybpninj.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\pyfffypo.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\hxmerswq.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OJQ3G5UJ\index[2] (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OJQ3G5UJ\qw[1] (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\afnytlal.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\alegqiii.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\alsgqpcw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\icwvth.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ifryrz.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\bqrpbm.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\cfcxmese.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\cgjneici.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\djmawypp.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\dkvvvv.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\dspqnw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\kckqxk.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\kdrvbx.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\kjtntkwk.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\knlxjl.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mczaum.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\puqgvldd.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pvowky.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pyvbrc.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\qoMcyXpM.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\qprlykbl.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\sfvbjnsf.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\uelqwhob.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\uisjoj.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ujbpki.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ukdljo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\cqrzuy.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\dnrlheat.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\dnukqykd.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\eytbwrob.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fdqcqs.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ghqctlkx.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gmuzko.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gpwiculf.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gujiwbeg.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gvheqz.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gvwkkfts.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gwvrba.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gxvrhiri.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\hgbthfnm.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\iqgwwc.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\isqbmrtf.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jejyxghg.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jhillw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jufqawck.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\njxkmdky.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nwpwfwlm.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\odcethyr.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\odpbfqwu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\oificjjb.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ojtdsmlw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rdqrdlkt.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rempwh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rguopk.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rkkdns.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rooaaflj.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ssswyn.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\svhckoli.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\utsieaai.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vefytqtj.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wpwamqnc.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wygkze.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lxwjrp.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\tauxrowm.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\tnvaku.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\tperxd.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\sbqmctoe.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\avneqvme.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ayknor.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\bmudcaio.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\bnmaweot.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fhwdvthu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fsdlcawp.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fxpacd.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pneqdvcs.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ykwslnpm.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ysjpgcdp.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yxmcse.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\zgifud.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\zgwjir.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\zntkhh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\zwxmyd.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\hvvfmaod.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\hwqrjmed.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\hylpse.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\egagugoc.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\egvcjnrq.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\eiebox.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ldfdhaty.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lildlogx.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lmchob.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wggjkrqm.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\outbuuun.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ouwqqqnc.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\oxtuxkwx.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\oxzryr.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\oykjkync.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pdlgcpwa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\peuyjhwg.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pkdxhnpc.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ddcCTkjG.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\detngqfr.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rpousdoe.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rxozfo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\xqkdja.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\__c0012BC4.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c002ACBC.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c002C618.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c00366FF.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c003839E.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c003C51C.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c003E400.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c0040A48.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c00471F8.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c00474BA.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c004895E.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c0052CA1.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c0056E82.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c005D31.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c0070926.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c0070BA0.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c007624A.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c0079831.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c0083D90.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c0084D5D.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c008B569.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c0094EF4.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c00959B7.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c00984D9.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c00A31A6.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c00BDD9E.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c00D058C.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c00D5ABE.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c00D9BD6.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c00E8596.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c00F24D0.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c00FB850.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dxyclqbn.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\afqvxqyd.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\opnylbat.dll (Trojan.Vundo) -> No action taken.

0

but i want to learn & care enough to do whatever you guys tell me......

Ok, but you still have not done that.

Database version: 1945

Latest database is 2058

No action taken.

You were asked to have MBA-M remove everything. The log says you did nothing?

Really, it is not that hard to follow instructions. We could have had you cleaned up by now.

What I would like you to understand from a helpers point of view, is that you are not the only one we help. We generally help out on several forums, helping numerous ppl.
For every 1 person who follows instructions, there are probably twice that many who do not and decide to do their own thing, or do not read the instructions through thoroughly.
This is very frustrating at times and does nothing to encourage the helper to make an effort in future.
Really, the onus is on those who come for help to do the right thing when someone takes time out of there lives to help others for no other reward than a thank you. Sometimes even that is forgotten :(.

Anyway, as I have already posted already, I suggest you go back and read Judy's instructions again and follow them a little closer.

0

Ok, but you still have not done that.

Latest database is 2058

You were asked to have MBA-M remove everything. The log says you did nothing?

Really, it is not that hard to follow instructions. We could have had you cleaned up by now.

What I would like you to understand from a helpers point of view, is that you are not the only one we help. We generally help out on several forums, helping numerous ppl.
For every 1 person who follows instructions, there are probably twice that many who do not and decide to do their own thing, or do not read the instructions through thoroughly.
This is very frustrating at times and does nothing to encourage the helper to make an effort in future.
Really, the onus is on those who come for help to do the right thing when someone takes time out of there lives to help others for no other reward than a thank you. Sometimes even that is forgotten :(.

Anyway, as I have already posted already, I suggest you go back and read Judy's instructions again and follow them a little closer.

well that's all well & good but it doesn't justify taking out frustration on someone that requires assistance. I'd rather a "can't help you, sorry" than an unreasonable lecture on my stupidity......

i have followed judy's instruction to the best of my ability & my computer is still slow, does not respond on shutdown & has some unknown dll on startup in msconfig. Any other ideas other than malwarebytes?

1

i have followed judy's instruction to the best of my ability & my computer is still slow, does not respond on shutdown & has some unknown dll on startup in msconfig. Any other ideas other than malwarebytes?

MBA-M was NOT run correctly it it had been the infection would be gone, it is NOT. How do we know it was NOT run correctly? Because the logs show it was not.
#1. As Crunchie noted, your scan was done with Database version: 1945, that is an OLD database. MBA-M has updates daily, at the very least, sometimes more than once a day. So you are at the very least more than 100 databases behind.
Instructions read as follows:

# DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
# Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
# If an update is found, it will download and install the latest version.

#2. Your log shows NO ACTION TAKEN. The instructions clearly read: Be sure that everything is checked, and click Remove Selected. You did not do this.
#3. The instructions next clearly say:

Reboot the Computer


IF you had rebooted the computer there would NOT have only been 1 minute between the start of MBA-M scan which was begun at 21:38:00 and the start of the HJT scan which was done at 21:39. Plus your MBA-M Full scan only took 12 minutes. Way too short a time for a Full System Scan which should probably take at least an hour. But NOT too short if the scan was interrupted, which it obviously was by the HiJackThis scan.
Your MBA-M log shows with this interrupted scan at least 197 infected files on the computer, which were NOT removed because you did not follow the instructions to select and Remove. Plus, because you used a grossly out of date database it is VERY LIKELY there are a LOT more than 197 infected files on the computer, and because you didn't remove the ones found those infected files very well could have brought MORE infection onto the computer.
You have a very viscious infection on the computer, a VUNDO infection. The longer you refuse to follow instructions EXACTLY the worse it will become ending up with the loss of valued files, the damage of many programs on the computer, the corruption key system files, passing the infection onto others and the likely requirement of a FULL REFORMAT of the computer.
How did you get this infections...no protection programs and very likely P2P file sharing because I see uTorrent RUNNING on the computer when the scans were attempted.

Take your choice Follow instructions EXACTLY as given choose "can't help you, sorry" route and Reformat your computer.

0

well that's all well & good but it doesn't justify taking out frustration on someone that requires assistance. I'd rather a "can't help you, sorry" than an unreasonable lecture on my stupidity......

As I said, you are the person with the infection. you are the person seeking help. The onus is on you to follow instructions.

Any other ideas other than malwarebytes?

NO. You cannot follow the instructions for running MBA-M, how do we know you will follow any other instructions given?

-2

As I said, you are the person with the infection. you are the person seeking help. The onus is on you to follow instructions.
NO. You cannot follow the instructions for running MBA-M, how do we know you will follow any other instructions given?

Geez, sorry i asked.......
i hope others don't expect any help from pros like yourselves coz they will be met with hostility & anger....

p.s. this site should have some noob friendly admin

goodbye!

Votes + Comments
I gladly will work with anyone who is willing to give their best effort to follow instructions. You did not. There is no 'magic" button here to clean computers. The "magic button" is on the infected computer, Remove Selected. You chose not to push it
Sorry you had to give me bad rep for being honest. All I tried to do was help you, but you chose not to listen.
1

No anger whatsoever :). Just telling the truth. Go check out all our other posts to see how we help out 'noob's.'
All we are asking is that you follow direction. If you cannot do that, that is not my problem.

BTW I am not an admin and neither is Judy.

Votes + Comments
Well said - you were more than patient with them, despite their continued inability to pay any attention at all.
This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.