We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Trojan Horse Problem on PC Help!
Comments
-
Hi back at last!
Thanks for all the hard work you have all put in to help me out.
Being not so technically minded but strong willed to give it a go..
Okay you say to go to hijack but me being a bit thick here do i just double click on the icon on my desktop and then what do i do!!0 -
rescan with hijack like you did originally. But this time TICK the ones ive highlighted and click to FIX them:idea:0
-
Evening all
ok here goes
Will get back to you when done!!0 -
TICK these in hijack and click to FIX them ~
C:\PROGRA~1\FREEDO~1\FDM.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: sqvgnrpx - {8D52F0EB-21CC-422D-8042-D2F69614D8A6} - C:\WINDOWS\sqvgnrpx.dll (file missing)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Gquhuhid] rundll32.exe "C:\WINDOWS\ijekumib.dll",Startup
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolb...lerControl.cab
O20 - Winlogon Notify: cbXQHbAQ - cbXQHbAQ.dll (file missing)
Please run COMBOFIX
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be)
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
I have just done them all except the first one
C:\PROGRA~1\FREEDO~1\FDM.exe as it wasn't on the log when I ran the scan. Willl now go and do the COMBOFIX0 -
okay done the combofix
It came up with the following message
This machine does not have the microsoft recovery console installed. Without it Combofix shall not attempt the fixing of some serious infections
Clicked ok anyway to do some of it and then it came up with
REGT.cdxe unable to locate component
This application has failed to start clb.dll was not found. Re-installing the application may fix the problem.
When it all finished it rebooted and then came up with the black screen again and asking fi wanted to use safe mode safe mode with networking etc
What shall i do now please.......0 -
just boot as normal
Ive never known that happen to be honest.
I'll post back here once ive had a think:idea:0 -
Any ideas anyone!
Shall I download and install the clb.dll file and if so where should I go and get it and it's listed so many times on the internet but not sure which one is safe to use
Many thanks0 -
Ok have now transferred the clb.dll file from hubby's computer and put it into system folder.
Re ran the combofix and wey hey it did the stuff!
I know have a very very long report to show you all...
c:\documents and settings\Administrator\Local Settings\Application Data\{D036344F-B585-4B2A-9895-629ADDBE7FC6}
c:\documents and settings\Administrator\Local Settings\Application Data\{D036344F-B585-4B2A-9895-629ADDBE7FC6}\chrome.manifest
c:\documents and settings\Administrator\Local Settings\Application Data\{D036344F-B585-4B2A-9895-629ADDBE7FC6}\chrome\content\_cfg.js
c:\documents and settings\Administrator\Local Settings\Application Data\{D036344F-B585-4B2A-9895-629ADDBE7FC6}\chrome\content\overlay.xul
c:\documents and settings\Administrator\Local Settings\Application Data\{D036344F-B585-4B2A-9895-629ADDBE7FC6}\install.rdf
c:\documents and settings\Ave\Application Data\inst.exe
c:\documents and settings\Ave\Local Settings\Application Data\{EB6D28F7-B476-49F8-A563-BB87149B4284}
c:\documents and settings\Ave\Local Settings\Application Data\{EB6D28F7-B476-49F8-A563-BB87149B4284}\chrome.manifest
c:\documents and settings\Ave\Local Settings\Application Data\{EB6D28F7-B476-49F8-A563-BB87149B4284}\chrome\content\_cfg.js
c:\documents and settings\Ave\Local Settings\Application Data\{EB6D28F7-B476-49F8-A563-BB87149B4284}\chrome\content\overlay.xul
c:\documents and settings\Ave\Local Settings\Application Data\{EB6D28F7-B476-49F8-A563-BB87149B4284}\install.rdf
c:\windows\system32\tjpnvunx.ini
c:\windows\system32\tmp.reg
c:\windows\system32\YIjQYcdd.ini
c:\windows\system32\YIjQYcdd.ini2
\AUTORUN.INF
-- Previous Run --
c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot0 -
part 2 of log
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
\Legacy_CLBDRIVER
\Legacy_CLBDRIVER
((((((((((((((((((((((((( Files Created from 2009-10-04 to 2009-11-04 )))))))))))))))))))))))))))))))
2009-11-04 19:58 . 2006-02-28 12:00 10752 ----a-w- c:\windows\system32\clb.dll
2009-11-04 00:22 . 2009-11-04 00:22
d
w- c:\program files\Trend Micro
2009-11-03 22:58 . 2009-11-03 22:58
d
w- c:\documents and settings\Ave\Application Data\Malwarebytes
2009-11-03 22:58 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-03 22:58 . 2009-11-03 22:58
d
w- c:\program files\Malwarebytes' Anti-Malware
2009-11-03 22:58 . 2009-11-03 22:58
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-03 22:58 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-03 22:50 . 2009-11-03 22:50
d
w- c:\program files\FileHippo.com
2009-11-03 21:48 . 2009-11-03 21:48
d
w- c:\program files\Common Files\Wise Installation Wizard
2009-11-03 21:32 . 2009-11-03 21:32
d
w- c:\documents and settings\All Users\Application Data\Chat Republic Games
2009-11-03 16:35 . 2009-11-03 16:35 70656 ----a-w- c:\windows\system32\dllcache\kdrc.dll
2009-11-03 15:21 . 2009-11-03 15:21
d
w- c:\documents and settings\Ave\Local Settings\Application Data\{88D183CA-44F6-4241-BEBC-8666EE86FF18}
2009-11-03 15:13 . 2009-11-03 16:35 70656 ----a-w- c:\windows\system32\drivers\kdrc.dll
2009-11-03 14:16 . 2009-11-03 14:16 70656 ----a-w- c:\windows\system32\dllcache\d1.dat
2009-11-03 14:16 . 2009-11-03 14:16 62464 ----a-w- c:\windows\system32\dllcache\p1.dat
2009-11-03 14:16 . 2009-11-03 14:16 1033728 ----a-w- c:\windows\system32\dllcache\e1.dat
2009-11-03 14:14 . 2009-11-04 21:02
d
w- c:\windows\system32\dllcache\1693087488
2009-11-03 14:06 . 2009-11-03 14:06 120 ----a-w- c:\windows\Vputacan.dat
2009-11-03 14:06 . 2009-11-03 14:06 0 ----a-w- c:\windows\Cfoqoxuq.bin
2009-11-03 14:06 . 2009-11-03 14:06
d
w- c:\documents and settings\Ave\Local Settings\Application Data\{59511B4C-9214-4DDD-9605-B1BF05768ABD}
2009-11-03 09:16 . 2009-10-06 10:14 3510552 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-10-31 21:17 . 2009-10-31 21:17
d
w- c:\documents and settings\Ave\Local Settings\Application Data\Temp
2009-10-25 18:29 . 2009-10-25 18:29
d
w- c:\documents and settings\Ave\Application Data\Windows Live Writer0 -
Part 3 of log
2009-10-25 18:29 . 2009-10-25 18:30
d
w- c:\documents and settings\Ave\Local Settings\Application Data\Windows Live Writer
2009-10-24 06:33 . 2009-10-24 06:33 2395944 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2009-10-24 06:12 . 2009-10-24 06:12
d
w- c:\program files\LibUSB-Win32
2009-10-24 06:12 . 2007-03-20 10:33 28672 ----a-w- c:\windows\system32\drivers\libusb0.sys
2009-10-24 06:12 . 2007-03-20 10:33 43520 ----a-w- c:\windows\system32\libusb0.dll
2009-10-24 06:10 . 2009-10-24 06:30
d
w- c:\program files\QuickFreedom
2009-10-24 05:53 . 2009-11-02 16:46
d
w- C:\Downloads
2009-10-21 08:23 . 2009-10-06 10:14 2064152 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-10-18 07:07 . 2009-11-04 20:57
d
w- c:\documents and settings\Ave\Application Data\Free Download Manager
2009-10-18 07:06 . 2009-10-18 07:06
d
w- c:\program files\Free Download Manager
2009-10-17 12:50 . 2009-11-03 21:33
d
w- c:\documents and settings\Ave\Local Settings\Application Data\Chat Republic Games
2009-10-17 10:51 . 2009-10-17 10:50 2025752 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
2009-10-10 14:21 . 2009-10-10 14:21
d
w- c:\documents and settings\Ave\Local Settings\Application Data\PCHealth
2009-10-10 08:29 . 2009-10-10 08:29
d
w- c:\windows\system32\XPSViewer
2009-10-10 08:29 . 2009-10-10 08:29
d
w- c:\program files\MSBuild
2009-10-10 08:29 . 2009-10-10 08:29
d
w- c:\program files\Reference Assemblies
2009-10-10 08:28 . 2008-07-06 12:06 89088
w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-10 08:28 . 2008-07-06 12:06 575488
w- c:\windows\system32\xpsshhdr.dll
2009-10-10 08:28 . 2008-07-06 12:06 575488
w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-10 08:28 . 2008-07-06 12:06 1676288
w- c:\windows\system32\xpssvcs.dll
2009-10-10 08:28 . 2008-07-06 12:06 1676288
w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-10 08:28 . 2008-07-06 12:06 117760
w- c:\windows\system32\prntvpt.dll
2009-10-10 08:28 . 2008-07-06 10:50 597504
w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-10 08:28 . 2009-10-10 08:29
d
w- C:\d20aafbb8fffd67c40079b
2009-10-10 08:24 . 2009-10-10 08:24
d
w- c:\program files\MSXML 6.0
2009-10-09 15:36 . 2009-10-10 14:17
d
w- c:\program files\Microsoft Silverlight
2009-10-09 15:30 . 2009-10-09 15:30
d
w- c:\program files\Microsoft Sync Framework
2009-10-09 15:29 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-10-09 15:29 . 2009-10-09 15:29
d
w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-09 15:24 . 2009-10-09 15:24
d
w- c:\program files\Microsoft
2009-10-07 14:00 . 2009-10-06 10:13 1142552 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.6K Banking & Borrowing
- 254.2K Reduce Debt & Boost Income
- 455.1K Spending & Discounts
- 246.7K Work, Benefits & Business
- 603.1K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.7K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards