We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide

Trojan Horse Problem on PC Help!

1235

Comments

  • Hi back at last!
    Thanks for all the hard work you have all put in to help me out.
    Being not so technically minded but strong willed to give it a go..
    Okay you say to go to hijack but me being a bit thick here do i just double click on the icon on my desktop and then what do i do!!
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    rescan with hijack like you did originally. But this time TICK the ones ive highlighted and click to FIX them
    :idea:
  • Evening all
    ok here goes
    Will get back to you when done!!
  • aliEnRIK wrote: »
    TICK these in hijack and click to FIX them ~
    C:\PROGRA~1\FREEDO~1\FDM.exe
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: sqvgnrpx - {8D52F0EB-21CC-422D-8042-D2F69614D8A6} - C:\WINDOWS\sqvgnrpx.dll (file missing)
    O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Gquhuhid] rundll32.exe "C:\WINDOWS\ijekumib.dll",Startup
    O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolb...lerControl.cab
    O20 - Winlogon Notify: cbXQHbAQ - cbXQHbAQ.dll (file missing)


    Please run COMBOFIX

    Follow the simple instructions it gives
    Post the COMPLETE log it creates here (Split into sections if need be)

    If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download


    I have just done them all except the first one
    C:\PROGRA~1\FREEDO~1\FDM.exe as it wasn't on the log when I ran the scan. Willl now go and do the COMBOFIX
  • okay done the combofix
    It came up with the following message

    This machine does not have the microsoft recovery console installed. Without it Combofix shall not attempt the fixing of some serious infections

    Clicked ok anyway to do some of it and then it came up with

    REGT.cdxe unable to locate component
    This application has failed to start clb.dll was not found. Re-installing the application may fix the problem.

    When it all finished it rebooted and then came up with the black screen again and asking fi wanted to use safe mode safe mode with networking etc

    What shall i do now please.......
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    just boot as normal

    Ive never known that happen to be honest.

    I'll post back here once ive had a think
    :idea:
  • Any ideas anyone!

    Shall I download and install the clb.dll file and if so where should I go and get it and it's listed so many times on the internet but not sure which one is safe to use
    Many thanks
  • Ok have now transferred the clb.dll file from hubby's computer and put it into system folder.

    Re ran the combofix and wey hey it did the stuff!
    I know have a very very long report to show you all...

    c:\documents and settings\Administrator\Local Settings\Application Data\{D036344F-B585-4B2A-9895-629ADDBE7FC6}
    c:\documents and settings\Administrator\Local Settings\Application Data\{D036344F-B585-4B2A-9895-629ADDBE7FC6}\chrome.manifest
    c:\documents and settings\Administrator\Local Settings\Application Data\{D036344F-B585-4B2A-9895-629ADDBE7FC6}\chrome\content\_cfg.js
    c:\documents and settings\Administrator\Local Settings\Application Data\{D036344F-B585-4B2A-9895-629ADDBE7FC6}\chrome\content\overlay.xul
    c:\documents and settings\Administrator\Local Settings\Application Data\{D036344F-B585-4B2A-9895-629ADDBE7FC6}\install.rdf
    c:\documents and settings\Ave\Application Data\inst.exe
    c:\documents and settings\Ave\Local Settings\Application Data\{EB6D28F7-B476-49F8-A563-BB87149B4284}
    c:\documents and settings\Ave\Local Settings\Application Data\{EB6D28F7-B476-49F8-A563-BB87149B4284}\chrome.manifest
    c:\documents and settings\Ave\Local Settings\Application Data\{EB6D28F7-B476-49F8-A563-BB87149B4284}\chrome\content\_cfg.js
    c:\documents and settings\Ave\Local Settings\Application Data\{EB6D28F7-B476-49F8-A563-BB87149B4284}\chrome\content\overlay.xul
    c:\documents and settings\Ave\Local Settings\Application Data\{EB6D28F7-B476-49F8-A563-BB87149B4284}\install.rdf
    c:\windows\system32\tjpnvunx.ini
    c:\windows\system32\tmp.reg
    c:\windows\system32\YIjQYcdd.ini
    c:\windows\system32\YIjQYcdd.ini2
    D:\AUTORUN.INF
    -- Previous Run --
    c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot
  • part 2 of log

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    \Legacy_CLBDRIVER
    \Legacy_CLBDRIVER

    ((((((((((((((((((((((((( Files Created from 2009-10-04 to 2009-11-04 )))))))))))))))))))))))))))))))

    2009-11-04 19:58 . 2006-02-28 12:00 10752 ----a-w- c:\windows\system32\clb.dll
    2009-11-04 00:22 . 2009-11-04 00:22
    d
    w- c:\program files\Trend Micro
    2009-11-03 22:58 . 2009-11-03 22:58
    d
    w- c:\documents and settings\Ave\Application Data\Malwarebytes
    2009-11-03 22:58 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-11-03 22:58 . 2009-11-03 22:58
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2009-11-03 22:58 . 2009-11-03 22:58
    d
    w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-11-03 22:58 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-11-03 22:50 . 2009-11-03 22:50
    d
    w- c:\program files\FileHippo.com
    2009-11-03 21:48 . 2009-11-03 21:48
    d
    w- c:\program files\Common Files\Wise Installation Wizard
    2009-11-03 21:32 . 2009-11-03 21:32
    d
    w- c:\documents and settings\All Users\Application Data\Chat Republic Games
    2009-11-03 16:35 . 2009-11-03 16:35 70656 ----a-w- c:\windows\system32\dllcache\kdrc.dll
    2009-11-03 15:21 . 2009-11-03 15:21
    d
    w- c:\documents and settings\Ave\Local Settings\Application Data\{88D183CA-44F6-4241-BEBC-8666EE86FF18}
    2009-11-03 15:13 . 2009-11-03 16:35 70656 ----a-w- c:\windows\system32\drivers\kdrc.dll
    2009-11-03 14:16 . 2009-11-03 14:16 70656 ----a-w- c:\windows\system32\dllcache\d1.dat
    2009-11-03 14:16 . 2009-11-03 14:16 62464 ----a-w- c:\windows\system32\dllcache\p1.dat
    2009-11-03 14:16 . 2009-11-03 14:16 1033728 ----a-w- c:\windows\system32\dllcache\e1.dat
    2009-11-03 14:14 . 2009-11-04 21:02
    d
    w- c:\windows\system32\dllcache\1693087488
    2009-11-03 14:06 . 2009-11-03 14:06 120 ----a-w- c:\windows\Vputacan.dat
    2009-11-03 14:06 . 2009-11-03 14:06 0 ----a-w- c:\windows\Cfoqoxuq.bin
    2009-11-03 14:06 . 2009-11-03 14:06
    d
    w- c:\documents and settings\Ave\Local Settings\Application Data\{59511B4C-9214-4DDD-9605-B1BF05768ABD}
    2009-11-03 09:16 . 2009-10-06 10:14 3510552 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
    2009-10-31 21:17 . 2009-10-31 21:17
    d
    w- c:\documents and settings\Ave\Local Settings\Application Data\Temp
    2009-10-25 18:29 . 2009-10-25 18:29
    d
    w- c:\documents and settings\Ave\Application Data\Windows Live Writer
  • Part 3 of log

    2009-10-25 18:29 . 2009-10-25 18:30
    d
    w- c:\documents and settings\Ave\Local Settings\Application Data\Windows Live Writer
    2009-10-24 06:33 . 2009-10-24 06:33 2395944 ----a-w- c:\windows\system32\pbsvc_heroes.exe
    2009-10-24 06:12 . 2009-10-24 06:12
    d
    w- c:\program files\LibUSB-Win32
    2009-10-24 06:12 . 2007-03-20 10:33 28672 ----a-w- c:\windows\system32\drivers\libusb0.sys
    2009-10-24 06:12 . 2007-03-20 10:33 43520 ----a-w- c:\windows\system32\libusb0.dll
    2009-10-24 06:10 . 2009-10-24 06:30
    d
    w- c:\program files\QuickFreedom
    2009-10-24 05:53 . 2009-11-02 16:46
    d
    w- C:\Downloads
    2009-10-21 08:23 . 2009-10-06 10:14 2064152 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
    2009-10-18 07:07 . 2009-11-04 20:57
    d
    w- c:\documents and settings\Ave\Application Data\Free Download Manager
    2009-10-18 07:06 . 2009-10-18 07:06
    d
    w- c:\program files\Free Download Manager
    2009-10-17 12:50 . 2009-11-03 21:33
    d
    w- c:\documents and settings\Ave\Local Settings\Application Data\Chat Republic Games
    2009-10-17 10:51 . 2009-10-17 10:50 2025752 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
    2009-10-10 14:21 . 2009-10-10 14:21
    d
    w- c:\documents and settings\Ave\Local Settings\Application Data\PCHealth
    2009-10-10 08:29 . 2009-10-10 08:29
    d
    w- c:\windows\system32\XPSViewer
    2009-10-10 08:29 . 2009-10-10 08:29
    d
    w- c:\program files\MSBuild
    2009-10-10 08:29 . 2009-10-10 08:29
    d
    w- c:\program files\Reference Assemblies
    2009-10-10 08:28 . 2008-07-06 12:06 89088
    w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2009-10-10 08:28 . 2008-07-06 12:06 575488
    w- c:\windows\system32\xpsshhdr.dll
    2009-10-10 08:28 . 2008-07-06 12:06 575488
    w- c:\windows\system32\dllcache\xpsshhdr.dll
    2009-10-10 08:28 . 2008-07-06 12:06 1676288
    w- c:\windows\system32\xpssvcs.dll
    2009-10-10 08:28 . 2008-07-06 12:06 1676288
    w- c:\windows\system32\dllcache\xpssvcs.dll
    2009-10-10 08:28 . 2008-07-06 12:06 117760
    w- c:\windows\system32\prntvpt.dll
    2009-10-10 08:28 . 2008-07-06 10:50 597504
    w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2009-10-10 08:28 . 2009-10-10 08:29
    d
    w- C:\d20aafbb8fffd67c40079b
    2009-10-10 08:24 . 2009-10-10 08:24
    d
    w- c:\program files\MSXML 6.0
    2009-10-09 15:36 . 2009-10-10 14:17
    d
    w- c:\program files\Microsoft Silverlight
    2009-10-09 15:30 . 2009-10-09 15:30
    d
    w- c:\program files\Microsoft Sync Framework
    2009-10-09 15:29 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
    2009-10-09 15:29 . 2009-10-09 15:29
    d
    w- c:\program files\Microsoft SQL Server Compact Edition
    2009-10-09 15:24 . 2009-10-09 15:24
    d
    w- c:\program files\Microsoft
    2009-10-07 14:00 . 2009-10-06 10:13 1142552 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 353.6K Banking & Borrowing
  • 254.2K Reduce Debt & Boost Income
  • 455.1K Spending & Discounts
  • 246.7K Work, Benefits & Business
  • 603.1K Mortgages, Homes & Bills
  • 178.1K Life & Family
  • 260.7K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.