Infected Computer (w/ HJ log)

By chaz123
Apr 25, 2008
Topic Status:
Not open for further replies.
  1. Alright. I'm pretty sure this computer is infected. Always have problems with it. The 2 or 3 scanners I have don't really pick anything up, except for 1 thing (Spybot S&D finds something but can't get rid of it :suspiciou). So whatever it may be, it's hiding pretty well! Also, my computer sometimes restarts randomly. Not sure if its a problem with the hardware or infections. Hoping to fix that.

    Help would be great! Thanks!

    Also, I am only at this computer about every other weekend, so it might be a couple weeks before I get to respond. I'll reply ASAP while im here to speed things up and hope that they can be made too!
  2. Blind Dragon

    Blind Dragon TechSpot Evangelist Posts: 4,048

    Doesn't look too bad, but there is a couple of files on there we need to upload before fixing.


    Show hidden files through windows explorer
    • Access Windows Explorer by clicking Start, point to All Programs, Accesories, and then click Windows Explorer. Or hold the windows key and press E
    • On the Tools menu in Windows Explorer, click Folder Options
    • Click the View tab.
    • Under Hidden files and folders, click Show hidden files and folders
    • Remove the checkmark from the checkbox labeled Hide protected operating system files
    • Remove the checkmark from the checkbox labeled Hide file extensions for known file types
    • Put a checkmark in the checkbox labeled Display the contents of system folders.



    Upload a File to Virustotal
    Please visit Virustotal found HERE
    • Click the Browse... button
    • Navigate to the file C:\WINDOWS\nlcdx1.dll
    • Click the Open button
    • Click the Send button
    • Copy and paste the results back here please.

    Do the same for C:\WINDOWS\System32\opdp.dll
    ----------------------------------------------------------------------
    CCleaner
    • Download from HERE
    • Close all browsers.
    • Run the programme and make sure all the boxes are ticked under the Windows and Applications tabs, Also check All Advanced tabs(except for the Old prefetch Data option, this should be unticked)
    • Click the run cleaner button. Do this several times

    ----------------------------------------------------------------------
    Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    O2 - BHO: IEsys - {58A53F72-7365-11DC-8314-0800200C9D66} - C:\Program Files\IE System\ie-improver.dll
    O2 - BHO: Class - {7F930064-260E-B0C2-9EFB-0727EBD828C3} - C:\WINDOWS\nlcdx1.dll
    O3 - Toolbar: (no name) - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - (no file)
    O4 - HKLM\..\Run: [{307022FF-05FD-1033-0524-020111230001}] "C:\Program Files\Common Files\{307022FF-05FD-1033-0524-020111230001}\Update.exe" te-110-12-0000213
    O4 - HKCU\..\Policies\Explorer\Run: [{307022FF-05FD-1033-0524-020111230001}] "C:\Program Files\Common Files\{307022FF-05FD-1033-0524-020111230001}\Update.exe" te-110-12-0000213
    O18 - Filter: text/plain - {0F7D83CD-3671-4B3F-950B-D0D48877011D} - C:\WINDOWS\System32\opdp.dll
    O21 - SSODL: GqRDnNKO - {30702300-9ADA-89AA-1E42-B60061CE1452} - C:\WINDOWS\System32\cebf.dll (file missing)
    O24 - Desktop Component 0: Warning homepage - C:\WINDOWS\warnhp.html

    Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.

    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

    IE System
    {307022FF-05FD-1033-0524-020111230001}
    <- if there

    Please note any other programs that you don't recognize in that list in your next response.

    Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

    C:\Program Files\Common Files\{307022FF-05FD-1033-0524-020111230001}
    C:\Program Files\IE System


    Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

    C:\WINDOWS\warnhp.html
    C:\WINDOWS\System32\cebf.dll
    C:\WINDOWS\System32\opdp.dll
    C:\WINDOWS\nlcdx1.dll


    After that, Reboot, and post a new HijackThis log here in a reply

    --------------------------

    Run Kaspersky Online AV Scanner

    Order to use it you have to use Internet Explorer.
    Go to Kaspersky and click the Accept button at the end of the page.

    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
    • Read the Requirements and limitations before you click Accept.
    • Allow the ActiveX download if necessary.
    • Once the database has downloaded, click Next.
    • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
    • Click on "My Computer"
    • When the scan has completed, click Save Report As...
    • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
    • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
    Attach the report into your next reply


    So

    1)Virus total results
    2)HJT
    3)kaspersky
  3. chaz123

    chaz123 Newcomer, in training Topic Starter Posts: 24

    Umm... all of those hidden files and folders where already what you wanted them to be when I got there... Is that bad? I know I didn't change them...

    Also I could not find:
    • C:\WINDOWS\System32\opdp.dll

    Here's 3/4 attachments at least!

    Also, you asked to look for anything I didn't recognize in Add/Remove programs (IE System {307022FF-05FD-1033-0524-020111230001} wasn't there). Well, here are the things I'm not sure of:
    • Internet Update
      Ip Wins
      LinkOptimizer
      LiveUpdate 1.6 (Symantec Corporation)
      MSXML 4.0 SP2 Parser and SFK

    And lastly, while I was exploring with Windows Explorer, I found and deleted C:\Program Files\IE System

    I also did find C:\WINDOWS\nlcdx1.del (not .dll). Should I delete that?
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.