Trojans & Sagijul - Help out the b-day girl for free karma

Status
Not open for further replies.
Hi!!!

Not sure what happened or how I got here, but I had some virus thing show up on McAfee and it said the Trojan was removed. However, I now have pop ups going like crazy. I did the 8 steps, and was hoping someone could check it out!!!

All of my logs are attached.

I have a Dell, Inspiron 1505.

Thanks to all the good ladies and men that help out. I'm sorry, but I'm somewhat of a doofus when it comes to computers!!

Ooops, I had one more question.

All of my system restore points have disappeared! They were there earlier, but now they're gone. How should I handle that? Is it bad???

I'm really freaked about this, so I'm sorry for being a pest.

I have yet another question though - Can I just follow the instructions provided for other people with the same problem? It looks like a lot of people are after all.

Thanks!!! Thanks!!!
 
Please re-run HijackThis, and place a tick next to the following entries:
O2 - BHO: (no name) - {541759D2-4DB9-4B21-9CEA-B7EDDEC42E31} - C:\WINDOWS\system32\iifdbBrP.dll (file missing)
O2 - BHO: {c1e7e5a1-5e6c-f61a-e084-68a128235790} - {09753282-1a86-480e-a16f-c6e51a5e7e1c} - C:\WINDOWS\system32\qnvusk.dll
O2 - BHO: (no name) - {541759D2-4DB9-4B21-9CEA-B7EDDEC42E31} - C:\WINDOWS\system32\iifdbBrP.dll (file missing)
O4 - HKLM\..\Run: [Bwehimovumax] rundll32.exe "C:\WINDOWS\Htakuyagasuti.dll",e
O4 - HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msiexec.exe] msiconf.exe (User 'Default user')
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL qnvusk.dll
O20 - Winlogon Notify: hgGawVNh - hgGawVNh.dll (file missing)
Then press Fix to remove all entries

I would highly suggest that you un-install McAfee (it didn't help you with all these found issues!)
Then install the free (but way better) Antivirus => Avira
Then update it and run a full scan (it will highly likely find Viruses to remove)

Then re-run Malwarebytes. BUT you must update it first (presently the definitions you have installed are old)
Then run a full scan with Malwarebytes

There is one more BIG issue.
You have way too many Windows shortcuts startups. You will probably see some (not all) near your clock on the taskbar. Do your best at opening them up (sometimes double click, sometimes right click on the icon) And locate the automatic startup (if any have this setting) and turn it off.
You can run a really easy program like : Startup Control Panel but only disable (remove the tick, checking all tabs too) on the programs that you know of (that don't require autostart)

This all is going to take you some time I suspect, but it will be all worth it ;)
 
Okay, I've run everything again. Here is a new Hijack this log.

I hope this solved it!!

I can't figure out how to turn off the stupid Kodak Gallery at Startup, but I guess I can live with that.
 
Okay, I've run everything again.
Sadly you have not done what I suggested above. :(

By the way, I'd backup your photos and just un-install that silly Kodac thing (it takes way too much system resource)

I can't help further unless you actually do all my recommendations (others might, just not me)
 
At least it wasn't as bad as seeing good ol' Norton
But because the last reply has high respect :D , it stays !
 
Sadly you have not done what I suggested above. :(

By the way, I'd backup your photos and just un-install that silly Kodac thing (it takes way too much system resource)

I can't help further unless you actually do all my recommendations (others might, just not me)

I think I've done everything now, except replacing McAfee, call me an ***** (which I am I guess), but I'm nervous about replacing the pre-installed subscription security with a free one.

Here are the logs for a new Hijack This and Malwarebytes.

You guys are really great - thanks for all the help so far!! And it's my birthday!!

:)
 
Status
Not open for further replies.
Back