Viruses/Spyware/Malware, preliminary removal instructions

[shiva64]

Also windows media won't play any music and some games (e.g. fifa08) won't load.

 

[kritius]

I cant say anything till I see the logs for those programs

 

[shiva64]

Programs?

Which programs? If your talkin abaout Vundofix, i can't download directly as i can't get on internet on main pc.

 

[kritius]

Can you download them on the laptop and then transfer them to the main pc? Also post a fresh HJT log.

 

[shiva64]

Will try. Get back to you soon.

 

[shiva64]

Help

Tried to run Vundofix from cd, received message- runtime error 339, component "comdlg.32.ocx" or one of it's dependencies not correctly registered; a file is missing or invalid.

 

[shiva64]

logs

Please find logs of Virtumondo and HJT. Vundofix didn't find any errors. Therefore not tried going on internet or running any problem programs yet.

 

[shiva64]

Sorry, here's the logs attached.

 

[kritius]

Ill look over your log now and get back to you.

 

[shiva64]

Hi, did you find anything?

 

[kritius]

Go to start>run and type combofix /u

reboot if required

Fix entries using HiJackThis

• Launch HiJackThis
• Click the Do a system scan only button
• Put a check next to the entries listed below

O2 - BHO: (no name) - {C5AF49A2-94F3-42BD-F434-2604812C897D} - (no file)
O4 - HKLM\..\Run: [BM37097977] Rundll32.exe "C:\WINDOWS\system32\oidlmehb.dll",s
O16 - DPF: {395E58B9-090C-461A-8F27-087D1C727945} (Web Conferencing) - http://metastock.epopcentral.com/joinie.cab
O16 - DPF: {6697AFA6-1CD3-462E-AC0A-363EF8BCD102} (SyScan2 Control) - http://www.evga.com/Support/SyScan/SyScan.cab

• IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
• Click the Fix checked button and close HiJackThis
• Reboot HijackThis if necessary

Delete Files and Folders

• Right Click on the start button and chose explore
• Show all hidden files and folders, see how HERE
• Navigate to the following files and folders and delete them(if still present)

C:\WINDOWS\system32\oidlmehb.dll<---------This File
[/color]

• Empty the recycle bin.

If that does not work then repeat the process in safe mode. See how to boot into Safe mode HERE.
***DO NOT USE MSCONFIG TO BOOT INTO SAFE MODE***


Download and Run ComboFix

• Download this file from either of the two below listed places :
  
  HERE or HERE
  
• Then double click combofix.exe & follow the prompts.
• When finished, it shall produce a log for you. Attach that log in your next reply

WARNING: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

[shiva64]

Done HJK, couldn't find oidlehb file in normal mode. Will try in safe mode and then i'll download/run combofix.

 

[kritius]

if you cant find it in safe mode we'll get it with combo.

 

[shiva64]

combofix

Hi, please find combofix log attached. Had to download using laptop as computer main computer still as before. Please note mentioned earlier that the oidlmehb.dll file error message was coming up on startup "error loading, module not found".

 

[kritius]

Is combofix installed on the desktop? It needs to be there.

 

[shiva64]

No it wasn't. I'll install and redo.

 

[shiva64]

combofix

Hi, please find new combofix log after desktop install.

 

[kritius]

COMBOFIX-Script

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  

  File::
  C:\WINDOWS\system32\jnfamqhr.ini
  C:\WINDOWS\system32\ycorwthv.exe
  C:\WINDOWS\system32\gryfxjrl.ini
  C:\WINDOWS\system32\gutohspt.ini
  C:\WINDOWS\system32\cwkthgqk.exe
  C:\WINDOWS\system32\srtrhxag.ini
  C:\WINDOWS\system32\d3d9caps.dat

• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  
  
  
  
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Ataach the log in your next reply along with a fresh HijackThis log.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

 

[shiva64]

new log

Hi, please find new combofix log and HJT log (done after). All went smoothly.

 

[kritius]

How is the computer running now?

 

[shiva64]

Same as before. Windows media won't play and certain games/programs won't start. Haven't tried Internet yet. Also task bar is a beige colour (not as normal blue) as if in safe mode. Also Avast won't run.

 

[kritius]

Im going to see if I can get someone to take a look at this thread and get their opinions.

 

[shiva64]

Thanks. Checked internet and games they wouldn't start.

 

[shiva64]

Tried to start games by explore disc and then clicking on exe icon, but that didn't work either, no messages come up either. With windows media message comes up to say "sound device not found" even though in device manager it shows status as ok. I checked avast in system info and it's showing as stopped.

 

[shiva64]

help

Hi, Been searching web for solution for games not running and thought i'd try autofix.
I tried it but it brought up this message " The wizard found a problems but cannot fix them- None."

I also believe that autoplay can be disabled/stopped when some virus/malware removal softwares are used.

Please help asap. Or else i might have to resort to wiping whole system and starting over (Do not want to do that!!).