carlos_e927
Posts: 25 +0
here are my logs. please help asap! 
I need help! cyberlog x has been on my computer all weekend!
- Thread starter carlos_e927
- Start date
- Status
kritius
Posts: 2,077 +0
Hi carlos_e927,
Please Downlaod
Look for the file wuuawkz.dll and rename the file to wuuawkz.dll.bad
Look for the file eeioq.dll and rename the file to eeioq.dll.bad
Look for the file txdkfh.dll and rename the file to txdkfh.dll.bad
Look for the file wbchha.dll and rename the file to wbchha.dll.bad
Look for the file heuvth.dll and rename the file to heuvth.dll.bad
Look for the file xskmoqx.dll and rename the file to xskmoqx.dll.bad
Look for the file lruvqvw.dll and rename the file to lruvqvw.dll.bad
let me know which ones you find.
Next, please reboot your computer into Safe Mode
When your computer has started in safe mode and you see the desktop, click on the Start Menu button.
Click on the Control Panel option.
Double-click on the Add or Remove Programs icon.
Find the entries for VirusHeat 3.9 or VirusHeat 4.3 and double-click on them to uninstall if found. Follow the prompts to uninstall the program, but do not allow it to reboot the computer if it asks.
When it has completed uninstalling you can close Add or Remove Programs and your Control Panel.
Delete the following files and folders (Do not be concerned if a folder does not exist):
C:\Windows\System32\iinqyl.dll.bad
C:\Windows\System32\wuuawkz.dll.bad
C:\Windows\System32\eeioq.dll.bad
C:\Windows\System32\txdkfh.dll.bad
C:\Windows\System32\wbchha.dll.bad
C:\Windows\System32\heuvth.dll.bad
C:\Windows\System32\lruvqvw.dll.bad
C:\Windows\System32\xskmoqx.dll.bad
C:\Program Files\VirusHeat 3.9\
Close all open Windows.
Now, double-click on the SmitFraudfix icon
When the tool first starts you will see a credits screen. Simply press any key on your keyboard to get to the next screen.
When the tool first starts you will see a credits screen. Simply press any key on your keyboard to get to the next screen.
Press the number 2 on your keyboard and the press the enter key to choose the option Clean (safe mode recommended).
The program will start cleaning your computer and go through a series of cleanup processes. When it is done, it will automatically start the Disk Cleanup program.
This program will remove all Temp, Temporary Internet Files, and other files that may be leftover files from this infection. This process can take up to a few hours depending on your computer, so please be patient. When it is complete, it will close automatically.
When Disk Cleanup is finished, you will be presented with an option asking Do you want to clean the registry ? (y/n). At this screen you should press the Y button on your keyboard and then press the enter key.
let me know how this goes.
Please Downlaod
- SmitFraudFix
- FixVH.reg right click on the link and then select Save Link As or Save File depending on your browser. Confirm that the file FixVH.reg now resides on your desktop as we will need it later.
- Click on the Start button and then select the Run option.
- In the Open: field type c:\windows\system32 and then press the OK button.
- When the folder appears, if it says These files are hidden, click on the Show the contents of this folder option.
- We now need to make it so you can see hidden files.
1. Click on the Tools menu and select Folder Options.
2. Click on the View tab.
3. Under the Hidden files and folders category select Show hidden files and folders.
4. Uncheck Hide protected operating system files.
5. Press Apply and then OK.
6. If you still can not see the file, then undo these changes and skip to step 11.
- Scroll through the list of files in this folder and,
Look for the file wuuawkz.dll and rename the file to wuuawkz.dll.bad
Look for the file eeioq.dll and rename the file to eeioq.dll.bad
Look for the file txdkfh.dll and rename the file to txdkfh.dll.bad
Look for the file wbchha.dll and rename the file to wbchha.dll.bad
Look for the file heuvth.dll and rename the file to heuvth.dll.bad
Look for the file xskmoqx.dll and rename the file to xskmoqx.dll.bad
Look for the file lruvqvw.dll and rename the file to lruvqvw.dll.bad
let me know which ones you find.
Next, please reboot your computer into Safe Mode
When your computer has started in safe mode and you see the desktop, click on the Start Menu button.
Click on the Control Panel option.
Double-click on the Add or Remove Programs icon.
Find the entries for VirusHeat 3.9 or VirusHeat 4.3 and double-click on them to uninstall if found. Follow the prompts to uninstall the program, but do not allow it to reboot the computer if it asks.
When it has completed uninstalling you can close Add or Remove Programs and your Control Panel.
Delete the following files and folders (Do not be concerned if a folder does not exist):
C:\Windows\System32\iinqyl.dll.bad
C:\Windows\System32\wuuawkz.dll.bad
C:\Windows\System32\eeioq.dll.bad
C:\Windows\System32\txdkfh.dll.bad
C:\Windows\System32\wbchha.dll.bad
C:\Windows\System32\heuvth.dll.bad
C:\Windows\System32\lruvqvw.dll.bad
C:\Windows\System32\xskmoqx.dll.bad
C:\Program Files\VirusHeat 3.9\
Close all open Windows.
Now, double-click on the SmitFraudfix icon
When the tool first starts you will see a credits screen. Simply press any key on your keyboard to get to the next screen.
When the tool first starts you will see a credits screen. Simply press any key on your keyboard to get to the next screen.
Press the number 2 on your keyboard and the press the enter key to choose the option Clean (safe mode recommended).
The program will start cleaning your computer and go through a series of cleanup processes. When it is done, it will automatically start the Disk Cleanup program.
This program will remove all Temp, Temporary Internet Files, and other files that may be leftover files from this infection. This process can take up to a few hours depending on your computer, so please be patient. When it is complete, it will close automatically.
When Disk Cleanup is finished, you will be presented with an option asking Do you want to clean the registry ? (y/n). At this screen you should press the Y button on your keyboard and then press the enter key.
let me know how this goes.
carlos_e927
Posts: 25 +0
thanks! so far, i didn't find any of the files in the System32 folder. i am going to now restart the computer and run it in Safe Mode.
carlos_e927
Posts: 25 +0
i ran the scan and this is the log file that came up. i do no know if this is any use to y ou.
carlos_e927
Posts: 25 +0
here is the log. i deleted the host because it would not let me upload the file that big.
kritius
Posts: 2,077 +0
Ok then,
You may want to print this or save it notepad to your desktop so you will have it while in safe mode.
Boot into Safe Mode
Put a check mark next to the following entries:
O2 - BHO: e404mgr Class - {8F10DE2B-E923-4548-B524-4D9C5FA80777} - C:\Program Files\Helper\1204882063.dll (file missing)
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
O2 - BHO: (no name) - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - (no file)
O2 - BHO: e404mgr Class - {8F10DE2B-E923-4548-B524-4D9C5FA80777} - C:\Program Files\Helper\1204882063.dll (file missing)
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
O2 - BHO: (no name) - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - (no file)
O22 - SharedTaskScheduler: dikage - {d4c51fa4-9192-4a9a-8d2a-a0690c92f171} - C:\WINDOWS\system32\lruvqvw.dll (file missing)
Select Fix Checked
Close Hijackthis
Show hidden files through windows explorer
Use Windows Explorer to navigate to and delete the following files(if found)
C:\WINDOWS\system32\lruvqvw.dll
Restart your computer into normal mode
Run a new scan with Hijackthis and attach the log
You may want to print this or save it notepad to your desktop so you will have it while in safe mode.
Boot into Safe Mode
- Restart your computer and start pressing the F8 key on your keyboard.
- Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
Put a check mark next to the following entries:
O2 - BHO: e404mgr Class - {8F10DE2B-E923-4548-B524-4D9C5FA80777} - C:\Program Files\Helper\1204882063.dll (file missing)
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
O2 - BHO: (no name) - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - (no file)
O2 - BHO: e404mgr Class - {8F10DE2B-E923-4548-B524-4D9C5FA80777} - C:\Program Files\Helper\1204882063.dll (file missing)
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
O2 - BHO: (no name) - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - (no file)
O22 - SharedTaskScheduler: dikage - {d4c51fa4-9192-4a9a-8d2a-a0690c92f171} - C:\WINDOWS\system32\lruvqvw.dll (file missing)
Select Fix Checked
Close Hijackthis
Show hidden files through windows explorer
- Access Windows Explorer by clicking Start, point to All Programs, Accesories, and then click Windows Explorer. Or hold the windows key and press E
- On the Tools menu in Windows Explorer, click Folder Options.
- Click the View tab.
- Under Hidden files and folders, click Show hidden files and folders and Turn Hide protected operating system files off.
Use Windows Explorer to navigate to and delete the following files(if found)
C:\WINDOWS\system32\lruvqvw.dll
Restart your computer into normal mode
Run a new scan with Hijackthis and attach the log
carlos_e927
Posts: 25 +0
here is the log. i was only able to find 3 from the hjt list.
and i was not able to find the lruvqvw.dll file in the system32 folder.
and i was not able to find the lruvqvw.dll file in the system32 folder.
kritius
Posts: 2,077 +0
Ok then, just a few more to clean up,
Boot into safe mode again,
open HJT and do a system scan only,
close all browser windows except HJT and put a check against the following items,
O2 - BHO: (no name) - {8F10DE2B-E923-4548-B524-4D9C5FA80777} - (no file)
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
O2 - BHO: (no name) - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - (no file)
Boot back into normal mode,
I would also consider getting rid of Party Poker and the yahoo toolbar.
Run another HJT log and post back with the results.
Boot into safe mode again,
open HJT and do a system scan only,
close all browser windows except HJT and put a check against the following items,
O2 - BHO: (no name) - {8F10DE2B-E923-4548-B524-4D9C5FA80777} - (no file)
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
O2 - BHO: (no name) - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - (no file)
Boot back into normal mode,
I would also consider getting rid of Party Poker and the yahoo toolbar.
Run another HJT log and post back with the results.
carlos_e927
Posts: 25 +0
i don't know how i got that yahoo tool bar. but im getting rid of it as well as the party poker.
kritius
Posts: 2,077 +0
Boot into safe mode again,
Show all hidden files and folders,
Do a search for yahoo toolbar and party poker and delete whatever you find just to ensure that they are all gone.
open HJT and do a system scan only,
close all browser windows except HJT and put a check against the following items,
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {8F10DE2B-E923-4548-B524-4D9C5FA80777} - (no file)
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
O2 - BHO: (no name) - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)Boot back into normal mode,
Rehide all the hidden files.
Download the Ccleaner programme if you dont already have it,
Close all browsers. Run the programme and make sure all the boxes are ticked, including "advanced" box under the Windows tab(except for the Old prefetch Data option, this should be unticked) and Applications tabs and click the run cleaner button. Do this several times.
Then do the same with the registry option.
Hopefully its nearly done. How are things running now?
Run another HJT log and post back with the results.
Show all hidden files and folders,
Do a search for yahoo toolbar and party poker and delete whatever you find just to ensure that they are all gone.
open HJT and do a system scan only,
close all browser windows except HJT and put a check against the following items,
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {8F10DE2B-E923-4548-B524-4D9C5FA80777} - (no file)
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
O2 - BHO: (no name) - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)Boot back into normal mode,
Rehide all the hidden files.
Download the Ccleaner programme if you dont already have it,
Close all browsers. Run the programme and make sure all the boxes are ticked, including "advanced" box under the Windows tab(except for the Old prefetch Data option, this should be unticked) and Applications tabs and click the run cleaner button. Do this several times.
Then do the same with the registry option.
Hopefully its nearly done. How are things running now?
Run another HJT log and post back with the results.
carlos_e927
Posts: 25 +0
things are running better. no more pop ups. but sometimes when i start the computer, a spybot window comes up asking me if i want to allow some changes or deny.
kritius
Posts: 2,077 +0
ok then,
Boot into safe mode and open HJT have it do a system scan only,
Put a check next to these entries and select fix checked,
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {8F10DE2B-E923-4548-B524-4D9C5FA80777} - (no file)
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
O2 - BHO: (no name) - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
Boot back into normal mode,
Update your Java Runtime Environment
If for some reason you couldn't update through the above instructions.
--------------------------------------------------------------------------------------------------------
get a firewall, either,
Comodo
Kerio
Online Armor
Zonealarm
----------------------------------------------------------------------------------------------------------
Run HJT again and post a fresh log, the last one was looking a lot better
What was Spybot asking you again?
Boot into safe mode and open HJT have it do a system scan only,
Put a check next to these entries and select fix checked,
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {8F10DE2B-E923-4548-B524-4D9C5FA80777} - (no file)
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
O2 - BHO: (no name) - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
Boot back into normal mode,
Update your Java Runtime Environment
- First try going to Start -> Control Panel -> double click Java
- Select the Update TAb at the top
- Click the Check for Updates button at the bottom
- If it finds the newer version (Java 6 Update 5) Follow the on screen instructions
- After it installs the newest version Go back to Control Panel -> Add/remove programs
- Uninstall any older versions of Java
If for some reason you couldn't update through the above instructions.
- Click the following link
Java Runtime Environment 6 Update 5 - The 4th option down is the one you want (click Download)
- Check the box to agree to terms of service
- Check the box for your operating system and click 'Download selected'at the bottom
- After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
- Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_05 folder
--------------------------------------------------------------------------------------------------------
get a firewall, either,
Comodo
Kerio
Online Armor
Zonealarm
----------------------------------------------------------------------------------------------------------
Run HJT again and post a fresh log, the last one was looking a lot better
What was Spybot asking you again?
carlos_e927
Posts: 25 +0
this is what it would ask me:
Category: Global Browser Toolbar
CHange: Value deleted
Entry: {EF99BD32-C1FB11D2-892F-0090271D4F88
Old data: hex:00
Allow Change or Deny Change
Category: Global Browser Toolbar
CHange: Value deleted
Entry: {EF99BD32-C1FB11D2-892F-0090271D4F88
Old data: hex:00
Allow Change or Deny Change
kritius
Posts: 2,077 +0
That may have been the Yahoo or Google toolbar.
Boot into safe mode and show all hidden files and folders and do a search for anything to do with the Yahoo! toolbar, delete whatever you find
Have HJT fix these entries again.
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {8F10DE2B-E923-4548-B524-4D9C5FA80777} - (no file)
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
O2 - BHO: (no name) - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
Boot into normal mode and rehide your hidden files and then post another log.
How are we in regards to the original problem?
Boot into safe mode and show all hidden files and folders and do a search for anything to do with the Yahoo! toolbar, delete whatever you find
Have HJT fix these entries again.
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {8F10DE2B-E923-4548-B524-4D9C5FA80777} - (no file)
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
O2 - BHO: (no name) - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
Boot into normal mode and rehide your hidden files and then post another log.
How are we in regards to the original problem?
carlos_e927
Posts: 25 +0
it has gotten a lot better. no more pop ups. nothing else is coming up as detected.
kritius
Posts: 2,077 +0
Run HJT and have it fix these entries again, this time from normal mode,
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {8F10DE2B-E923-4548-B524-4D9C5FA80777} - (no file)
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
O2 - BHO: (no name) - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
post a new log.
Id like to get rid of them before we can say its a success.
After you do that can you run combofix and post a log, id like to have someone look at it for me.
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {8F10DE2B-E923-4548-B524-4D9C5FA80777} - (no file)
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
O2 - BHO: (no name) - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
post a new log.
Id like to get rid of them before we can say its a success.
After you do that can you run combofix and post a log, id like to have someone look at it for me.
carlos_e927
Posts: 25 +0
thanks so much for all this. i really appreciate it.
carlos_e927
Posts: 25 +0
the past 2 days i noticed my internet has been running rather slow. i don't know if anything else is having an effect on it? besides me not having that great of a wireless modem, i was getting disconnected a lot more than usual.
Blind Dragon
Posts: 3,774 +4
@kritius -> teatimer is active and running
carlos_e927
Posts: 25 +0
there we go. running a lot better.
- Status
Similar threads
Latest posts
-
Apple Vision Pro is facing declining interest and sales among consumers- Lew Zealand replied
-
As cloud computing evolves, Amazon's AWS looks for its role in generative AI- Bob O'Donnell replied
-
AMD Radeon RX 8000 RDNA 4 GPUs rumored to use slower 18 Gbps GDDR6 memory
- Lew Zealand replied
