Urgently need Help!!!!!!

Charlie225 · Feb 13, 2008

Hey Guys i just hoe u can help me.
The other day i downloaded Limewire and after a while it started giving problems and it was not closing this caused the PC to be going very slow. Evrytime i close it, it opens by itself .I then decided to uninstall it but now i am gettin this Limewire error message popping up on ma screen and occasionally the toolbar and evrything on the desktop disappears for a while leavin only the wallpaper. There has also been a marked decrease in the speed of the PC and i need help soon before it worsens.

Corporal Punishment · Feb 13, 2008

Charlie225 said: ↑

The other day i downloaded Limewire and after a while it started giving problems.....
Click to expand...

I really need to find a way to get people to give me a nickel every time I read that sentence. Maybe we should start some sort of charity pledge.

Most likely you have traces of limewire left in your start up. The first thing you should do it run msconfig and look for that.

Just to be on the safe side tough, you should start here:
http://forums.majorgeeks.com/showthread.php?t=74501

Charlie225 · Feb 14, 2008

Hey did nuttin and the limewire thing has dissappeared. But there seems to be a more serious problem two new icons have appeared on ma desktop namely: 'Help and Support Centre' and 'Windows update' which are both direct me to Internet Explorer to download some virus protector.
Another message has been appearing which says:''A potential problem has been detected and Windows has been shutdown buggy application to prevent damage to your computer.''
Another weird thing has happened- a large amount of files marked 'TMP Files' have appeared in 'My Documents' and when i say a lot i mean a lot.

chaslang · Feb 16, 2008

Follow the instructions in the below link and attach the log that is requested.

Trojan.Win32.Agent.akk (aka IEDefender) Removal Procedure

If you still have problems after run FixIEDef, then be sure to continue with the rest of the instructions on running the READ & RUN ME and attach the requested logs.

Charlie225 · Feb 18, 2008

Here's the logs u requested.

Charlie225 · Feb 18, 2008

Here's the MG Logs

chaslang · Feb 21, 2008

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {D06D747D-69ED-4D03-8B95-E9B66D64304D} - C:\WINDOWS\system32\mljgd.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [xInsIDE] C:\Program Files\xInsIDE\xInsIDE.exe

After clicking Fix, exit HJT.

Now we need to use ComboFix to remove a bunch of malware files.

Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!

If it is not on your Desktop, the below will not work.

Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
Code:
Driver::
eojndsbl
rijhjjnv
 
File::
C:\WINDOWS\BM87cbe8f2.txt
C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\cgjstcop.ini
C:\WINDOWS\system32\hqebnvyd.ini
C:\WINDOWS\system32\uelbiejb.ini
C:\WINDOWS\system32\cdydygmc.ini
C:\WINDOWS\system32\pkaygppr.ini
C:\WINDOWS\system32\bidmgqfq.ini
C:\WINDOWS\system32\enpgvstg.ini
C:\WINDOWS\system32\drivers\cakhwlxg.sys
C:\WINDOWS\system32\drivers\dhwwpsev.sys
 
Folder::
C:\WINDOWS\system32\nGpxx18
C:\Program Files\Router
C:\Program Files\xInsIDE
 
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D06D747D-69ED-4D03-8B95-E9B66D64304D}]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Router"=-
"xInsIDE"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
"PendingFileRenameOperations"=-
Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe

At this point, you MUST EXIT ALL BROWSERS NOW before continuing!

You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.

Now use your mouse to drag CFscript.txt on top of ComboFix.exe

Follow the prompts.

When it finishes, a log will be produced named c:\combofix.txt

I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Also delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\TEMP
C:\Documents and Settings\Paulette Headley\Local Settings\Temp

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

Then attach the below logs:

C:\ComboFix.txt

C:\MGlogs.zip

Make sure you tell me how things are working now!

Charlie225 · Feb 21, 2008

Thankx a lot things have improved a lot from the last time.

Log in or Sign up

Urgently need Help!!!!!!

Charlie225 Private E-2

Corporal Punishment Head of Software Shenanigans Staff Member

Charlie225 Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Charlie225 Private E-2

Attached Files:

logcombofix.txt

Report-Scan-20080218-181919.txt

FixIEDef.log

Charlie225 Private E-2

Attached Files:

MGlogs.zip

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Charlie225 Private E-2

Attached Files:

MGlogs.zip

ComboFix.txt