Would like permission to post a hijack log

i have completed the cleaning as directed in the before you post.

there are some things that cannot be removed.

Upon trying to remove some of the trojans identified, or quarantine them, the system totally shuts down and reboots itself. We have disabled system restore to make sure that is covered.

I am familiar with the rules, and have cleaned the computer to the best that the programs you instruct will allow.

May I please post a hijack this now?

thank you
dustinmuyo

 

Please Hijack This

here is my log file. Please help me.

 

per your instructions

okay i am doing this exactly as you told me.

i will post a new log shortly.

However, please note some files could NOT be deleted manually that you specified. It said they were unable to be deleted because they were copyrighted or in use. Upon making sure that they WERE NOT IN USE by killing them in the task manager, then we could not access them again to delete them, because the whole problem started again.

These files that not able to be deleted were some .dll files and some .dat files.

I await a reply on my new Hijack Log. Please also note that my computer SHUTS DOWN by itself after running Hijack THIS when trying to FIX the BHO files.

thanks

 

OKAY NEW LOG, after FOLLOWING ALL INSTRUCTIONS

please see how it looks now for me.

 

and my Internet Explorer is still hijacked

I seem to be unable to use Intenet explorer and any other internet-related programs. I've run spyware removal already, but I'm still unable to use any internet programs. The error comes up to this when I use I.E.:
res//c:\windows\system32\shdoclc.dll/dnserror.htm

 

latest HIJACK LOG

it appears most definitely that IE has been hijacked.

ALso, upon running everything, Hijack this, CC cleaner, etc.

Once the system is rebooted, some of the files come back.

This has happened even though we have followed instructions carefully

and also worked in safe mode when instructed to.

WE also have stopped the system restore and some files continue to come back.

Mainly the .dat files, and the Bad in the Temporary documents

 

Please note I followed your instructions to the T
i removed everything you said.

I ran cc cleaner.

Upon running a NEW HIJACK LOG, they all RETURNED AGAIN.

I was in SAFE MODE the entire time.

 

Virtumundo virus

the programs did not locate anything of the sort on the computer.

i read the follow up also.

at this point, i am wondering...............

i am willing to restore, but do not have restore disk. My computer was built by a friend. Its a nice computer, but he has since moved out of state.

Can I go buy Windows XP and some sort of wipe/clean and start my whole computer configuration and system from scratch?

this is really a nightmare because everything i remove continues to come back after every reboot, and that it is with FOLLOWING INSTRUCTIONS perfectly.
thanks for you continued help, ive been at this for days.

 

what if i cant get on line yet?

my IE is highjacked

also

i cant get on line

should i still run the KillVirmundo?

 

I ran the tools you suggested. the computer froze for over 3 hours, and never launched Hijack this.

now what?

 

to chas

the dllcmd file continues to comes back. When running the ProcessExpNT zip suggested, the file continues to immediately produce itself after deletion. Sometimes it comes back in 3s. There are 1,000 of strings attached to this file also. The cursor file is a big problem also. Even after doing extensive searching, and then running all of these tools, it cannot be killed, quarantined, or deleted.

Listen at this point, i am not worried about saving anything on my computer. However, the computer was built by someone who never gave me the restore disks (they moved before I got them). I went to staples and they told me there is no way to restore the drive because it is not a HP. BULL!!!

anyway, are there tools here to WIPE the drive, and then possibly I should buy WINxp operating system myself and start fresh? Or is wiping a drive, much more complicated........I do not know anything about BIOS or NFATS files.

thanks chas.

 

HIJCK THIS NEVER OPENED AFTER 3 hours

 

THESE file cannot be removed.

O2 - BHO: CATLEvents Object - {BB54DE33-E539-4749-BFAC-CC49617E8F2A} - C:\DOCUME~1\OWNAGE~1\LOCALS~1\Temp\dmclld.dat
O4 - HKLM\..\RunOnce: [*dllcmd] C:\WINDOWS\Cursors\dllcmd.exe rerun



They continue to return and i have followed all instructions.

i do not what to do now. Its a very nice computer, very fast. Is it trashed now?

is there any hope?

 

NEW LOG, continuing thread

Out of the files you instructed me to look for dmclld.dat, dmclld.ini, dmclld.bak, dllcmd.dat, dllcmd.ini, dllcmd.bak, bkinst.exe.

ONLY The cursor file dllcmd.exe rerun is there and CANNOT Be deleted NO MATTER WHAT we have used thus far. It continues to return or say it cannot be deleted, per using your instructions.

AND

The dat file in the owners temp folder Documents and SettingsLoca settings\ownagebeast\temp with the dmclld.dat cannot be deleted, it refuses to be deleted with all of the processes and programs recommended in this thread thus far.

Heres the log, and they are STILL there. Im sorry, but they wont go away.

 

O2 - BHO: CATLEvents Object - {BB54DE33-E539-4749-BFAC-CC49617E8F2A}

Listen, the really bad file, O2 - BHO: CATLEvents Object - {BB54DE33-E539-4749-BFAC-CC49617E8F2A} - C:\DOCUME~1\OWNAGE~1\LOCALS~1\Temp\dmclld.dat is has corrupted my IE, I chose to delete IE and will reinstall that later, when I am able to get on line.

I am using someone elses computer to post.

I have lost 3 days of work over this, and really dont have alot more time to put into it.

should we keep going??? or should i purchase a new formatted hard drive and purchase Windows?

 

I cant get ON line to do this....to update

as i told you previously in my posts, WE CANT get this computer on line yet. IT WONT WORK.

how will i UPDATE? EWIDO to do this ?

 

when i find these files you asked me to search for, though, they say they are copyrighted, in use, and cannot be deleted.

I dont understand why they are "in use"........nothing is open.

therefore, i can delete them this way through search.

let me run this EWIDO, post a new log, and get back to you. Thanks so much for following me with this thread. This really is a nightmare.

 

Ewido Log Report
and NEW HIJACK THIS

let me know whats going on.

thanks.

 

the results of what you asked me to look for were NEGATIVE

doing the search exactly as you requested NEGATIVE

now what?

my IE wont open and I believe the browser was hijacked.

If you recommend MOzilla Firefox, where can I downlaod a SAFE copy and after I do, do i delete internet explorer totally from the system with everything in the folder??

I am going to run another hijack this log, after re-running Ad-Aware with the updates and AVG with the updates for you in a few minutes.

Thanks for continuing to follow.

 

okay heres another log. Ad Aware came up CLEAN finally.
CC cleaner came up CLEAN finally.
AVG came up CLEAN finally.

i need to know the following, please.

will sygate and AVG be enough to protect me from this VirtuMundo virus again?

Am i clean, totally?

Do you advise AGAINST, a wireless network?? for this computer?

Any other suggestion for this log and/or system?

thanks

 

Almost VERY IMPORTANT QUESTIONS

do i need to remove any of these programs i downloaded for cleaning FROM MY COMPUTER?

Should Ewido not be running at ALL now?

Should I only RUN AVG free edition and SYgate when on line?

thanks.

 

I also have ALOT of files in C:/windows/system32 that I dont know what they are? and wonder about whether they are safe.

I also seem to have alot of svc.host files

and services??? not sure about this?

is there anyway to post a log about whats going in this System32 file?

or a program to check it? To see what I NEED and what I DO NOT NEED.

I am afraid, as I saw that in the computer, not only is their ADMINISTRATOR, DUSTIN (myself), BUT there are also 4 others which I do not know who they are, and they have FULL PRIVILEDGES to the computer. I do NOT know how to delete these safely or what to do.

Sorry, but i must be SAFE, and I must be sure I cannot be hijacked or remotely controlled AGAIN by these people.

thanks.

 

yes thank you so much for that.

the problem lies now that IE wont open any pages, wont connect to the home page or any other page.

reinstalled IE and still cant connect.

Upon trying to reinstall the cable internet software, we are a script error.

not sure how to log this info to show you.

cant get a wireless connection or a STRAIGHT connection directly connected broadband through the computer.

wondering if this a computer and/or IE problems?