coltm4carbine

hi, heres the instructions to unregister the dll.

ok got some good news people :) Make sure you update your computer...

lol this was on the 27th and i have already got over idk like 3/5 emails about it. the first one (from a friend):- 2nd email (from sophos, antivirus company):- 3rd, microsoft newletter kinda thing:- 4th basically telling me m$ has revised the advisory. 5th McAfee AVERT breaking virus news thing. here's some quotes from an article i read: Whole article can be found here: http://isc.sans.org//diary.php?storyid=994

wow first reply for a while, anyways trusting phil on this one (haven't checked the service entry): fixing an o23 (service) only disables it. You will need to manually delete the service yourself. try this (new canned so not sure will it work) Please run HijackThis and click Config -> Misc Tools -> Delete an NT service. In the Delete window, type MS Software Generic Host Process for Win32 Services and press OK. OK any prompts, close HijackThis, and restart your computer.

see will this help:http://help.yahoo.com/help/uk/mail/pop/pop-06.html. also i think you need the paid version for it to work

opps my bad; make sure you can show hidden files and folders. and then try again. and as albosky said some of them are missing. I just put them there incase of a bug in HJT. after that rehide your system files.

there is a program called autoscreen recorder but i think that might be a bit too obvious. It runs from the sys tray (press f9 to start and f10 to stop). but when you type f9 theres a minimised window saying recording so it's gonna be obvious (i use it, lol).... and when you press f10 it tells you it's saved...(you have to be fast) and yes, autoscreen recorder is legal... Talk to her about what she's doing etc first. p.s keyloggers should be illegal in all countries (unless you tell them there is one.)

i'll see if anyone replies if not i give you my fix (i got most of it done).[the point is i wanna give someone a go...] the log is actually quite clean (apart from the o2 and o20 line). I'll log on later to check for replies.

yeh, me too. lol. least most of the junk is out of your system. go offline and fix these (you can leave the accoona if you have set them): R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant ... gn=wdz0605 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assistant ... gn=wdz0605 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca <-did you set this? if not fix it. R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s R3 - Default URLSearchHook is missing O1 - Hosts: 69.20.16.183 auto.search.msn.com O1 - Hosts: 69.20.16.183 search.netscape.com O1 - Hosts: 69.20.16.183 ieautosearch O2 - BHO: (no name) - {06a34ccb-f185-40c4-b367-15f01a0d7996} - C:\WINDOWS\system32\gdbrdwsw.dll (file missing) O2 - BHO: (no name) - {19ca005a-8716-4e8d-b232-70451fe73635} - C:\WINDOWS\system32\gdbrdwsw.dll (file missing) O2 - BHO: (no name) - {2393728b-6ffd-45b7-89a5-9f9b490d000e} - C:\WINDOWS\system32\gdbrdwsw.dll (file missing) O2 - BHO: (no name) - {49c5f9e3-63fc-4ced-a16c-77bea61396f5} - C:\WINDOWS\system32\gdbrdwsw.dll (file missing) O2 - BHO: LinkTracker Class - {85A77577-A8CA-41b7-AA1E-DDAD4C0B12B1} - C:\WINDOWS\system32\hlwin.dll O2 - BHO: (no name) - {91e6dc04-6d5c-404f-8699-c1a5d73b2090} - C:\WINDOWS\system32\gdbrdwsw.dll (file missing) O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing) O2 - BHO: (no name) - {e16b8728-c829-40bf-8aa8-c1bb2e387fcb} - C:\WINDOWS\system32\gdbrdwsw.dll (file missing) O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... 0.0.15.cab O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares ... cracks.cab O18 - Filter: text/html - {03974811-C15F-462c-B6B0-2D2336AA57D0} - C:\WINDOWS\system32\hlwin.dll then reboot your computer into safemode. find and delete these files/folders (if you have any problems deleting some of these tell me): C:\WINDOWS\system32\gdbrdwsw.dll C:\WINDOWS\system32\hlwin.dll C:\Program Files\Accoona reboot into normal mode. Right click Here and select Save As to download WinHelp2002's DelDomains.inf. Please save the file somewhere you can find it like on the desktop. right click on it and select Install. post a new hjt log.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delfi.ee/ <- did you set that? If not fix it. Apart from that log looks clean. Might be your email settings (not to show pics- i have that on). You can see if you have a back-up (doubt it). start HJT ->config->Back-ups. now place a check mark next to:- O4 - HKLM\..\Run: [slowDownCPU] I:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.e3e (CAUTION - executable file) select restore.

lol, i don't know what would happen if you fixed that...anyways there won't be any back-ups so it's kinda late to do anything now... It's called slowdowncpu because i think (before this fix) loads of motherboards got fried due to the speed of something in the computer running to fast...not sure (lol i am not familiar with the insides of computers so i can't go into detail). p.s if this is wrong tell me because someone told me about this "fix". I'll have a look around for more info.

what's your motherboard manufacturer (msi?)? The SlowDownCpu[Caution: ExecutableFile] is meant to fix some bugs with various motherboards. move hjt out of the temp.

sir-do what you just did to each of your accounts (shouldn't need to but just incase-no need to post a log) Close any programs you have open since this step requires a reboot. From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log. IMPORTANT: Do NOT run any other files in the l2mfix folder until you are asked to do so! Note : Once the pc has restarted if a log does not appear or the icons didn't dissappear, run the "second.bat" located inside the L2mfix folder. after that please post a new HJT log. l2m/vx2 should now be gone from all accounts. I get you to delete them at the end (remind me). They should be ok as long as you don't go around running them (this includes getting your sister away from your computer). asta- no i am not joking.

the next time u save something save it to the "A" drive. or you can go to my computer-> find the "A" drive-> and copy and paste the files onto it.

this isn't really gd for my health it's almost 1am in here... using HJT (i make it more detailed in the morning) download HijackThis 1.99.1 from http://www.merijn.org to it's own folder. extract it and run it. DON'T FIX ANYTHING. Click "save log" when the scan has finished. Notepad will open. Copy and paste the log and post it on the forum. Wait for someone to give you a fix for it. Look at the stickies for a better tutorial (soz to sound rude- i wanna sleep). =================== Mate (if u don't mind me calling u that), you are making it worst for yourself. Uninstall xoftspy. It's a rogue antispyware program (fake). ==================== Sir- i take a look at it in the morning. Also the missing o20 is basically vundo (I am being lazy). go offline, open HJT and fix these (the vundo entries): O2 - BHO: (no name) - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - (no file) O20 - Winlogon Notify: mljji - C:\WINDOWS\system32\mljji.dll (file missing) fyi the vx2/l2m file is gaurd.tmp. I get you a tool to delete it on reboot. (there are a few more (should be anyway) so wait till i post in the morning)

sorry, maybe it's because i am not using my canned speech. well the files are usually different for each vundo (usually random). Post a HJT log and i see if anyone replies- if not i kill vundo first. Which files? Some variants of CWS deletes some windows files (i got the files on a disk). I have a look @ the log- having bit of problem with this comp. p.s change your title- not very nice. Anyone can reply if they want. Some people might even notice things i didn't. longest l2m log i've seen... do this first to see what else needs to be done. Close any programs you have open since this step requires a reboot. From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log. IMPORTANT: Do NOT run any other files in the l2mfix folder until you are asked to do so! Note : Once the pc has restarted if a log does not appear or the icons didn't dissappear, run the "second.bat" located inside the L2mfix folder.

nvm merc got their before me. In reply to the post below: Nope, Microsoft Antispyware is still in Beta.

only if they have winfixer problems- ok had a quick scan- vundo's gone. If they are infected which they arn't I can see a lot more than 2.lol. but basically yes I'll deal with specific infections first. Sometimes it will sometimes it won't so thats why i am asking if any other people are having winfixer problems. Should be ok though-your the admin. what i meant was did you get ad-aware to fix the stuff... +++++++++++++++++++++++++++++ edited again ok after our little chat on msn i had 2nd thoughts. l2m is like a magnet for other spyware. I take that out. You have the latest version of VX2. Download L2mfix from one of these two locations: http://www.atribune.org/downloads/l2mfix[Caution: ExecutableFile] ]http://www.downloads.subratam.org/l2mfix[Caution: ExecutableFile] change the .e3e (CAUTION - executable file) to [Caution: ExecutableFile] Save the file to your desktop and double click l2mfix[Caution: ExecutableFile]. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread. IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so! if you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd[Caution: ExecutableFile] C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. do not run the fix portion without fixing this first.

Is anyone else still having problems with winfixer? If they are post their hjt logs and their names. i.e DAD Logfile HiJack This 1.99.1 etc... did you fix the stuff from the automatic tools? think i got a tools for it- i check for you, might even be in one of the stickies -.-. p.s yeh...my bad... :oops: edit: seen your first log and i can also see look2me infection.

read this sticky (taken from other post :twisted: ) http://forum.tip.it/viewtopic.php?t=17081 should be a sticky telling you some good programs.

good job :) vundo's gone for anyone that interested these were the entries that told me vundo was gone: O2 - BHO: (no name) - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - (no file) and O20 - Winlogon Notify: mljji - C:\WINDOWS\system32\mljji.dll (file missing) ok thats one infection out of the way. Download ad-aware, spybot and microsoft antispyware. update them and run them. save the results and post them here. I'll tell you to finish the clean-up process later after we get rid of the other stuff. [/code]

ok you can update it when your computer is cleaner. I check around for your logs. reboot into safemode and delete these files/folders (if present) [ remember to show hidden files] C:\WINDOWS\System32\a8o1v[Caution: ExecutableFile] C:\WINDOWS\System32\p0rb06y[Caution: ExecutableFile] reboot into normal mode. After the online scan: google "ewido security suite" and download it. run it and post the log here. if the online scan didn't work then use ewido anyway- it'll tell us what else we have to deal with.

vundo is still active (which ain't good) try these again. I am sure i got the right paths....also i can't see any antispyware running so it won't be that. lets try again: reboot your computer into safe mode open the VundoFix folder and doubleclick on KillVundo.bat You will first be presented with a warning. It should look like this: At this point press enter once. Next you will see: At this point copy and paste the code in the box: C:\WINDOWS\system32\mljji.dll Press Enter to continue with the fix. Next you will see: copy and paste the code in the box (including the * ): C:\WINDOWS\system32\ijjlm.* Press Enter to continue with the fix. If HijackThis opens, simply shut it down as we will instruction you when to use it later. Press enter to exit the program then manually reboot your computer into normal mode. Wait for your desktop to appear- might flash a few times. Once your machine reboots (and after everything looks normal all icons etc) please continue with the instructions below. Double click the CCleaner shortcut on the desktop to start the program. Click Run Cleaner to run the program. Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items. After CCleaner has completed its process, click Exit. post a new HJT log. Basically your using ccleaner to clean out the temp. +++++++++++++++ what was that edit about? Just wondering.

not looking good then... erm got another computer that you can read the instructions from? if not save a copy of the instructions to you desktop. you must close it while running the fix though. To anyone else with winfixer- don't follow these instructions the entries are different each time.

Please print these instructions as they will be needed later when Internet access is not available. 1) go http://www.atribune.org/downloads/VundoFix[Caution: ExecutableFile] Change the .e3e (CAUTION- executable file) to [Caution: ExecutableFile] 2) Download the file to your desktop. 3) Double-click VundoFix[Caution: ExecutableFile] to extract the files 4) This will create a VundoFix folder on your desktop. 5) After all the files have been extracted, please go into safemode (pressing f8 while booting up then select safemode) 6) Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat 7) You will first be presented with a warning. It should look like this: At this point press enter once. Next you will see: (ignore the staff bit- it doesn't matter) At this point type in: C:\WINDOWS\system32\mljji.dll Press Enter to continue with the fix. Next you will see: again ignore the staff bit. C:\WINDOWS\system32\ijjlm.* Press Enter to continue with the fix. If HijackThis opens, simply shut it down as we will instruction you when to use it later. Press enter to exit the program then manually reboot your computer. Once your machine reboots please continue with the instructions below. google and Download CCleaner from here to clean temp files from your computer. Double click on the file to start the installation of the program. Select your language and click OK, then next. Read the license agreement and click I Agree. Click next to use the default install location. Click Install then finish to complete installation. Double click the CCleaner shortcut on the desktop to start the program. On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit). If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla. Click Run Cleaner to run the program. Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items. After CCleaner has completed its process, click Exit. post a new HJT log. I can see a lot that needs to be fixed but i take out vundo first.