Unable to run Kuwakepe.dll

Quendian February 8, 2009 at 14:10:10
Specs: Windows XP, 512k RAM
Whenever my grandad switches on his PC it
says "Unable to run Kuwakepe.dll". I
understand that this is part of a virus
called Vundo so I ran Malwarebytes and it
removed the infected files but this error
still comes up.

I went into msconfing, and there it was
running at start up so I disable it and
restarted but the error still came up! I went
back into msconfig and it had re-enabled
itself. No matter how many times I disable
it, it re-enables itself.

I downloaded VundoFix and ran it, it didn't
find any infected files. So now I'm stuck,
what can I do?


See More: Unable to run Kuwakepe.dll

Report •


#1
February 8, 2009 at 15:26:20
Please download and install the latest version of HijackThis v2.0.2:


Download the "HijackThis" Installer from this link:
Hijack This

Rename the setup file, HJTInstall.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename HJTInstall.exe to tools.exe> click save.
1. Save " tools.exe" to your desktop.
2. Double click on tools.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.


Report •

#2
February 9, 2009 at 15:07:38
I already have a HijackThis log of his computer, I had not renamed the file on download though.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:44, on 2009-02-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00
(7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Dell\Common\FSM32.EXE
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program
Files\Google\GoogleToolbarNotifier\GoogleTool
barNotifier.exe
C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe
C:\PROGRA~1\Dell\backweb\81720\Program\SERVIC
~1.EXE
C:\Program Files\Dell\Anti-Virus\fsgk32st.exe
C:\Program
Files\Dell\backweb\81720\program\fsbwsys.exe
C:\Program Files\Dell\Anti-Virus\FSGK32.EXE
C:\Program Files\Dell\Common\FSMA32.EXE
C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\Anti-Virus\fssm32.exe
C:\Program Files\Dell\Common\FSMB32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\Common\FCH32.EXE
C:\Program
Files\Dell\backweb\81720\Program\fspex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\Common\FAMEH32.EXE
C:\Program Files\Dell\Anti-Virus\fsrw.exe
C:\Program Files\Dell\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet
Explorer\iexplore.exe
C:\Program Files\Trend
Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://www.euro.dell.com/countries/...
/default.htm
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?Lin...
R3 - URLSearchHook: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Java(tm) Plug-In SSV Helper -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
{DBC80044-A445-435b-BC74-9C25C1C588A9} -
C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-
17CE-4C07-BC86-EABFE594F69C} - C:\Program
Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.
dll
O2 - BHO: (no name) - {f6755447-75a1-4a1f-
a7b3-18138f1b6456} -
C:\WINDOWS\system32\duvabova.dll (file
missing)
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry]
C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Lexmark X74-X75]
"C:\Program Files\Lexmark X74-
X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [windows auto update]
msblast.exe
O4 - HKLM\..\Run: [LoadHome]
C:\Windows\System\MSIK673.exe
O4 - HKLM\..\Run: [F-Secure Manager]
"C:\Program Files\Dell\Common\FSM32.EXE"
/splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program
Files\Dell\TNB\TNBUtil.exe" /CHECKALL
/WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard]
"C:\Program Files\Dell\FSGUI\FSSW.EXE"
/reboot
O4 - HKLM\..\Run: [News Service] "C:\Program
Files\Dell\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [TalkTalk] "C:\Program
Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [SunJavaUpdateSched]
"C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed
Launcher] "C:\Program Files\Adobe\Reader
8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program
Files\Real\RealPlayer\RealPlay.exe
SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig
.exe /auto
O4 - HKLM\..\Run: [gotiseyomo] Rundll32.exe
"C:\WINDOWS\system32\kuwakepe.dll",s
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleTool
barNotifier.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)]
"C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe" -
quiet
O4 - HKLM\..\Policies\Explorer\Run: [rare]
C:\Program Files\Video Access ActiveX
Object\pmsnrr.exe
O4 - HKUS\S-1-5-19\..\Run: [gotiseyomo]
Rundll32.exe
"C:\WINDOWS\system32\kuwakepe.dll",s (User
'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [gotiseyomo]
Rundll32.exe
"C:\WINDOWS\system32\kuwakepe.dll",s (User
'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE]
C:\WINDOWS\System32\CTFMON.EXE (User
'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE]
C:\WINDOWS\System32\CTFMON.EXE (User 'Default
user')
O4 - Global Startup: TalkTalk Online
Security.lnk = C:\Program
Files\Dell\backweb\81720\Program\fspex.exe
O8 - Extra context menu item: &Block this
popup - C:\Program Files\Dell\Anti-
Spyware\blockpopups.htm
O16 - DPF: {17492023-C23A-453E-A040-
C7C580BBF700} (Windows Genuine Advantage
Validation Tool) -
http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {6E32070A-766D-4EE6-879C-
DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microso...
6/V5Controls/en/x86/client/muweb_site.cab?
1174161736750
O21 - SSODL: eitheror - {2016a466-91a2-43c6-
97d8-2fd380f065ef} - (no file)
O22 - SharedTaskScheduler: eitheror -
{2016a466-91a2-43c6-97d8-2fd380f065ef} - (no
file)
O23 - Service: TalkTalk Online Security
(BackWeb Plug-in - 81720) - BackWeb
Technologies Inc. -
C:\PROGRA~1\Dell\backweb\81720\Program\SERVIC
~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper
Handler Starter) - F-Secure Corp. -
C:\Program Files\Dell\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. -
C:\Program
Files\Dell\backweb\81720\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall
Daemon (FSDFWD) - F-Secure Corporation -
C:\Program Files\Dell\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent
(FSMA) - F-Secure Corporation - C:\Program
Files\Dell\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc)
- Google - C:\Program
Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter
(JavaQuickStarterService) - Sun Microsystems,
Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) -
Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc)
- Intel(R) Corporation - C:\Program
Files\Intel\NCS\Sync\NetSvc.exe

--
End of file - 7044 bytes


Report •

#3
February 9, 2009 at 15:16:20
Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to toolb.exe> click save.

Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

In your case to run Combofix do the following:
1. Go offline turn off your F-Secure antivirus, and any antispyware that you may have.
2. Run Combofix by double clicking the toolb.exe icon on your desktop and save its log.
3. Restart the computer to get the antivirus running again but leave the antispyware programs off until we get the computer cleaned.
4. Post the Combofix log.


Remember to re-enable the protection again afterwards before connecting to the Internet.


Report •

Related Solutions


Ask Question