Apparently stuck with geeda.dll & xxyxww.dll
First, a brief (hopefully) rundown of what happened, what I've done and where I am at now. To start with, everything was running smoothly with my machine until I started seeing random processes trying to access the internet through ZoneAlarm. That is usually my first tip-off that some variety of malware has penetrated my resolve (I never click yes to a pop, open files... nothing). I began to look into the matter with some virus scans using AVG. It turned out AVG had been compromised (I can't say for how long) so I uninstalled. At this point I started fresh with Norton 360. I completed a full virus and spyware scan using Norton 360. It found a FEW things, but nothing major. My machine was starting to bog down considerably, so I turned back to AVG and reinstalled it. After disabling Norton's resident scanning I proceeded with a full AVG scan. AVG found 13 separate things. One key logger and one password scarfer. After removing those my machine was STILL sluggish. I proceeded with a Spybot scan. I ran a spybot scan and found several more things. I then ran AVG a few more times. Upon reboot however, the machine was still sluggish. Then I decided to check into a few things. I located this .DLL file geeda.dll and another xxyxww.dll ... I searched for information on those. I attempted to run vundofix. It didn't find the vundo virus. I could not remove it. I then decided to switch tacks and try some things from Safe Mode (I had already run a few AVG scans from safe mode, but I wanted to get rid of these two files)... There is ALWAYS some process that has a hold of these things... even in Safe mode. That is when I switched to trying BitDefender. However, I can't get captive to work properly so I cannot remove the offending DLLs. So now I'm at the point where I don't know how to boot my machine and have an NTFS driver running so that I can actually interact with the drive to remove these suckers. I thought that was the purpose of VundoFix, but it apparently couldn't find what it was looking for. I'll post some HJT logs if I can, however, the machine is thoroughly hijacked and runs so slow when the internet is connected (I have been trying to keep it disconnected due to the keyloggers and password snatchers... it appears that whatever this version of geeda.dll & xxyxww.dll is, it keeps downloading new virusware for me to remove) that I can barely use it. The infection couldn't have been too long ago, and I think it must have occurred because I clicked the "X" box to that stupid "Warning: Your computer may be running slower that usual..." virusware that installs itself no matter what you do . I only recently learned that you really should just use Alt-F4 with that thing or kill its process instead. Anyway, I hope someone has some suggestions that work. Nothing I've been able to do has rid me of these files. They are apparently in with the winlogon process now. Oh, one more thing, it keeps writing .tmp files of the form winXXX.tmp to the WINNT\temp directory. Sometimes it has some other files there, but it basically looks like it is trying to put together parts of another virus/spyware/malware. I keep deleting them, but they just reappear. I've even tried to correct the registry, but with the virus running, it just repairs the registry. I wish you could lock a process out of the registry for a bit... that would make this virus removal stuff easier. Anyway, one of my AVG scans indicated that one of the files in there contained a virus at one point. So I don't know if those files are trying to log keystrokes, are a convenient download area or what. They are usually zero bytes long, but every once in a while, there is something in them. And if I scan it, at least a couple of times, I've found a new virus.