Jump to content


Photo

Trojans, Spyware, Popups, and other virus issues help!


  • Please log in to reply
5 replies to this topic

#1 La Grav

La Grav

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 22 June 2007 - 09:52 AM

Hi, New user here. Thanks for any help you can offer. Symptoms on Win XP include slow response, hanging web sites that occasionally free up after a "stop/refresh" sequence, apparent attempts to send unauthorized e-mail, and a couple of incidents where an audio file plays out of nowhere.

I use IE on this system. Have been using Norton Suite and Windows XP Firewall, but while attempting to correct these problems have replaced virus protection with Avast Pro Edition and . Avast Virus scans and HijackT his scan today. I noted that the Avast gave repeated Trojan warnings but could not quarantine the file.

HijackThis in generated the following report. I look forward to any advice you can suggest for completing a system cleanup...


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:50:57 PM, on 6/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\qyhemktk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Documents and Settings\Christine Marie\Desktop\HiJackThis_v2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
O2 - BHO: (no name) - {3FFB11B4-66C9-4F1C-9CC3-45013AE718E8} - C:\WINDOWS\system32\cbawv.dll
O2 - BHO: (no name) - {4AE3FF78-2AAC-4057-B48C-21F16AE17125} - C:\WINDOWS\system32\xxywuut.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\qhbawlkl.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {F215F456-711A-4991-9056-CA1D78CCD5Ac} - C:\WINDOWS\system32\isuobaaf.dll
O4 - HKLM\..\Run: [j1231438] rundll32 C:\WINDOWS\system32\j1231438.dll sook
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft MSN Messenger] C:\RECYCLER\msnmnsgr.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\lnxvobtg.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Creating Keepsakes Scrapbook Designer Event Reminder.lnk = C:\Program Files\Scrapbook Designer\scrapremind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.disneypho...geUploader4.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://remote.klng.com/tsweb/msrdp.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.su...indows-i586.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4B2D4DB-B20B-40EF-B22A-24342BDD7B29}: NameServer = 192.168.1.1
O20 - Winlogon Notify: cbawv - C:\WINDOWS\system32\cbawv.dll
O20 - Winlogon Notify: xxywuut - C:\WINDOWS\SYSTEM32\xxywuut.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\qyhemktk.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\progyrta.html
O24 - Desktop Component 1: (no name) - http://www.christmas...ages/browse.gif
O24 - Desktop Component 2: (no name) - http://www.disneypho...images/hd_l.gif

--
End of file - 5276 bytes

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 25 June 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 27 June 2007 - 03:12 PM

Please download VundoFix.exe
to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#4 La Grav

La Grav

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 27 June 2007 - 08:38 PM

I ran the vundo and another hijack this. I will post the results. I am still having problems. The computer is very slow to open up programs, mail, IE, and I continually receive Trojan alerts from Avast. When I place them in the chest and try to delete them they still appear. I also get random popups and unsolicited songs playing on the computer with no programs playing them or any way of turning it off. The vundo exe encountered several files it could not delete, arter running several times and restarting. The computer is moving extremely slow now and e-mails are impossible to open up. Please help I am at the end of my rope her. Thanks for all your assistance.

Edited by La Grav, 28 June 2007 - 07:27 AM.


#5 La Grav

La Grav

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 27 June 2007 - 08:40 PM

New HIJACK THIS LOG:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:37:50 PM, on 6/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\qyhemktk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Christine Marie\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
O2 - BHO: (no name) - {06E1D333-93AF-4AB5-878B-8EE3BAC7E066} - C:\WINDOWS\system32\cbawv.dll (file missing)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {4AE3FF78-2AAC-4057-B48C-21F16AE17125} - C:\WINDOWS\system32\xxywuut.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {CE1B2575-F5ED-497B-AE9E-C7677713717A} - C:\WINDOWS\system32\fccay.dll (file missing)
O2 - BHO: (no name) - {F215F456-711A-4991-9056-CA1D78CCD5Ac} - C:\WINDOWS\system32\isuobaaf.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Microsoft MSN Messenger] C:\RECYCLER\msnmnsgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [j1231438] rundll32 C:\WINDOWS\system32\j1231438.dll sook
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Creating Keepsakes Scrapbook Designer Event Reminder.lnk = C:\Program Files\Scrapbook Designer\scrapremind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.disneypho...geUploader4.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://remote.klng.com/tsweb/msrdp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4B2D4DB-B20B-40EF-B22A-24342BDD7B29}: NameServer = 192.168.1.1
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\qyhemktk.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Microsoft windows FTPd - Unknown owner - C:\WINDOWS\system32\dllcache\updtftpini.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\progyrta.html
O24 - Desktop Component 1: (no name) - http://www.christmas...ages/browse.gif
O24 - Desktop Component 2: (no name) - http://www.disneypho...images/hd_l.gif

--
End of file - 7082 bytes

Vundofix.txt:

VundoFix V6.5.1

Checking Java version...

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 8:14:15 PM 6/27/2007

Listing files found while scanning....

C:\windows\system32\afermiao.ini
C:\windows\system32\asjuskvq.dll
C:\WINDOWS\system32\cbawv.dll
C:\windows\system32\efuupdvp.ini
C:\windows\system32\etwupuoq.ini
C:\windows\system32\fbqiovru.dll
C:\windows\system32\fvkivuux.dll
C:\windows\system32\gclqosyl.ini
C:\windows\system32\gtbovxnl.ini
C:\windows\system32\hmdbpwyj.dll
C:\windows\system32\jmmcqutr.dll
C:\windows\system32\judcqiiw.ini
C:\windows\system32\jywpbdmh.ini
C:\WINDOWS\system32\kmkybahw.dll
C:\windows\system32\kwscfhom.dll
C:\windows\system32\lnxvobtg.dll
C:\windows\system32\lysoqlcg.dll
C:\windows\system32\mohfcswk.ini
C:\windows\system32\nkucktbs.ini
C:\windows\system32\nsaaqemr.dll
C:\windows\system32\oaimrefa.dll
C:\windows\system32\pvdpuufe.dll
C:\WINDOWS\system32\qawjsxeq.dll
C:\WINDOWS\system32\qhbawlkl.dll
C:\windows\system32\qoupuwte.dll
C:\windows\system32\qvksujsa.ini
C:\windows\system32\rmeqaasn.ini
C:\WINDOWS\system32\rusghvsk.dll
C:\windows\system32\safkwpsx.dll
C:\windows\system32\sbtkcukn.dll
C:\windows\system32\sjwljvmt.ini
C:\windows\system32\tmvjlwjs.dll
C:\WINDOWS\system32\vwabc.bak1
C:\WINDOWS\system32\vwabc.bak2
C:\WINDOWS\system32\vwabc.ini
C:\windows\system32\vwabc.ini2
C:\windows\system32\vwabc.tmp
C:\WINDOWS\system32\wiiqcduj.dll
C:\windows\system32\xspwkfas.ini
C:\windows\system32\xuuvikvf.ini
C:\windows\system32\xxywuut.dll

Beginning removal...

Attempting to delete C:\windows\system32\afermiao.ini
C:\windows\system32\afermiao.ini Has been deleted!

Attempting to delete C:\windows\system32\asjuskvq.dll
C:\windows\system32\asjuskvq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbawv.dll
C:\WINDOWS\system32\cbawv.dll Has been deleted!

Attempting to delete C:\windows\system32\efuupdvp.ini
C:\windows\system32\efuupdvp.ini Has been deleted!

Attempting to delete C:\windows\system32\etwupuoq.ini
C:\windows\system32\etwupuoq.ini Has been deleted!

Attempting to delete C:\windows\system32\fbqiovru.dll
C:\windows\system32\fbqiovru.dll Has been deleted!

Attempting to delete C:\windows\system32\fvkivuux.dll
C:\windows\system32\fvkivuux.dll Has been deleted!

Attempting to delete C:\windows\system32\gclqosyl.ini
C:\windows\system32\gclqosyl.ini Has been deleted!

Attempting to delete C:\windows\system32\gtbovxnl.ini
C:\windows\system32\gtbovxnl.ini Has been deleted!

Attempting to delete C:\windows\system32\hmdbpwyj.dll
C:\windows\system32\hmdbpwyj.dll Has been deleted!

Attempting to delete C:\windows\system32\jmmcqutr.dll
C:\windows\system32\jmmcqutr.dll Has been deleted!

Attempting to delete C:\windows\system32\judcqiiw.ini
C:\windows\system32\judcqiiw.ini Has been deleted!

Attempting to delete C:\windows\system32\jywpbdmh.ini
C:\windows\system32\jywpbdmh.ini Has been deleted!

Attempting to delete C:\windows\system32\kwscfhom.dll
C:\windows\system32\kwscfhom.dll Has been deleted!

Attempting to delete C:\windows\system32\lnxvobtg.dll
C:\windows\system32\lnxvobtg.dll Has been deleted!

Attempting to delete C:\windows\system32\lysoqlcg.dll
C:\windows\system32\lysoqlcg.dll Could not be deleted.

Attempting to delete C:\windows\system32\mohfcswk.ini
C:\windows\system32\mohfcswk.ini Has been deleted!

Attempting to delete C:\windows\system32\nkucktbs.ini
C:\windows\system32\nkucktbs.ini Has been deleted!

Attempting to delete C:\windows\system32\nsaaqemr.dll
C:\windows\system32\nsaaqemr.dll Has been deleted!

Attempting to delete C:\windows\system32\oaimrefa.dll
C:\windows\system32\oaimrefa.dll Has been deleted!

Attempting to delete C:\windows\system32\pvdpuufe.dll
C:\windows\system32\pvdpuufe.dll Has been deleted!

Attempting to delete C:\windows\system32\qoupuwte.dll
C:\windows\system32\qoupuwte.dll Has been deleted!

Attempting to delete C:\windows\system32\qvksujsa.ini
C:\windows\system32\qvksujsa.ini Has been deleted!

Attempting to delete C:\windows\system32\rmeqaasn.ini
C:\windows\system32\rmeqaasn.ini Has been deleted!

Attempting to delete C:\windows\system32\safkwpsx.dll
C:\windows\system32\safkwpsx.dll Has been deleted!

Attempting to delete C:\windows\system32\sbtkcukn.dll
C:\windows\system32\sbtkcukn.dll Has been deleted!

Attempting to delete C:\windows\system32\sjwljvmt.ini
C:\windows\system32\sjwljvmt.ini Has been deleted!

Attempting to delete C:\windows\system32\tmvjlwjs.dll
C:\windows\system32\tmvjlwjs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vwabc.bak1
C:\WINDOWS\system32\vwabc.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vwabc.bak2
C:\WINDOWS\system32\vwabc.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vwabc.ini
C:\WINDOWS\system32\vwabc.ini Has been deleted!

Attempting to delete C:\windows\system32\vwabc.ini2
C:\windows\system32\vwabc.ini2 Has been deleted!

Attempting to delete C:\windows\system32\vwabc.tmp
C:\windows\system32\vwabc.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\wiiqcduj.dll
C:\WINDOWS\system32\wiiqcduj.dll Could not be deleted.

Attempting to delete C:\windows\system32\xspwkfas.ini
C:\windows\system32\xspwkfas.ini Has been deleted!

Attempting to delete C:\windows\system32\xuuvikvf.ini
C:\windows\system32\xuuvikvf.ini Has been deleted!

Attempting to delete C:\windows\system32\xxywuut.dll
C:\windows\system32\xxywuut.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.1

Checking Java version...

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 8:31:20 PM 6/27/2007

Listing files found while scanning....

C:\windows\system32\lysoqlcg.dll
C:\windows\system32\wiiqcduj.dll
C:\windows\system32\xxywuut.dll
C:\windows\system32\xxyyw.dll

Beginning removal...

Attempting to delete C:\windows\system32\lysoqlcg.dll
C:\windows\system32\lysoqlcg.dll Has been deleted!

Attempting to delete C:\windows\system32\wiiqcduj.dll
C:\windows\system32\wiiqcduj.dll Has been deleted!

Attempting to delete C:\windows\system32\xxywuut.dll
C:\windows\system32\xxywuut.dll Could not be deleted.

Attempting to delete C:\windows\system32\xxyyw.dll
C:\windows\system32\xxyyw.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\xxywuut.dll
C:\windows\system32\xxywuut.dll Could not be deleted.

Attempting to delete C:\windows\system32\xxyyw.dll
C:\windows\system32\xxyyw.dll Has been deleted!


VundoFix V6.5.1

Checking Java version...

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 9:01:53 PM 6/27/2007

Listing files found while scanning....

C:\windows\system32\fccay.dll
C:\WINDOWS\system32\rnaynshe.dll
C:\windows\system32\xxywuut.dll
C:\windows\system32\yaccf.bak1
C:\WINDOWS\system32\yaccf.ini
C:\windows\system32\yaccf.tmp

VundoFix V6.5.1

Checking Java version...

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 9:08:13 PM 6/27/2007

Listing files found while scanning....

C:\windows\system32\fccay.dll
C:\windows\system32\rnaynshe.dll
C:\windows\system32\xxywuut.dll
C:\windows\system32\yaccf.bak1
C:\windows\system32\yaccf.ini

Beginning removal...

Attempting to delete C:\windows\system32\fccay.dll
C:\windows\system32\fccay.dll Has been deleted!

Attempting to delete C:\windows\system32\rnaynshe.dll
C:\windows\system32\rnaynshe.dll Has been deleted!

Attempting to delete C:\windows\system32\xxywuut.dll
C:\windows\system32\xxywuut.dll Could not be deleted.

Attempting to delete C:\windows\system32\yaccf.bak1
C:\windows\system32\yaccf.bak1 Has been deleted!

Attempting to delete C:\windows\system32\yaccf.ini
C:\windows\system32\yaccf.ini Has been deleted!

Performing Repairs to the registry.
Done!

#6 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 13 July 2007 - 03:12 PM

Can you confirm that you are only running one anti virus program, as I can see avast, and symantec in your log.

First, please go to Start> run, and copy/paste the bold text below.

sc delete C:\WINDOWS\system32\qyhemktk.exe



Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O2 - BHO: (no name) - {06E1D333-93AF-4AB5-878B-8EE3BAC7E066} - C:\WINDOWS\system32\cbawv.dll (file missing)
O2 - BHO: (no name) - {4AE3FF78-2AAC-4057-B48C-21F16AE17125} - C:\WINDOWS\system32\xxywuut.dll
O2 - BHO: (no name) - {CE1B2575-F5ED-497B-AE9E-C7677713717A} - C:\WINDOWS\system32\fccay.dll (file missing)
O2 - BHO: (no name) - {F215F456-711A-4991-9056-CA1D78CCD5Ac} - C:\WINDOWS\system32\isuobaaf.dll

O4 - HKLM\..\Run: [Microsoft MSN Messenger] C:\RECYCLER\msnmnsgr.exe
O4 - HKLM\..\Run: [j1231438] rundll32 C:\WINDOWS\system32\j1231438.dll sook

O23 - Service: DomainService - - C:\WINDOWS\system32\qyhemktk.exe
O23 - Service: Microsoft windows FTPd - Unknown owner - C:\WINDOWS\system32\dllcache\updtftpini.exe (file missing)

Reboot and delete

Files
C:\WINDOWS\system32\j1231438.dll
C:\WINDOWS\system32\qyhemktk.exe

Please post a followup Hijack this log, and say if your problems persist.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button