• Welcome Guest, to the Spybot Forums! It's 2025, and we just upgraded our forum software.

    Today is Safer Internet Day, and with our new forum, you can finally use passkeys to login. That was about time!

    Of course, you could ask if a forum is still useful, with so many social media networks out there where you might already have an account, and met a lot of users. You can now use your login from some of those networks to log in here. And by posting here, your question and data is stored on our servers and not automatically shared with a whole social media network.

    We'll also start using the forum for small bits of information, announcements and more again.

Popups/Problems

E

ElloMate

New member
Logfile of HijackThis v1.99.1
Scan saved at 10:28:24 PM, on 6/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\CCleaner\ccleaner.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\IVAN\Desktop\Spyware Programs\Hijackthis 1.91\Scanner.exe.exe

O2 - BHO: (no name) - {1D3BE8A5-EB3A-4A6F-B8A4-BB0147EB4C87} - C:\WINDOWS\system32\awvtu.dll
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\cbxxvtt.dll
O20 - Winlogon Notify: awvtu - C:\WINDOWS\system32\awvtu.dll
O20 - Winlogon Notify: cbxxvtt - C:\WINDOWS\SYSTEM32\cbxxvtt.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
 
Hi ElloMate

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
 
Shaba said:
Hi ElloMate

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
Click to expand...


VundoFix V6.4.1

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 10:35:47 PM 25/05/2007

Listing files found while scanning....


VundoFix V6.4.1

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 8:06:29 AM 26/05/2007

Listing files found while scanning....

C:\WINDOWS\system32\dxlvsudq.dll
C:\WINDOWS\system32\gvwopxsr.ini
C:\WINDOWS\system32\kbbtgtmp.dll
C:\WINDOWS\system32\nbimjwor.dll
C:\WINDOWS\system32\pmtgtbbk.ini
C:\WINDOWS\system32\pqtss.bak1
C:\WINDOWS\system32\pqtss.bak2
C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\pqtss.ini2
C:\WINDOWS\system32\pqtss.tmp
C:\WINDOWS\system32\qdusvlxd.ini
C:\WINDOWS\system32\rowjmibn.ini
C:\WINDOWS\system32\rsxpowvg.dll
C:\WINDOWS\system32\sstqp.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\dxlvsudq.dll
C:\WINDOWS\system32\dxlvsudq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gvwopxsr.ini
C:\WINDOWS\system32\gvwopxsr.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\kbbtgtmp.dll
C:\WINDOWS\system32\kbbtgtmp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nbimjwor.dll
C:\WINDOWS\system32\nbimjwor.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmtgtbbk.ini
C:\WINDOWS\system32\pmtgtbbk.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqtss.bak1
C:\WINDOWS\system32\pqtss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqtss.bak2
C:\WINDOWS\system32\pqtss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\pqtss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqtss.ini2
C:\WINDOWS\system32\pqtss.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqtss.tmp
C:\WINDOWS\system32\pqtss.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\qdusvlxd.ini
C:\WINDOWS\system32\qdusvlxd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\rowjmibn.ini
C:\WINDOWS\system32\rowjmibn.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\rsxpowvg.dll
C:\WINDOWS\system32\rsxpowvg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\sstqp.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\pqtss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqtss.ini2
C:\WINDOWS\system32\pqtss.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\sstqp.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

VundoFix V6.4.1

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 10:45:52 AM 26/05/2007

Listing files found while scanning....

C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\sstqp.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\pqtss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\sstqp.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.4.1

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 4:19:11 AM 6/17/2007

Listing files found while scanning....

C:\WINDOWS\system32\awvtu.dll
C:\WINDOWS\system32\cbxxvtt.dll
C:\WINDOWS\system32\utvwa.bak1
C:\WINDOWS\system32\utvwa.bak2
C:\WINDOWS\system32\utvwa.ini
C:\WINDOWS\system32\wvuurpm.dll
C:\WINDOWS\system32\xxywuuu.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awvtu.dll
C:\WINDOWS\system32\awvtu.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\cbxxvtt.dll
C:\WINDOWS\system32\cbxxvtt.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\utvwa.bak1
C:\WINDOWS\system32\utvwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\utvwa.bak2
C:\WINDOWS\system32\utvwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\utvwa.ini
C:\WINDOWS\system32\utvwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvuurpm.dll
C:\WINDOWS\system32\wvuurpm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxywuuu.dll
C:\WINDOWS\system32\xxywuuu.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...
 
Hi

Your vundofix is outdated.

Please delete it, then download it from my link and post back corresponding logs :)
 
Beginning removal...

VundoFix V6.5.0

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 5:23:44 AM 18/06/2007

Listing files found while scanning....

C:\windows\system32\awvtu.dll
C:\windows\system32\cbxxvtt.dll
C:\windows\system32\utvwa.bak2
C:\windows\system32\utvwa.ini

Beginning removal...

Attempting to delete C:\windows\system32\awvtu.dll
C:\windows\system32\awvtu.dll Has been deleted!

Attempting to delete C:\windows\system32\cbxxvtt.dll
C:\windows\system32\cbxxvtt.dll Has been deleted!

Attempting to delete C:\windows\system32\utvwa.bak2
C:\windows\system32\utvwa.bak2 Has been deleted!

Attempting to delete C:\windows\system32\utvwa.ini
C:\windows\system32\utvwa.ini Has been deleted!

Performing Repairs to the registry.
Done!
 
Logfile of HijackThis v1.99.1
Scan saved at 7:34:31 AM, on 19/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\CCleaner\ccleaner.exe
C:\Documents and Settings\IVAN\Desktop\Spyware Programs\Hijackthis 1.91\Scanner.exe.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
 
Hi

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Post:

- a fresh HijackThis log
- kaspersky report
 
Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
 
You must log in or register to reply here.
Back
Top