View Full Version : Popups/Problems
ElloMate
2007-06-16, 17:28
Logfile of HijackThis v1.99.1
Scan saved at 10:28:24 PM, on 6/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\CCleaner\ccleaner.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\IVAN\Desktop\Spyware Programs\Hijackthis 1.91\Scanner.exe.exe
O2 - BHO: (no name) - {1D3BE8A5-EB3A-4A6F-B8A4-BB0147EB4C87} - C:\WINDOWS\system32\awvtu.dll
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\cbxxvtt.dll
O20 - Winlogon Notify: awvtu - C:\WINDOWS\system32\awvtu.dll
O20 - Winlogon Notify: cbxxvtt - C:\WINDOWS\SYSTEM32\cbxxvtt.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
Hi ElloMate
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
ElloMate
2007-06-17, 23:41
Hi ElloMate
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
VundoFix V6.4.1
Checking Java version...
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 10:35:47 PM 25/05/2007
Listing files found while scanning....
VundoFix V6.4.1
Checking Java version...
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 8:06:29 AM 26/05/2007
Listing files found while scanning....
C:\WINDOWS\system32\dxlvsudq.dll
C:\WINDOWS\system32\gvwopxsr.ini
C:\WINDOWS\system32\kbbtgtmp.dll
C:\WINDOWS\system32\nbimjwor.dll
C:\WINDOWS\system32\pmtgtbbk.ini
C:\WINDOWS\system32\pqtss.bak1
C:\WINDOWS\system32\pqtss.bak2
C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\pqtss.ini2
C:\WINDOWS\system32\pqtss.tmp
C:\WINDOWS\system32\qdusvlxd.ini
C:\WINDOWS\system32\rowjmibn.ini
C:\WINDOWS\system32\rsxpowvg.dll
C:\WINDOWS\system32\sstqp.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\dxlvsudq.dll
C:\WINDOWS\system32\dxlvsudq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gvwopxsr.ini
C:\WINDOWS\system32\gvwopxsr.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\kbbtgtmp.dll
C:\WINDOWS\system32\kbbtgtmp.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nbimjwor.dll
C:\WINDOWS\system32\nbimjwor.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmtgtbbk.ini
C:\WINDOWS\system32\pmtgtbbk.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\pqtss.bak1
C:\WINDOWS\system32\pqtss.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\pqtss.bak2
C:\WINDOWS\system32\pqtss.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\pqtss.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\pqtss.ini2
C:\WINDOWS\system32\pqtss.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\pqtss.tmp
C:\WINDOWS\system32\pqtss.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\qdusvlxd.ini
C:\WINDOWS\system32\qdusvlxd.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\rowjmibn.ini
C:\WINDOWS\system32\rowjmibn.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\rsxpowvg.dll
C:\WINDOWS\system32\rsxpowvg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\sstqp.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\pqtss.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\pqtss.ini2
C:\WINDOWS\system32\pqtss.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\sstqp.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
VundoFix V6.4.1
Checking Java version...
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 10:45:52 AM 26/05/2007
Listing files found while scanning....
C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\sstqp.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\pqtss.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\sstqp.dll Could not be deleted.
Performing Repairs to the registry.
Done!
VundoFix V6.4.1
Checking Java version...
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 4:19:11 AM 6/17/2007
Listing files found while scanning....
C:\WINDOWS\system32\awvtu.dll
C:\WINDOWS\system32\cbxxvtt.dll
C:\WINDOWS\system32\utvwa.bak1
C:\WINDOWS\system32\utvwa.bak2
C:\WINDOWS\system32\utvwa.ini
C:\WINDOWS\system32\wvuurpm.dll
C:\WINDOWS\system32\xxywuuu.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\awvtu.dll
C:\WINDOWS\system32\awvtu.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\cbxxvtt.dll
C:\WINDOWS\system32\cbxxvtt.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\utvwa.bak1
C:\WINDOWS\system32\utvwa.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\utvwa.bak2
C:\WINDOWS\system32\utvwa.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\utvwa.ini
C:\WINDOWS\system32\utvwa.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\wvuurpm.dll
C:\WINDOWS\system32\wvuurpm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xxywuuu.dll
C:\WINDOWS\system32\xxywuuu.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Hi
Your vundofix is outdated.
Please delete it, then download it from my link and post back corresponding logs :)
ElloMate
2007-06-19, 00:37
Beginning removal...
VundoFix V6.5.0
Checking Java version...
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 5:23:44 AM 18/06/2007
Listing files found while scanning....
C:\windows\system32\awvtu.dll
C:\windows\system32\cbxxvtt.dll
C:\windows\system32\utvwa.bak2
C:\windows\system32\utvwa.ini
Beginning removal...
Attempting to delete C:\windows\system32\awvtu.dll
C:\windows\system32\awvtu.dll Has been deleted!
Attempting to delete C:\windows\system32\cbxxvtt.dll
C:\windows\system32\cbxxvtt.dll Has been deleted!
Attempting to delete C:\windows\system32\utvwa.bak2
C:\windows\system32\utvwa.bak2 Has been deleted!
Attempting to delete C:\windows\system32\utvwa.ini
C:\windows\system32\utvwa.ini Has been deleted!
Performing Repairs to the registry.
Done!
Hi
Please post also a fresh HijackThis log :)
ElloMate
2007-06-20, 02:34
Logfile of HijackThis v1.99.1
Scan saved at 7:34:31 AM, on 19/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\CCleaner\ccleaner.exe
C:\Documents and Settings\IVAN\Desktop\Spyware Programs\Hijackthis 1.91\Scanner.exe.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
Hi
Please do an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/downloads/kws/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
+ Extended (If available otherwise Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.
Post:
- a fresh HijackThis log
- kaspersky report
Due to the lack of feedback this Topic is closed.
If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.