Cant remove virus

fudgamfudgam Upstate New York
edited June 2007 in Spyware & Virus Removal
Ive tried going into safe mode and running spyware programs and HJT but I cant get rid of this virus.


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:32:19 PM, on 6/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Fudgam\Desktop\HJT\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {18B31625-1CF0-41EC-B85F-12206CBA0E4C} - C:\WINDOWS\system32\ssqpq.dll
O2 - BHO: (no name) - {3F9D0C61-737D-44D1-BD80-91AF857061CC} - C:\WINDOWS\system32\nnnkjij.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\qjkajfgp.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINDOWS\system32\lbxwsoni.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Exetender] C:\Program Files\EXEtender\GPlayer.exe /runonstartup
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
O4 - HKCU\..\Policies\Explorer\Run: [{E41783E2-0BA5-1033-0111-061117040001}] "C:\Program Files\Common Files\{E41783E2-0BA5-1033-0111-061117040001}\Update.exe" te-110-12-0000213
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143921717453
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143925186609
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: nnnkjij - C:\WINDOWS\SYSTEM32\nnnkjij.dll
O20 - Winlogon Notify: ssqpq - C:\WINDOWS\system32\ssqpq.dll
O22 - SharedTaskScheduler: OpenGL additional - {8A5849C4-93F3-429D-FF34-660A2068897C} - (no file)
O22 - SharedTaskScheduler: COM+ Service - {3BF77FF3-E054-4728-ADD0-B21EF95EECE1} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ieupdater (Microsoft IE Updater) - Unknown owner - C:\DOCUME~1\Fudgam\LOCALS~1\Temp\ieupdate.exe (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7350 bytes

Comments

  • edited June 2007
    Hi fudgam and welcome to Icrontic. I'm checking your log, so please be patient.
  • edited June 2007
    :)Hi fudgam
    Please do the following...

    Step1
    Please delete any HijackThis Folders and Files you have now. Use Add/Remove Programs and remove HijackThis. What you have now is a Beta Version and isn't ready to use.
    You can get a complete installer that installs HijackThis to C:\Program Files\HijackThis, making an entry in the start menu and also providing a desktop shortcut from here
    Click on the link and select Save, save it to your desktop and double click HJTsetup.exe.

    Right-click on HijackThis.exe & select Rename to scanner.exe

    Step2
    Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it as "All Files" and name it FixServices.bat Please save it on your desktop.
    @echo off
    sc stop"Microsoft IE Updater"
    sc delete"Microsoft IE Updater"
    Double click FixServices.bat. A window will open and close. This is normal.

    Step3
    Open HijackThis
    - Click the Do a system scan only button
    - Check the following entries (below)

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {18B31625-1CF0-41EC-B85F-12206CBA0E4C} - C:\WINDOWS\system32\ssqpq.dll
    O2 - BHO: (no name) - {3F9D0C61-737D-44D1-BD80-91AF857061CC} - C:\WINDOWS\system32\nnnkjij.dll
    O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\qjkajfgp.dll
    O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINDOWS\system32\lbxwsoni.dll",realset
    O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
    O4 - HKCU\..\Policies\Explorer\Run: [{E41783E2-0BA5-1033-0111-061117040001}] "C:\Program Files\Common Files\{E41783E2-0BA5-1033-0111-061117040001}\Update.exe" te-110-12-0000213
    O20 - Winlogon Notify: nnnkjij - C:\WINDOWS\SYSTEM32\nnnkjij.dll
    O20 - Winlogon Notify: ssqpq - C:\WINDOWS\system32\ssqpq.dll
    O22 - SharedTaskScheduler: OpenGL additional - {8A5849C4-93F3-429D-FF34-660A2068897C} - (no file)
    O22 - SharedTaskScheduler: COM+ Service - {3BF77FF3-E054-4728-ADD0-B21EF95EECE1} - (no file)
    O23 - Service: ieupdater (Microsoft IE Updater) - Unknown owner - C:\DOCUME~1\Fudgam\LOCALS~1\Temp\ieupdate.exe (file missing)

    Close ALL open windows
    Click Fix Checked
    Close HijackThis

    Step4
    Please download
    VundoFix.exe to your desktop.
    * Double-click VundoFix.exe to run it.
    * Click the Scan for Vundo button.
    * Once it's done scanning, click the Remove Vundo button.
    * You will receive a prompt asking if you want to remove the files, click YES
    * Once you click yes, your desktop will go blank as it starts removing Vundo.
    * When completed, it will prompt that it will reboot your computer, click OK.

    Important note -- It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

    Step5
    Please download Deckard's System Scanner to your Desktop
    Note: You must be logged onto an account with administrator privileges.
    * Close all applications and windows.
    * Double-click on Dss.exe to run it, and follow the prompts.
    * The scan may take a minute. When the scan is complete, a text file will open Main.txt and extra.txt

    Step6
    Please, post these logs:
    vundofix.txt
    Dss.main.txt
    Dss.extra.txt
  • fudgamfudgam Upstate New York
    edited June 2007
    dss.exe is crashing on me. It gets to about 12% then crashes.
  • edited June 2007
    please send vundofix.txt and a fresh hjT log
  • fudgamfudgam Upstate New York
    edited June 2007
    Logfile of HijackThis v1.99.1
    Scan saved at 5:17:01 PM, on 6/4/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Grisoft\AVG Free\avgcc.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    O2 - BHO: (no name) - {18B31625-1CF0-41EC-B85F-12206CBA0E4C} - C:\WINDOWS\system32\ssqpq.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Exetender] C:\Program Files\EXEtender\GPlayer.exe /runonstartup
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143921717453
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143925186609
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: ieupdater (Microsoft IE Updater) - Unknown owner - C:\DOCUME~1\Fudgam\LOCALS~1\Temp\ieupdate.exe (file missing)
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe




    VundoFix V6.1.6

    Checking Java version...

    Java version is 1.5.0.6

    Scan started at 5:56:59 PM 9/28/2006

    Listing files found while scanning....

    No infected files were found.


    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\pmkhh.dll
    C:\WINDOWS\system32\pmkhh.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\pmkhh.dll
    C:\WINDOWS\system32\pmkhh.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.4.2

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.8
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 3:26:50 PM 6/4/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\aaycpaeh.dll
    C:\WINDOWS\system32\aydjgyiw.dll
    C:\WINDOWS\system32\bdwbmcuq.dll
    C:\WINDOWS\system32\cbxvuuv.dll
    C:\WINDOWS\system32\dbuxyvjc.dll
    C:\WINDOWS\system32\dqginefg.exe
    C:\WINDOWS\system32\fcljmdyh.dll
    C:\WINDOWS\system32\hydmjlcf.ini
    C:\WINDOWS\system32\inoswxbl.ini
    C:\WINDOWS\system32\jxjralh.dll
    C:\WINDOWS\system32\lbxwsoni.dll
    C:\WINDOWS\system32\nnnkjij.dll
    C:\WINDOWS\system32\qjkajfgp.dll
    C:\WINDOWS\system32\qpqss.bak1
    C:\WINDOWS\system32\qpqss.bak2
    C:\WINDOWS\system32\qpqss.ini
    C:\WINDOWS\system32\rqronlk.dll
    C:\WINDOWS\system32\ssqpq.dll
    C:\WINDOWS\system32\tuvwvuv.dll
    C:\WINDOWS\system32\wiygjdya.ini
    C:\WINDOWS\system32\wlmanghr.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\aydjgyiw.dll
    C:\WINDOWS\system32\aydjgyiw.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\bdwbmcuq.dll
    C:\WINDOWS\system32\bdwbmcuq.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\cbxvuuv.dll
    C:\WINDOWS\system32\cbxvuuv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\dbuxyvjc.dll
    C:\WINDOWS\system32\dbuxyvjc.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\dqginefg.exe
    C:\WINDOWS\system32\dqginefg.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fcljmdyh.dll
    C:\WINDOWS\system32\fcljmdyh.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\hydmjlcf.ini
    C:\WINDOWS\system32\hydmjlcf.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\inoswxbl.ini
    C:\WINDOWS\system32\inoswxbl.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jxjralh.dll
    C:\WINDOWS\system32\jxjralh.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\lbxwsoni.dll
    C:\WINDOWS\system32\lbxwsoni.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nnnkjij.dll
    C:\WINDOWS\system32\nnnkjij.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\qjkajfgp.dll
    C:\WINDOWS\system32\qjkajfgp.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qpqss.bak1
    C:\WINDOWS\system32\qpqss.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qpqss.bak2
    C:\WINDOWS\system32\qpqss.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qpqss.ini
    C:\WINDOWS\system32\qpqss.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rqronlk.dll
    C:\WINDOWS\system32\rqronlk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ssqpq.dll
    C:\WINDOWS\system32\ssqpq.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\tuvwvuv.dll
    C:\WINDOWS\system32\tuvwvuv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wiygjdya.ini
    C:\WINDOWS\system32\wiygjdya.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wlmanghr.dll
    C:\WINDOWS\system32\wlmanghr.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\fcljmdyh.dll
    C:\WINDOWS\system32\fcljmdyh.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nnnkjij.dll
    C:\WINDOWS\system32\nnnkjij.dll Has been deleted!

    Performing Repairs to the registry.
    Done!
  • fudgamfudgam Upstate New York
    edited June 2007
    It looks like the popups are gone.

    Thanks alot!
  • edited June 2007
    :)HI fudgam

    Good Work!

    Please do the following

    step#1
    Open HijackThis
    - Click the Do a system scan only button
    - Check the following entries (below)
    O2 - BHO: (no name) - {18B31625-1CF0-41EC-B85F-12206CBA0E4C} - C:\WINDOWS\system32\ssqpq.dll (file missing)
    O23 - Service: ieupdater (Microsoft IE Updater) - Unknown owner - C:\DOCUME~1\Fudgam\LOCALS~1\Temp\ieupdate.exe (file missing)

    Close ALL open windows
    Click Fix Checked
    Close HijackThis

    step#2
    Please download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
    This program is for XP and Windows 2000 only!
    Double-click ATF Cleaner.exe to open it.
    Under Main select the following:
    * Windows Temp
    * Current User Temp
    * All Users Temp
    * Temporary Internet Files
    * Prefetch
    * Java Cache
    *The other boxes are optional*
    NOTE: If you would like to keep your saved passwords, please click No at the prompt
    Then click the Empty Selected button.
    Click Exit on the Main menu to close the program.

    Print out these instructions or save them with notepad or Word

    step#3
    • Start AVG Anti-Spyware
    • Click the Update icon
    • Click Start update
    • Wait until updates are downloaded
    • If you are having problems with the updater, you can use this link manually update
    • Click the Scanner icon
    • Open the Settings tab
      • Make sure that under "How to act?" read Quarantine
      • (If not, click the text and choose Quarantine)
      • Under "How to scan?" all checkboxes should be ticked
      • Under "Reports" select Automatically generate report after every scan
        and uncheck Only if threats were found
      • Under "What to scan?" select Scan every file

    • Click the Shield icon
    • Under the "Resident shield is" click active to make it inactive
    • Close AVG Anti-Spyware
    Reboot to safe mode
    • If the computer is running, shut down Windows, and then turn off the power
    • Wait 30 seconds, and then turn the computer on
    • Start tapping the F8 key
    • The Windows Advanced Options Menu appears
    • Ensure that the Safe Mode option is selected
    • Press Enter. The computer then begins to start in Safe mode
    • Login on your usual account
    • Close all open windows / programs / folders
    • Start AVG Anti-Spyware
    • Click the Scanner icon
    • Click Complete System Scan
    • Let the program scan the machine
    • When the scan has finished, follow the instructions below
      • Make sure that under "Set all elements to" read Quarantine
      • (If not, click the text and choose Quarantine)
      • Click Apply all actions
      • Click Save Report
      • Click Save reports as
      • Save report to your Desktop
    step#4
    Please try that Dss again
    Note: You must be logged onto an account with administrator privileges.
    * Close all applications and windows.
    * Double-click on Dss.exe to run it, and follow the prompts.
    * The scan may take a minute. When the scan is complete, a text file will open Main.txt and extra.txt

    step#5
    Please, post these logs:
    AVG Anti-Spyware
    Dss.main.txt
    Dss.extra.txt
Sign In or Register to comment.