Good Day! Please review my HijackThis log - pop-ups are killing me!

By icepulse
Aug 2, 2007
  1. Hello to all on the boards.

    I've just been struggling to remove some NASTY Vundo Malware from my rig, and nothing is helping me! I've run VundoFix and HouseCall, AVG, Ad-Aware, Spybot.... nothing is keeping this away. Keep getting browser pop-ups, on sites that don't have 'em. (i.e. Google).

    Could anyone please analyze the attatched HJT log file, and suggest something? Thank you very much in advance.

    Oh, I'm running XP Pro SP 2.
  2. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Hello and welcome to TechSpot.

    You're running HijackThis from the wrong location. You need to move the DO IT.exe file into its own folder, such as C:\Program Files\HijackThis.

    Then go and read the Viruses/spyware/malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, ComboFix, and AVG Antispyware logs as attachments into this thread, only after doing the above. Also post here the results of the AVG Antirootkit scan.

    Regards :)

    This thread is for the use of icepulse only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
  3. icepulse

    icepulse TS Rookie Topic Starter

    OK. It took me half the day, but here we go.

    Please note that I followed all instructions to a "T", but the AVG Spyware would only allow a "delete" option, although I checked "Quarentine" as my default action. It shows 54 cookies, all found within a single ".ar" file. consequently, the delete failed. Please see attached my AVG Antispyware, Combofix and HJT logs attached. The AVG Antirootkit scan yielded no result at all.

    Thanks again.
  4. tomrca

    tomrca TS Rookie Posts: 1,000

    these can be fixed.

    O2 - BHO: (no name) - {65B70876-49E3-4584-8100-36D3AB06B394} - C:\WINDOWS\system32\vtstu.dll (file missing)
    O2 - BHO: (no name) - {A831AB69-2707-4357-829B-B8F8EEF63F1C} - C:\WINDOWS\system32\ddccb.dll (file missing)
    O2 - BHO: (no name) - {AD8B61A8-2B10-4A79-B694-D5E3BFB9CDE6} - C:\WINDOWS\system32\vturr.dll (file missing)
    O2 - BHO: (no name) - {CFEE714A-2809-4BD1-B85C-02E31F9AC408} - C:\WINDOWS\system32\vtsqn.dll (file missing)

    Check if you know this site and fix it if you do not. Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. Especially If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc.

    O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:program FilesPlotSoftPDFill\DownloadPDF.exe

    16 - DPF: {5879B3B0-566E-4ECB-9B77-9A8A5E62AAB8} (DeviceMon Class) -

    please post the avg antispyware log
  5. icepulse

    icepulse TS Rookie Topic Starter

    Thank You All!!!
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...