TechSpot

HJT and AVG anti spyware log

By clarkey2r
Jan 7, 2007
Topic Status:
Not open for further replies.
  1. Hello everyone!

    I am a noob in these parts so please be nice!

    Anyway, I have uploaded my HJT and AVG anti-spyware logs for you all to see and advise! Any help is appreciated!

    BTW I am using TeaTimer and I got a Registry entry while browsing the net, so I obviously didn’t allow it and now I am getting about 10 popups every min saying Registry change denied!

    Thanks in advance,
    Clarkey

    Attached Files:

  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Hello and welcome to Techspot.

    Your system is infected with a variety of nasties.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    Let me know how you wish to proceed.

    Regards Howard :wave: :wave:

    This thread is for the use of clarkey2r only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  3. clarkey2r

    clarkey2r TS Rookie Topic Starter

    Hi Howard,

    I have read the link, and I know that a reformat is the best way to go but I want to try and avoid this if necessary!

    Is it an easy process getting rid of these nasties?

    Cheers
    Clarkey
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Ok, lets do the following.

    Delete all files in AVG Antispyware quarantine.

    Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    OLE multi config
    COM+ Messages

    Close the services window.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    ole2.exe
    svchosts.exe<Not to be confused with svchost.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: MSEvents Object - {2771D8F7-933D-4D4E-B79F-DEF857511A82} - C:\WINDOWS\system32\wvuuttq.dll

    O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\JAMIEG~1\LOCALS~1\Temp\~DP69.dll (file missing)

    O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\sjtvfglc.dll

    O2 - BHO: (no name) - {BDF37FFD-20D5-4B43-AC81-04994CFE4C52} - C:\WINDOWS\system32\mljjk.dll (file missing)

    O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\bvxtqiub.dll",setvm

    O20 - Winlogon Notify: winmbj32 - winmbj32.dll (file missing)

    O20 - Winlogon Notify: wvuuttq - C:\WINDOWS\SYSTEM32\wvuuttq.dll

    O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)

    O23 - Service: OLE multi config - Unknown owner - C:\WINDOWS\system32\ole2.exe (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\WINDOWS\system32\ole2.exe
    C:\WINDOWS\system32\svchosts.exe<Not to be confused with svchost.exe.

    Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.

    These are the filepaths you need to enter into killbox.

    C:\WINDOWS\SYSTEM32\wvuuttq.dll
    C:\WINDOWS\system32\bvxtqiub.dll
    C:\WINDOWS\system32\sjtvfglc.dll

    Once your system has rebooted, rehide your protected OS files.

    Post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of clarkey2r only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  5. clarkey2r

    clarkey2r TS Rookie Topic Starter

    Here is the new log!

    Everything seems to be good!
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Download Vundofix from HERE.

    Double click the Vundofix.exe to run it.

    Right click in the vundofix window and click add files.

    Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.

    This is the filepath you need to enter into Vundofix.

    C:\WINDOWS\system32\awvvw.dll

    Post a fresh HJT log after doing the above.

    Regards Howard :)

    This thread is for the use of clarkey2r only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  7. clarkey2r

    clarkey2r TS Rookie Topic Starter

    One new log!
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    That`s got it.

    Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - {0EFA94DA-026B-4B21-90C8-41E00AB297C1} - C:\WINDOWS\system32\awvvw.dll (file missing)

    Click on the fix checked button.

    Close HJT and reboot your system. Check to see that the entry has now gone.

    Other than the above inactive entry, your HJT log is clean.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of clarkey2r only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  9. clarkey2r

    clarkey2r TS Rookie Topic Starter

    Thankyou so much for all your help!

    I dont know what i would have done with out you, apart from re-formatting the HD!

    Thanks again
    Clarkey
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.