HJT and AVG anti spyware log

[clarkey2r]

Hello everyone!

I am a noob in these parts so please be nice!

Anyway, I have uploaded my HJT and AVG anti-spyware logs for you all to see and advise! Any help is appreciated!

BTW I am using TeaTimer and I got a Registry entry while browsing the net, so I obviously didn’t allow it and now I am getting about 10 popups every min saying Registry change denied!

Thanks in advance,
Clarkey

 

[howard_hopkinso]

Hello and welcome to Techspot.

Your system is infected with a variety of nasties.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

Let me know how you wish to proceed.

Regards Howard :wave: :wave:

This thread is for the use of clarkey2r only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[clarkey2r]

Hi Howard,

I have read the link, and I know that a reformat is the best way to go but I want to try and avoid this if necessary!

Is it an easy process getting rid of these nasties?

Cheers
Clarkey

 

[howard_hopkinso]

Ok, lets do the following.

Delete all files in AVG Antispyware quarantine.

Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

OLE multi config
COM+ Messages

Close the services window.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

ole2.exe
svchosts.exe<Not to be confused with svchost.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: MSEvents Object - {2771D8F7-933D-4D4E-B79F-DEF857511A82} - C:\WINDOWS\system32\wvuuttq.dll

O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\JAMIEG~1\LOCALS~1\Temp\~DP69.dll (file missing)

O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\sjtvfglc.dll

O2 - BHO: (no name) - {BDF37FFD-20D5-4B43-AC81-04994CFE4C52} - C:\WINDOWS\system32\mljjk.dll (file missing)

O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\bvxtqiub.dll",setvm

O20 - Winlogon Notify: winmbj32 - winmbj32.dll (file missing)

O20 - Winlogon Notify: wvuuttq - C:\WINDOWS\SYSTEM32\wvuuttq.dll

O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)

O23 - Service: OLE multi config - Unknown owner - C:\WINDOWS\system32\ole2.exe (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\system32\ole2.exe
C:\WINDOWS\system32\svchosts.exe<Not to be confused with svchost.exe.

Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.

These are the filepaths you need to enter into killbox.

C:\WINDOWS\SYSTEM32\wvuuttq.dll
C:\WINDOWS\system32\bvxtqiub.dll
C:\WINDOWS\system32\sjtvfglc.dll

Once your system has rebooted, rehide your protected OS files.

Post a fresh HJT log.

Regards Howard

This thread is for the use of clarkey2r only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[clarkey2r]

Here is the new log!

Everything seems to be good!

 

[howard_hopkinso]

Download Vundofix from HERE.

Double click the Vundofix.exe to run it.

Right click in the vundofix window and click add files.

Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.

This is the filepath you need to enter into Vundofix.

C:\WINDOWS\system32\awvvw.dll

Post a fresh HJT log after doing the above.

Regards Howard

This thread is for the use of clarkey2r only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[clarkey2r]

One new log!

 

[howard_hopkinso]

That`s got it.

Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {0EFA94DA-026B-4B21-90C8-41E00AB297C1} - C:\WINDOWS\system32\awvvw.dll (file missing)

Click on the fix checked button.

Close HJT and reboot your system. Check to see that the entry has now gone.

Other than the above inactive entry, your HJT log is clean.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of clarkey2r only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[clarkey2r]

Thankyou so much for all your help!

I dont know what i would have done with out you, apart from re-formatting the HD!

Thanks again
Clarkey