Tech Support Forum - View Single Post - Need help with my HJT Log (Hit a dead end)

Sempurna · 05-01-2007, 11:04 PM

Hi Buddha,

Welcome to Tech Support Forum!

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

OK, here’s what we do first.

We need to disable your Windows Defender real-time protection as it may interfere with the fixes that we need to make.

To disable Windows Defender:

Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

NEXT:

Please download VirtumundoBeGone:

Save it to the desktop.
Close all running programs (including your Internet browser).
Double-click VirtumundoBeGone.exe on the desktop.
Follow the directions as indicated.

This program may generate a "BLUE SCREEN OF DEATH" which is an expected/necessary part of the process. Do not be concerned. Just reboot if your system "jams".

To confirm successful deletion, and to determine if there are any additional problems, please post the VirtumundoBeGone log VBG.txt. It will be on your desktop.

NEXT:

Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\qohvxdvv.dll (file missing)
O2 - BHO: (no name) - {93FF1CC5-3BEE-444C-AF93-AD8E1EE28585} - C:\WINDOWS\system32\awtss.dll (file missing)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\uhcmojut.dll",realest

Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked".

Then please exit HijackThis.

NEXT:

Please download OTMoveIt by OldTimer:

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\WINDOWS\system32\uhcmojut.dll
C:\WINDOWS\system32\uhcmojut.dll
C:\WINDOWS\b122.exe
C:\WINDOWS\system32\awvvv.dll
C:\Program Files\InetGet2
Return to OTMoveIt, right-click on the Paste List of Files/Folders to be Moved window and choose Paste.
Click the red MoveIt! button.
Close OTMoveIt.
Please post the log from OTMoveIt, located here:

C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

NEXT:

Please download ComboFix by sUBs:

NOTE: In the event you already have ComboFix, this is a new version that I need you to download.

Save it to your desktop.
Double-click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:

The log from the VirtumundoBeGone scan.
The log from the ComboFix scan.
A new HijackThis log.

(You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software).

Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted.

05-01-2007, 11:04 PM	#4 (permalink)
Sempurna Analyst, Security Team Join Date: Sep 2006 Posts: 1,302 OS: Windows XP SP2	Re: Need help with my HJT Log (Hit a dead end) Hi Buddha, Welcome to Tech Support Forum! I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help. OK, here’s what we do first. We need to disable your Windows Defender real-time protection as it may interfere with the fixes that we need to make. To disable Windows Defender: Open Windows Defender. Click on Tools, General Settings. Scroll down and uncheck Turn on real-time protection (recommended). After you uncheck this, click on the Save button and close Windows Defender. NEXT: Please download VirtumundoBeGone: Save it to the desktop. Close all running programs (including your Internet browser). Double-click VirtumundoBeGone.exe on the desktop. Follow the directions as indicated. This program may generate a "BLUE SCREEN OF DEATH" which is an expected/necessary part of the process. Do not be concerned. Just reboot if your system "jams". To confirm successful deletion, and to determine if there are any additional problems, please post the VirtumundoBeGone log VBG.txt. It will be on your desktop. NEXT: Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present): O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\qohvxdvv.dll (file missing) O2 - BHO: (no name) - {93FF1CC5-3BEE-444C-AF93-AD8E1EE28585} - C:\WINDOWS\system32\awtss.dll (file missing) O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\uhcmojut.dll",realest Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked". Then please exit HijackThis. NEXT: Please download OTMoveIt by OldTimer: Save it to your desktop. Please double-click OTMoveIt.exe to run it. Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): C:\WINDOWS\system32\uhcmojut.dll C:\WINDOWS\system32\uhcmojut.dll C:\WINDOWS\b122.exe C:\WINDOWS\system32\awvvv.dll C:\Program Files\InetGet2 Return to OTMoveIt, right-click on the Paste List of Files/Folders to be Moved window and choose Paste. Click the red MoveIt! button. Close OTMoveIt. Please post the log from OTMoveIt, located here: C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log Where mmddyyyy_hhmmss is the date of the tool run. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. NEXT: Please download ComboFix by sUBs: NOTE: In the event you already have ComboFix, this is a new version that I need you to download. Save it to your desktop. Double-click combofix.exe and follow the prompts. When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply. CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall. NEXT: Please REBOOT your computer normally into Windows and post these logs in your next reply: The log from the VirtumundoBeGone scan. The log from the ComboFix scan. A new HijackThis log. (You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software). Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted. __________________ Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum