[Klegg]

I'm not completely sure what my son did to this laptop, but he said he was on MYSpace when the problem first occurred. I'm sure you guys are VERY familiar with this little baby. It is my first experience with it and it really has this laptop messed up.

Anyway, I have AVAST on this machine and he let the license key expire w/o telling me, so I updated that it and began finding viruses (I let it clean/delete A LOT).

Explorer windows kept popping up so, I installed SpyBot to see if I could help get this thing back. It cleaned up A LOT as well, but I was still getting random browser windows appearing.

I then installed Ad-ware from Lavasoft. It appears to have cleaned up most of the rest.

The only issue I have now is AVAST keeps reporting two viruses:

1) WIN32: Trojan-gen (other); Virus/Worm; file=c:\windows\system32\wkvkww.dll
2) WIN32: Trojan-gen (other); Virus/Worm; file=c:\windows\system32\raoule.dll

I tell AVAST to delete these files permanently. If open the IE browser OR a windows explorer window, AVAST reports them again.

Here's the DDS.TXT file data:


DDS (Version 1.0) - NTFSx86
Run by melissa sheppard at 22:54:49.65 on Wed 11/12/2008

============== Psuedo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
uSearchAssistant = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
BHO: {2498ae7d-7843-462e-ad57-5479010c3909} - c:\windows\system32\ktidfg.dll
BHO: {A63E645F-13BD-45ED-B15F-6E8C1BD57279} - c:\windows\system32\qoMdARIc.dll
BHO: {B1FD1296-A652-49E9-882D-68288170F4E0} - c:\windows\system32\xxyabywU.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [JobHisInit] c:\program files\rmclient\JobHisInit.exe
mRun: [MplSetUp] c:\program files\rmclient\MplSetUp.exe
mRun: [Lexmark 4200 Series] "c:\program files\lexmark 4200 series\lxbmbmgr.exe"
mRun: [FaxCenterServer4_in_1] "c:\program files\lexmark 4200 series\fax\fm3032.exe" /s
mRun: [<NO NAME>]
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [brastk] c:\windows\system32\brastk.exe
mRun: [Antivirus Pro 2009] "c:\program files\antiviruspro2009\AntivirusPro2009.exe" /hide
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: {FA509BE8-963B-41B8-9E92-90505C858A9A} = 68.12.16.30,68.12.16.25
Notify: AtiExtEvent -Ati2evxx.dll
Notify: qoMdARIc -qoMdARIc.dll
Notify: xxyabbAQ -xxyabbAQ.dll
AppInit_DLLs: ktidfg.dll
SEH: {A63E645F-13BD-45ED-B15F-6E8C1BD57279} - c:\windows\system32\qoMdARIc.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\xxyabywU

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2008-11-12 22:33 250 a------- c:\windows\gmer.ini
2008-11-12 20:27 120 ---sh--- c:\windows\system32\nreypliy.ini
2008-11-12 20:27 68,096 a------- c:\windows\system32\yilpyern.dll
2008-11-12 20:27 124,928 a------- c:\windows\system32\ktidfg.dll
2008-11-12 20:27 124,928 a------- c:\windows\system32\oavsagnu.dll
2008-11-11 22:58 <DIR> --d----- c:\program files\Lavasoft
2008-11-11 22:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Lavasoft
2008-11-11 22:57 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-11-11 20:25 124,928 a------- c:\windows\system32\kmbvbb.dll
2008-11-11 20:25 124,928 a------- c:\windows\system32\uqjprrnp.dll
2008-11-11 20:25 1,579,044 ---sh--- c:\windows\system32\tiopvjln.ini
2008-11-11 20:25 68,096 a------- c:\windows\system32\nljvpoit.dll
2008-11-11 19:28 1,579,062 ---sh--- c:\windows\system32\ebgoilak.ini
2008-11-11 19:28 68,096 a------- c:\windows\system32\kaliogbe.dll
2008-11-11 19:21 971,692 a--sh--- c:\windows\system32\Uwybayxx.ini2
2008-11-11 19:21 151 a------- c:\windows\wininit.ini
2008-11-11 19:18 124,928 a------- c:\windows\system32\pbohln.dll
2008-11-11 19:18 124,928 a------- c:\windows\system32\amipsjeu.dll
2008-11-11 18:37 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-11-11 18:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-11-11 16:22 17,969 a------- c:\docume~1\meliss~1\applic~1\upev.scr
2008-11-11 16:22 14,400 a------- c:\docume~1\meliss~1\applic~1\jysijofoha.bat
2008-11-11 16:22 14,257 a------- c:\windows\duzodelu.vbs
2008-11-11 16:22 13,583 a------- c:\docume~1\meliss~1\applic~1\yvoqiciv.pif
2008-11-11 16:22 11,208 a------- c:\docume~1\alluse~1\applic~1\pocy.sys
2008-11-11 16:22 14,419 a------- c:\windows\system32\oqor.dat
2008-11-11 16:22 14,013 a------- c:\windows\system32\vapolom.exe
2008-11-11 16:22 12,843 a------- c:\program files\common files\dokakydaq.vbs
2008-11-11 16:22 12,170 a------- c:\docume~1\meliss~1\applic~1\ecopave.vbs
2008-11-11 16:22 11,844 a------- c:\windows\abepyx.inf
2008-11-11 16:22 10,810 a------- c:\program files\common files\uhos.bin
2008-11-10 21:55 <DIR> --d----- c:\program files\common files\PC Tools
2008-11-10 21:55 <DIR> --d----- c:\program files\PC Tools AntiVirus
2008-11-10 19:56 0 a------- c:\windows\system32\ieupdates.exe
2008-11-10 19:16 124,928 -------- c:\windows\system32\raoule.dll
2008-11-10 19:16 124,928 a------- c:\windows\system32\lbpacgyc.dll
2008-11-10 19:13 1,584,359 ---sh--- c:\windows\system32\bhlbxyux.ini
2008-11-10 11:14 124,928 -------- c:\windows\system32\wkvkww.dll
2008-11-10 11:14 124,928 a------- c:\windows\system32\ewjcglfx.dll
2008-11-09 22:19 19,968 a------- c:\docume~1\alluse~1\applic~1\lemulore.pif
2008-11-09 22:19 16,950 a------- c:\docume~1\meliss~1\applic~1\uvujoso.bin
2008-11-09 22:19 14,844 a------- c:\docume~1\alluse~1\applic~1\calydoki.com
2008-11-09 22:19 14,065 a------- c:\program files\common files\puqorotu.pif
2008-11-09 22:19 10,807 a------- c:\windows\epynyf.com
2008-11-09 22:19 14,592 a------- c:\docume~1\alluse~1\applic~1\jalud.vbs
2008-11-09 22:19 14,498 a------- c:\windows\tyheme.lib
2008-11-09 22:19 14,092 a------- c:\windows\system32\vazed.lib
2008-11-09 22:19 13,491 a------- c:\windows\system32\iwyduz.pif
2008-11-09 22:19 12,329 a------- c:\program files\common files\xahefyfuqy.dat
2008-11-09 22:19 10,906 a------- c:\program files\common files\ipuwydebef.reg
2008-11-09 22:19 10,696 a------- c:\windows\tada.inf
2008-11-09 22:19 17,495 a------- c:\windows\system32\badilu.reg
2008-11-09 22:19 13,103 a------- c:\windows\sytyqamyhe.bat
2008-11-08 19:08 <DIR> --d----- c:\docume~1\meliss~1\applic~1\gadcom
2008-11-08 16:02 25,600 a------- c:\windows\system32\qoMdARIc.dll
2008-11-08 16:02 25,600 a------- c:\windows\system32\jkkHXOGa.dll
2008-11-08 15:56 <DIR> --dsh--- C:\found.000
2008-11-08 11:51 73,728 a------- c:\windows\system32\javacpl.cpl
2008-11-08 11:40 971,692 a--sh--- c:\windows\system32\Uwybayxx.ini
2008-11-08 11:40 313,856 a------- c:\windows\system32\xxyabywU.dll
2008-11-08 11:35 25,600 a------- c:\windows\system32\geBtSJCR.dll
2008-11-08 11:35 25,600 a------- c:\windows\system32\xxyabbAQ.dll
2008-11-06 22:24 198,604 a------- c:\windows\system32\wpv3712.cpx
2008-11-06 22:24 25,600 a------- c:\windows\system32\wpv2011.cpx
2008-10-24 13:50 119,159 a------- C:\d.jpg
2008-10-17 22:25 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2008-10-17 22:25 12,160 a------- c:\windows\system32\dllcache\mouhid.sys

==================== Find3M ====================

2008-10-28 18:51 <DIR> --d----- c:\program files\Easy Internet signup
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-15 10:57 332,800 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-03 11:41 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
2008-09-15 05:57 1,846,016 a------- c:\windows\system32\win32k.sys
2008-09-15 05:57 1,846,016 -------- c:\windows\system32\dllcache\win32k.sys
2008-08-28 04:04 333,056 -------- c:\windows\system32\dllcache\srv.sys
2008-08-27 02:24 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2008-08-25 02:38 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-08-25 02:37 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-08-22 23:56 635,848 -------- c:\windows\system32\dllcache\iexplore.exe
2008-08-22 23:54 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-04-05 07:56 <DIR> --d----- c:\docume~1\meliss~1\applic~1\Research In Motion
2007-10-12 08:28 <DIR> --d----- c:\docume~1\meliss~1\applic~1\You've Got Pictures Screensaver
2007-07-30 20:53 <DIR> --d----- c:\docume~1\meliss~1\applic~1\4200Series
2007-07-25 12:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\4200Series
2007-06-16 05:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2007-04-22 14:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2007-04-22 13:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pure Networks
2005-04-30 00:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\hpqwmi
2005-04-29 23:49 <DIR> --d----- c:\docume~1\meliss~1\applic~1\Symantec
2005-04-29 21:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SBSI

============= FINISH: 22:56:32.15 ===============

 

[Klegg]

I believe my issues have been resolved. Multiple scans with Ad-Aware and Avast finally appear to have done the trick...

 

[tetonbob]

Hello -

Thanks for letting us know. If you'd still like a review of your system logs, please run DDS once again. Only the initial scan would be required this time, the secondary scan would be unnecessary. Post DDS.txt if you still would like a review.

 

[tetonbob]

Since this issue is resolved, this topic will be archived.

Surf Safely, and Think Prevention!