Crucial help needed ! HJT-Log included

Dev Shed Forums Sponsor:

Get inside! Sample the range of functionality easily built with JMSL Library for Time Series Data Analysis, Heat Maps, Portfolio Optimization, Monte Carlo Simulation, Stock Price Charting and more. Download Now!

October 10th, 2004, 07:01 AM

skorpan

Registered User

Join Date: Oct 2004

Posts: 1

Time spent in forums: < 1 sec
Reputation Power: 0

Crucial help needed ! HJT-Log included

Please help me solve this problem

Logfile of HijackThis v1.98.2
Scan saved at 13:53:30, on 2004-10-10
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Documents and Settings\Skorpan Äger\Skrivbord\Ventrilo\ventrilo_srv.exe
C:\Program\Microsoft Hardware\Mouse\POINT32.EXE
C:\Program\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\ntpl32.exe
C:\WINDOWS\_default.pif:ovqle
C:\Program\PestPatrol\PestPatrol.exe
C:\Winamp\winamp.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Documents and Settings\Skorpan Äger\Skrivbord\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vqleq.dll/sp.html#37794
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vqleq.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\vqleq.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vqleq.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vqleq.dll/sp.html#37794
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vqleq.dll/sp.html#37794
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vqleq.dll/sp.html#37794
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {CDA7655D-27CA-4F67-07DB-DBE1FF31B073} - C:\WINDOWS\system32\iplz.dll
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\Program\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\Program\PestPatrol\CookiePatrol.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ntpl32.exe] C:\WINDOWS\ntpl32.exe
O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Program\PESTPA~1\ppclean.exe" "clean" "ts:20041010131858109" "vx2" "2"
O4 - HKLM\..\RunOnce: [ovqle] C:\WINDOWS\_default.pif:ovqle
O4 - Startup: Genväg till ventrilo_srv.lnk = ?
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

Bitdefender resaults

C:\WINDOWS\appkw.dll: infected with Trojan.Downloader.Agent.BQ
C:\WINDOWS\appkw.dll: disinfection failed
C:\WINDOWS\atlhn32.dll: infected with Trojan.Downloader.Agent.AN
C:\WINDOWS\atlhn32.dll: disinfection failed
C:\WINDOWS\cryb32.dll: infected with Trojan.Downloader.Agent.BQ
C:\WINDOWS\cryb32.dll: disinfection failed
C:\WINDOWS\fyxom.dll=>(JAVASCRIPT 2): infected with JS.Winshow.U
C:\WINDOWS\fyxom.dll=>(JAVASCRIPT 2): disinfection failed
C:\WINDOWS\fyxom.dll=>(JAVASCRIPT 16): infected with JS.Winshow.U
C:\WINDOWS\fyxom.dll=>(JAVASCRIPT 16): disinfection failed
C:\WINDOWS\fyxom.dll=>(JAVASCRIPT 30): infected with JS.Winshow.U
C:\WINDOWS\fyxom.dll=>(JAVASCRIPT 30): disinfection failed
C:\WINDOWS\fyxom.dll=>(JAVASCRIPT 46): infected with JS.Winshow.U
C:\WINDOWS\fyxom.dll=>(JAVASCRIPT 46): disinfection failed
C:\WINDOWS\fyxom.dll=>(JAVASCRIPT 208): infected with JS.Winshow.U
C:\WINDOWS\fyxom.dll=>(JAVASCRIPT 208): disinfection failed
C:\WINDOWS\iegk32.dll: infected with Trojan.Downloader.Agent.AN
C:\WINDOWS\iegk32.dll: disinfection failed
C:\WINDOWS\iekp32.exe: infected with Trojan.Downloader.Agent.Z
C:\WINDOWS\iekp32.exe: disinfection failed
C:\WINDOWS\javanv.dll: infected with Trojan.Downloader.Agent.AN
C:\WINDOWS\javanv.dll: disinfection failed
C:\WINDOWS\ntpl32.dll: infected with Trojan.Downloader.Agent.BQ
C:\WINDOWS\ntpl32.dll: disinfection failed
C:\WINDOWS\ntpl32.exe.bak: infected with Trojan.Downloader.Agent.CD
C:\WINDOWS\ntpl32.exe.bak: disinfection failed
C:\WINDOWS\opkfr.dll=>(JAVASCRIPT 2): infected with JS.Winshow.U
C:\WINDOWS\opkfr.dll=>(JAVASCRIPT 2): disinfection failed
C:\WINDOWS\opkfr.dll=>(JAVASCRIPT 16): infected with JS.Winshow.U
C:\WINDOWS\opkfr.dll=>(JAVASCRIPT 16): disinfection failed
C:\WINDOWS\opkfr.dll=>(JAVASCRIPT 30): infected with JS.Winshow.U
C:\WINDOWS\opkfr.dll=>(JAVASCRIPT 30): disinfection failed
C:\WINDOWS\opkfr.dll=>(JAVASCRIPT 46): infected with JS.Winshow.U
C:\WINDOWS\opkfr.dll=>(JAVASCRIPT 46): disinfection failed
C:\WINDOWS\opkfr.dll=>(JAVASCRIPT 208): infected with JS.Winshow.U
C:\WINDOWS\opkfr.dll=>(JAVASCRIPT 208): disinfection failed
C:\WINDOWS\system32\apiga.dll: infected with Trojan.Downloader.Agent.BQ
C:\WINDOWS\system32\apiga.dll: disinfection failed
C:\WINDOWS\system32\atlke32.dll: infected with Trojan.Downloader.Agent.BQ
C:\WINDOWS\system32\atlke32.dll: disinfection failed
C:\WINDOWS\system32\glflg.dll=>(JAVASCRIPT 2): infected with JS.Winshow.U
C:\WINDOWS\system32\glflg.dll=>(JAVASCRIPT 2): disinfection failed
C:\WINDOWS\system32\glflg.dll=>(JAVASCRIPT 16): infected with JS.Winshow.U
C:\WINDOWS\system32\glflg.dll=>(JAVASCRIPT 16): disinfection failed
C:\WINDOWS\system32\glflg.dll=>(JAVASCRIPT 30): infected with JS.Winshow.U
C:\WINDOWS\system32\glflg.dll=>(JAVASCRIPT 30): disinfection failed
C:\WINDOWS\system32\glflg.dll=>(JAVASCRIPT 46): infected with JS.Winshow.U
C:\WINDOWS\system32\glflg.dll=>(JAVASCRIPT 46): disinfection failed
C:\WINDOWS\system32\glflg.dll=>(JAVASCRIPT 208): infected with JS.Winshow.U
C:\WINDOWS\system32\glflg.dll=>(JAVASCRIPT 208): disinfection failed
C:\WINDOWS\system32\iplz.dll: infected with Trojan.Downloader.Agent.AN
C:\WINDOWS\system32\iplz.dll: disinfection failed
C:\WINDOWS\system32\mfcuj.dll: infected with Trojan.Downloader.Agent.BQ
C:\WINDOWS\system32\mfcuj.dll: disinfection failed
C:\WINDOWS\system32\sdkej.dll: infected with Trojan.Downloader.Agent.BQ
C:\WINDOWS\system32\sdkej.dll: disinfection failed
C:\WINDOWS\system32\sysfe.dll: infected with Trojan.Downloader.Agent.BQ
C:\WINDOWS\system32\sysfe.dll: disinfection failed
C:\WINDOWS\system32\vqleq.dll=>(JAVASCRIPT 2): infected with JS.Winshow.U
C:\WINDOWS\system32\vqleq.dll=>(JAVASCRIPT 2): disinfection failed
C:\WINDOWS\system32\vqleq.dll=>(JAVASCRIPT 16): infected with JS.Winshow.U
C:\WINDOWS\system32\vqleq.dll=>(JAVASCRIPT 16): disinfection failed
C:\WINDOWS\system32\vqleq.dll=>(JAVASCRIPT 30): infected with JS.Winshow.U
C:\WINDOWS\system32\vqleq.dll=>(JAVASCRIPT 30): disinfection failed
C:\WINDOWS\system32\vqleq.dll=>(JAVASCRIPT 46): infected with JS.Winshow.U
C:\WINDOWS\system32\vqleq.dll=>(JAVASCRIPT 46): disinfection failed
C:\WINDOWS\system32\vqleq.dll=>(JAVASCRIPT 208): infected with JS.Winshow.U
C:\WINDOWS\system32\vqleq.dll=>(JAVASCRIPT 208): disinfection failed
C:\WINDOWS\system32\winkh32.dll: infected with Trojan.Downloader.Agent.BQ
C:\WINDOWS\system32\winkh32.dll: disinfection failed
C:\WINDOWS\system32\wobbl.dll=>(JAVASCRIPT 2): infected with JS.Winshow.U
C:\WINDOWS\system32\wobbl.dll=>(JAVASCRIPT 2): disinfection failed
C:\WINDOWS\system32\wobbl.dll=>(JAVASCRIPT 16): infected with JS.Winshow.U
C:\WINDOWS\system32\wobbl.dll=>(JAVASCRIPT 16): disinfection failed
C:\WINDOWS\system32\wobbl.dll=>(JAVASCRIPT 30): infected with JS.Winshow.U
C:\WINDOWS\system32\wobbl.dll=>(JAVASCRIPT 30): disinfection failed
C:\WINDOWS\system32\wobbl.dll=>(JAVASCRIPT 46): infected with JS.Winshow.U
C:\WINDOWS\system32\wobbl.dll=>(JAVASCRIPT 46): disinfection failed
C:\WINDOWS\system32\wobbl.dll=>(JAVASCRIPT 208): infected with JS.Winshow.U
C:\WINDOWS\system32\wobbl.dll=>(JAVASCRIPT 208): disinfection failed
C:\WINDOWS\winrw.dll: infected with Trojan.Downloader.Agent.AN
C:\WINDOWS\winrw.dll: disinfection failed

October 19th, 2004, 06:58 AM

andyg1

Contributing User

Join Date: Aug 2003

Posts: 212

Time spent in forums: 2 Days 2 h 20 m 33 sec
Reputation Power: 9

Kill these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vqleq.dll/sp.html#37794
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vqleq.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\vqleq.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vqleq.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vqleq.dll/sp.html#37794
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vqleq.dll/sp.html#37794
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vqleq.dll/sp.html#37794
R3 - Default URLSearchHook is missing

With spyware situations my first port of call is always Add/Remove programs. You'd be surprised how many people sit and wait for Hijackthis logs to be looked at when some or all of the problems can be resolved in Add/Remove...

Have a look for any entries labelled 'search' or 'web...' and uninstall them, especially if you have no recollection of putting them their yourself.

__________________
Time isn't wasted if you're wasted all the time

Thread Tools	Search this Thread
Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread: