Completely Infected...Help!

**jholland1964** · 10-30-2007, 03:58 PM

Run HJT again and place a checkmark next to the following entries;
O2 - BHO: (no name) - {C24D5130-56F2-4185-9B8D-176699246E07} - C:\WINDOWS\system32\ssqpn.dll (file missing)O18 - Protocol: bw+0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw+0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw-0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw-0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw00 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw00s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw10 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw10s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw20 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw20s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw30 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw30s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw40 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw40s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw50 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw50s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw60 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw60s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw70 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw70s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw80 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw80s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw90 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw90s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwa0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwa0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwb0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwb0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwc0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwc0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwd0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwd0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwe0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwe0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwf0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwf0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwg0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwh0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwh0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwi0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwi0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwj0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwj0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwk0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwk0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwl0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwl0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwm0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwm0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwn0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwn0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwo0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwo0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwp0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwp0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwq0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwq0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwr0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwr0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bws0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bws0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwt0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwt0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwu0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwu0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwv0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwv0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bww0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bww0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwx0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwx0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwy0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwy0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwz0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwz0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: offline-8876480 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)

Once you have placed the checkmarks then click the Fix Checked Button.
Exit HJT.
Reboot and run a new HJT scan and post the log here.

**PaulaKoala** · 10-30-2007, 04:30 PM

Here's the new log.

**jholland1964** · 10-30-2007, 04:39 PM

What anti-virus scanner do you use? I don't see an active one on the computer.

**PaulaKoala** · 10-30-2007, 04:50 PM

I had Avast, but I think I somehow got rid of it during this whole mess.

Recommend your fav and I'll download it ASAP?

**PaulaKoala** · 10-30-2007, 05:13 PM

I went ahead and installed AntiVir. Running a scan now.

**jholland1964** · 10-30-2007, 05:44 PM

Very good. To turn off the AdAware2007 from running in the background first check the program settings and see if there is an option to run at start that is checked. If so, uncheck it. If there isn't then go to Control Panel, Administrative Tools. Then go to Services and set both AdAware2007 and the AVG Anti-spyware guard to manual and turn them both off.
Remove the VundoFix program completely. Reset your System Restore by Right Clicking My Computer. Choose Properties, System Restore Tab. Place a checkmark in Turn Off System Restore. You will get a warning you are going to turn it off, click ok. Let it turn off. Then do the opposite and turn it back on.
Reboot and run one more Kaspersky online scan and post the log.

**PaulaKoala** · 10-30-2007, 07:13 PM

Okay. Here's where I stand. Several Vundo files were detected through AntiVir. I'm attaching the log from that. I followed your directions for AdAware and AVG (hoping I did it right!), also not sure if I removed VundoFix correctly but we'll see! I did all the System Restore stuff and now the Kaspersky scan is running. It may be another hour or so, but I'll post it when it's finished.

At this point, I'm determined, so it may be a long night! Thanks again Judy!

**PaulaKoala** · 10-30-2007, 07:14 PM

I keep forgetting my attachments...

**jholland1964** · 10-30-2007, 07:31 PM

Paula....note where these files were found.....
C:\System Volume Information\_restore
C:\VundoFix Backups
C:\Program Files\Hijack This\backups\backup

The system is not infected. Those only are backups to the items removed.
Reset System Restore as directed, remove VundoFix as directed, Remove HiJackThis.
Reboot.
Rescan and see what you find.

**PaulaKoala** · 10-30-2007, 07:53 PM

Sorry to be so computer illiterate right now...

[QUOTE=jholland1964;30194]Paula....note where these files were found.....
C:\System Volume Information\_restore
C:\VundoFix Backups
C:\Program Files\Hijack This\backups\backup [QUOTE]
Do you want me to delete these?

And you want me to completely uninstall and remove HiJackThis?

When you say "rescan", you mean with AntiVir?

Thread: Completely Infected...Help!

Thread Tools

Display

Thread Information

Users Browsing this Thread

Posting Permissions