Hi Lifein8one3,
Thank you, I have viewed the Kaspersky logfile.
The use of Peer to Peer programs are usual channels for infections. Would you kindly remove LimeWire from your computer or refrain from using this type of programs whilst we are cleaning your system (make sure that you at least disable any autostart options). You can read more about this
here.
Now lets clean up some of the cookies and temporary files that made that Kaspersky log file so long.
Please download
ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click
ATF-Cleaner.exe to run the program.
Under
Main choose:
Select AllClick the
Empty Selected button.
If you use Firefox browserClick
Firefox at the top and choose:
Select AllClick the
Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click
No at the prompt.
If you use Opera browserClick
Opera at the top and choose:
Select AllClick the
Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click
No at the prompt.
Click
Exit on the Main menu to close the program.
Be sure to update AVG Anti-Spyware to the latest definition files.
- Open AVG Anti-Spyware
- On top of the main screen click the Update icon.
- Then click on Manual Update button.
The update will start and the progress bar will show the updates being installed.
(When complete the status area at the top will display ("Update successful" or "No Update Available")
If you are having problems with the updater, you can use
this link to manually update AVG Anti-Spyware.
Close AVG Anti-Spyware.
Boot into Safe Mode: You can do this by restarting your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.
Be sure that you can view hidden files and folders.
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View Tab.
- Under the Hidden files and folders heading select Show hidden files and folders.
- Uncheck the Hide protected operating system files (recommended) option.
- Click Yes to confirm.
- Click OK.
Delete the following file using Windows Explorer:
C:\WINDOWS\system32\
hvruuvlq.exeSeeing that it has been a little while since you have run any of these scans, I ask you to run this scan again.
Open AVG Anti-Spyware.
IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
- Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
- AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following: - If you have any infections you will prompted, then select "Apply all actions"
- Next select the "Reports" icon at the top.
- Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
- Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
You have a suspicious file that I would like you to upload and have analysed.
- Please go to Jotti's malware scan
- Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
- C:\WINDOWS\system32\vhlrlmph.exe
- Click on the submit button
- Please post the results in your next reply.
I would like you to also run another Kaspersky scan. This time the log should be much shorter and be able to fit into one post.
Please do an online scan with
Kaspersky WebScannerPlease note: You must use Internet Explorer for this as it uses an ActiveX component.This scan may take a while to complete, so please be patient and let it finish.
You will be promted to install an ActiveX component from Kaspersky, Click
Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Archives
Scan Mail Bases - Click OK
- Now under select a target to scan:Select My Computer
- This will program will start and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
- Save the file to your desktop.
- Copy and paste that information in your next post.
Please post the requested logs together with a fresh HijackThis log and also include Jotti's file analysis of the uploaded file. (You can post each of those logs in seperate posts if you wish)
Thanks.