[Octagonal]

Hi Lifein8one3,

Are you still having trouble posting that log?

If you can't successfully post it in several posts, then I would suggest that you use a file compression program such as WinZip and zip the file and attach it to the post.

To add an attachment to a post:

• Click the Add Reply button as you normally would to create a message.
• Type your message.
• Find the File Attachments section below the text and smilie area.
• Click the Browse button and locate the file.
• Click the Add This Attachment before clicking Add Reply.

Let me know if you need any more assistance with this.

[Advertisements]

i am not sure how to fit it all. can i send u it?

[Lifein8one3]

i am not sure how to fit it all. can i send u it?

[Lifein8one3]

here it is..i think....it i clicked add attached....is it there?

Edited by Lifein8one3, 16 November 2006 - 05:28 PM.

[Octagonal]

Hi Lifein8one3,

Sorry, I still don't see it anywhere.

I really would prefer it if you could post the log over several posts. This enables a better view of the log for everyone.

Please follow these detailed instructions below on how to do this.

• Click the Add Reply button as you normally would to create a message.
• Open the Kaspersky log file.
• Select about a third of the content of the log by highlighting about a third of the text in the log.
• Copy the selected amount of text.
• Go to the open text box that you have for creating a post for this forum and paste the text that you have copied.
• Click on Check Post Length that is at the bottom right hand side of the text box.
• The character limit for the post and the actual length of what you pasted will be displayed.
• If the characters of the block of text that you have pasted is less than the limit for the post, then this is OK. If the text that you have pasted exceeds the post limit then you will have to reduce the amount of text that you selected and copied from the original Kaspersky log until it is within this character limit.
• When you have copied and pasted an acceptable block of text (within the post character limit) from the Kaspersky log, then click Add Reply to post the first part of the log.
• Once this is done return to the Kaspersky log and click at the start of the next line in the log from where you finished the successfull selection.
• Then select about the same amount of text that you successfully posted above.
• Copy and paste that new block of text. Please check the character limit again to make sure that the amount of text that you have copied and pasted to ensure that it is within the post limits .
• Continue with this process until you have all of the log posted. This may take 3, 4 or maybe 5 or more posts to show the entire log.

Let me know if you need any more assistance with this.

[Lifein8one3]

alrighty thanks.

[Lifein8one3]

*deleted

Edited by Lifein8one3, 17 November 2006 - 05:36 PM.

[Lifein8one3]

*deleted

Edited by Lifein8one3, 17 November 2006 - 05:36 PM.

[Lifein8one3]

im sorry but this is very hard. It keeps cutting off when i say check post length it says i hanvet used max. Then i post it and it cuts it off. Is there any way over msn or anything i can upload somewhere or just send you the .txt file. This is very hard.

[Lifein8one3]

http://www.mediamax....Hosted/Kasp.txt I hosted the file for you. Much easier. There you are. You can copy and paste that into your word processor and Word Wrap it to read easier.

Edited by Lifein8one3, 17 November 2006 - 05:34 PM.

[Octagonal]

Hi Lifein8one3,

Thank you, I have viewed the Kaspersky logfile.

The use of Peer to Peer programs are usual channels for infections. Would you kindly remove LimeWire from your computer or refrain from using this type of programs whilst we are cleaning your system (make sure that you at least disable any autostart options). You can read more about this here.

Now lets clean up some of the cookies and temporary files that made that Kaspersky log file so long.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Be sure to update AVG Anti-Spyware to the latest definition files.

• Open AVG Anti-Spyware
• On top of the main screen click the Update icon.
• Then click on Manual Update button.

The update will start and the progress bar will show the updates being installed.
(When complete the status area at the top will display ("Update successful" or "No Update Available")

If you are having problems with the updater, you can use this link to manually update AVG Anti-Spyware.

Close AVG Anti-Spyware.

Boot into Safe Mode: You can do this by restarting your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Be sure that you can view hidden files and folders.

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Show hidden files and folders.
• Uncheck the Hide protected operating system files (recommended) option.
• Click Yes to confirm.
• Click OK.

Delete the following file using Windows Explorer:

C:\WINDOWS\system32\hvruuvlq.exe

Seeing that it has been a little while since you have run any of these scans, I ask you to run this scan again.

Open AVG Anti-Spyware.

IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:

• Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
• AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
  Once the scan is complete do the following:
• If you have any infections you will prompted, then select "Apply all actions"
• Next select the "Reports" icon at the top.
• Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
• Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

You have a suspicious file that I would like you to upload and have analysed.

• Please go to Jotti's malware scan
• Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
  • C:\WINDOWS\system32\vhlrlmph.exe
• Click on the submit button
• Please post the results in your next reply.

I would like you to also run another Kaspersky scan. This time the log should be much shorter and be able to fit into one post.

Please do an online scan with Kaspersky WebScanner

Please note: You must use Internet Explorer for this as it uses an ActiveX component.

This scan may take a while to complete, so please be patient and let it finish.

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Please post the requested logs together with a fresh HijackThis log and also include Jotti's file analysis of the uploaded file. (You can post each of those logs in seperate posts if you wish)

Thanks.

[Lifein8one3]

sorry was on a trip. im back now. doing as u instructed ASAP

[Lifein8one3]

Ok i did the AVG scan....found nothing. Also cant find the LOG. Went to upload the file on jotti's...said it was 0 KB and didnt accept it. Deleted the file in system32. Now doing kaspery scan.

[Octagonal]

Hi Lifein8one3,

Regarding the AVG Anti-Spyware scan report.

• Open AVG then click on the Reports icon.
• In the left hand pane there should be a list of scans shown there that you performed with a date/time stamp.
• Click once on the scan with the date/time stamp of your last scan (more than likely at the bottom of the list) to highlight it.
• Then click the Save report as button and save it with a name and in a place where you will remember (May I suggest the Desktop).

Include that report with the results of the Kaspersky scan.

Thanks.

[Lifein8one3]

http://download-v5.s...ted/8798798.txt There is kasp log. And i did wat u said for the AVG....nothin. I guess ill just have to scan again.

[Crustyoldbloke]

Hello Lifein8one3

I am just keeping an eye on things whilst Octagonal is away. I have looked at the Kaspersky log and most of it is taken up with System Restore and Temporary Internet Files.

Please delete your temporary files.

Click on START > RUN > type in cleanmgr and hit ENTER

You will see a window asking you to choose your harddrive (most likely C: Drive)

Click it and Windows will now scan the drive and show you the results

Make sure the following are checked:Downloaded Program Files
Temporary Internet Files and
Recycle Bin
Compress Old Files (if you want more disk space)
Click OK and Disk Cleanup will delete those files for you.

Next, go to Start>Run>type in %temp% hit Enter and delete the content of all the temp folders shown (only the content, not the folder). A couple of files may be in memory and will not therefore delete, this is normal.

With regard to the AVG log, please ensure that you correctly set up the programme before running it. You have to physically alter its default settings.

Please post the AVGas log together with a fresh HJT log from normal mode.