Dive Cleaner please help!!!

[mauserme]

Since fixing an 020 entry in HJT removes the registry entry but not the file, I would check manually for C:\WINDOWS\SYSTEM32\wineil32.dll just to make sure Prevx did its job.  BTW, nice call on this one, David.

I would also still be interested in seeing the VundoFix log if you don't mind posting it.  It's not that I think you're infected any longer - I just want to see the log for my own education.

Finally, I think you should get rid of your old, possibly infected restore points after creating a clean point:

1. Click Start>All Programs>Accessories > System tools > System Restore
2. In the dialog box that appears  Click in the radio button to Create a Restore Point
3. Click NEXT
4. Enter a name you will remember if you need to find this again (like Clean Point)
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Click Start>All Programs>Accessories > System tools > Disk Clean Up
2. Click OK on the C: drive
3. Click the More Options tab
4. In the System Restore section click the Clean Up button


You will also want to get rid of the VundoFix backups so nothing nasty ever gets restored

[avatar2005]

Did you install IPNetInfo or is it unknown to you?

Yes I'm using IPNetInfo for a quite long time now, BTW how it is related to my issue

[mauserme]

Since you installed it its isn't related at all.  Its a program that can be used maliciously so if you were unaware of its presence on your computer it would need more investigation.

[avatar2005]

Ok Keith Here comes my VundoFix log:

VundoFix V6.5.1

Checking Java version...

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Scan started at 18:09:58 19.06.2007

Listing files found while scanning....

C:\windows\system32\ljjgfgh.dll
C:\WINDOWS\system32\mpqss.bak1
C:\WINDOWS\system32\mpqss.bak2
C:\WINDOWS\system32\mpqss.ini
C:\WINDOWS\system32\qbojdqgr.dll
C:\WINDOWS\system32\ssqpm.dll
C:\WINDOWS\system32\uaohhbfw.dll
C:\windows\system32\wfbhhoau.ini

Beginning removal...

 Attempting to delete C:\windows\system32\ljjgfgh.dll
C:\windows\system32\ljjgfgh.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\mpqss.bak1
C:\WINDOWS\system32\mpqss.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\mpqss.bak2
C:\WINDOWS\system32\mpqss.bak2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\mpqss.ini
C:\WINDOWS\system32\mpqss.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\qbojdqgr.dll
C:\WINDOWS\system32\qbojdqgr.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ssqpm.dll
C:\WINDOWS\system32\ssqpm.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\uaohhbfw.dll
C:\WINDOWS\system32\uaohhbfw.dll Has been deleted!

 Attempting to delete C:\windows\system32\wfbhhoau.ini
C:\windows\system32\wfbhhoau.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\windows\system32\ljjgfgh.dll
C:\windows\system32\ljjgfgh.dll Has been deleted!

Performing Repairs to the registry.
Done!

P.s. thanks for help & P.M.

[mauserme]

You're welcome Rostik.   And thanks for the log 

BTW, you should uninstall that old version of Java.  You can get the latest version here

http://www.java.com/en/download/manual.jsp

[avatar2005]

Hi Keith! Thanks for help & advice I'll download the new Java over the night (You know, the Dial-Up connection is quire a slow one )