Hi there Jsurf.
Can you copy that ewido log to a post , somehow they get messed up when atached as a txt file.
Please download Process Explorer by Systernals from
HERE
Also download KillBox by Option^Explicit from
HERE
Then boot up in SAFE MODE and stay in safe mode untill the entire fix is done.(hit f8 when booting up)
Unzip Process Explorer and double click on
procexp.exe
In the top section of the Process Exlporer screen double click on
winlogon.exe to bring up the winlogon.exe properties screen. Click on the
Threads tab at the top.
Once you see this screen click on each instance of
wvutq.dll once and then click the
kill button.
After you have killed all of the
wvutq.dll's under winlogon click
OK.
Next In the top section of the Process Exlporer screen again , double click on
explorer.exe and again click once on each instance of
wvutq.dll then click the
kill button.
Once you have done that click
OK again.
Next run HijackThis and place a check beside each of the following.
O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:\WINDOWS\system32\wvutq.dll
O4 - HKLM\..\Run: [NI.UWAS5LP_0001_0811] "C:\WINDOWS\Downloaded Program Files\
UWAS5LP_0001_0811NetInstaller.exe"
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) -
http://www.aequisspa.com/wfplayer/tdserver.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} -
http://winfixer.com/pages/scanner/WinFixer2005ScannerInstall.cab? ?(probebly located in C:\WINDOWS\Downloaded Program Files)
O20 - Winlogon Notify: wvutq - C:\WINDOWS\system32\wvutq.dll
Now click
fix checked and close HijackThis.Then delete the files in bold.
Please copy the text in the quote below, and paste it into a blank notepad window.
Save it as vundo.reg and in the save as type box choose all files.
Once you have saved it double click it and allow it to merge with the registry.
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8B5527 4-0F9A-41E5-9067-A3539BD9E860}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44240BB 5-BD7D-4D49-A1AA-8AB0F3D3CB44}]
[-HKEY_CLASSES_ROOT\CLSID\{581F22DA-7202-4F21-AEF3-114787156016}]
[-HKEY_CLASSES_ROOT\CLSID\{B8B55274-0F9A-41E5-9067-A3539BD9E860}]
[-HKEY_CLASSES_ROOT\CLSID\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44}]
[-HKEY_CLASSES_ROOT\MSEvents.MSEvents]
[-HKEY_CLASSES_ROOT\MSEvents.MSEvents.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSEvents.MSEve nts]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSEvents.MSEve nts.1]
Double click on
Killbox.exe and then check the
delete on reboot button.
Enter the following filepath and filename into the Full path of file to delete box
C:\WINDOWS\system32\wvutq.dll
Click the red circle with the white x and allow your computer to reboot.
After your computer has rebooted please run Hijackthis again and post a new HijackThis log.
PS; it looks like you made that
hjt log in safemode , can you post the new log out of normal mode?
PC Help Forum
» Security & Safety
» [Fixed] Hijackthis! Logs
»
[Pending] HiJackThis and Ewido Logs
[Pending] HiJackThis and Ewido Logs
Linear Mode
