My girlfriend has an older sony vaio laptop running Windows XP build 2600.xpsp_sp2_qfe.090804-1435, and about a week ago she began getting a tons of pop-ups. The kind you see when you have spy ware. I have tried everything I know to get rid of the infection. I have done scans with Symantic, Avira, Malwarebytes, Adaware. There are 2 .dll's that constantly trigger avira warnings, and I mean constantly (100 warnings in minutes) one is Lasefoye.dll and the other is nafafono.dll both found in the windows/system32 directory.
I have tried deleting those by unregistering the dlls, and del in cmd. I have tried using file assassin. I have tried using killbox. they will not delete due to access reasons. Further no delete on reboot seems to affect them.
I also had tons of trouble just running malwarebytes. Everytime I would install it mbam.exe would disappear. The only way I found to fix that was to leave its folder open before install and quickly copy and rename the file before it mysteriously disappeared. I have tried all scans in safe mode to no avail.
All i know is avira calls this tr/vundo.qqs.159
Below is my HJT log
Please help me. I have been working on this for a week, and the lil lady is getting upset ( and hijacking my laptop)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:03 AM, on 11/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://url.urtbk.com/cpv.jsp?p=11038...26b42%3D0.0042
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - (no file)
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 osguard-pro.microsoft.com
O1 - Hosts: 91.212.127.226 osguard-pro.com
O1 - Hosts: 91.212.127.226
www.osguard-pro.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [LXDBCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDBtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [kapevahiw] Rundll32.exe "c:\windows\system32\kevusowe.dll",a
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O20 - AppInit_DLLs: c:\windows\system32\pozowaha.dll c:\windows\system32\vafubamu.dll lasefoye.dll c:\windows\system32\soyozisu.dll c:\windows\system32\juruzuhu.dll c:\windows\system32\rigitaza.dll c:\windows\system32\kevusowe.dll c:\windows\system32\nafafono.dll
O21 - SSODL: dozafalin - {69d5af0c-af8d-48e1-8c86-1e31d4c14aba} - c:\windows\system32\vafubamu.dll (file missing)
O21 - SSODL: lufujotib - {b6c09af3-77c1-4225-9652-456a91810165} - c:\windows\system32\pozowaha.dll (file missing)
O21 - SSODL: lumobuyat - {6874b684-de13-4629-a09b-93c2076d1551} - c:\windows\system32\soyozisu.dll (file missing)
O21 - SSODL: gilekanih - {57b5f96a-7ea1-430b-8d33-625ad1a360ad} - c:\windows\system32\gofipina.dll (file missing)
O21 - SSODL: pohibozov - {6d3bf69f-eb33-4a9a-b230-f7e65ddc2d0f} - c:\windows\system32\gofipina.dll (file missing)
O21 - SSODL: mafapijeg - {8e09232f-adc6-4d3e-a558-4df9b4011bc3} - c:\windows\system32\gofipina.dll (file missing)
O21 - SSODL: hoyohavon - {e65af38b-cb7f-41ec-9644-8848c700aa5d} - c:\windows\system32\gofipina.dll (file missing)
O21 - SSODL: yuwanihuy - {6906c967-d16e-4d9d-8def-5bb0a036dfb6} - c:\windows\system32\rigitaza.dll (file missing)
O21 - SSODL: difezifut - {22241272-46a5-4d9e-a1f7-7b2827819bdc} - c:\windows\system32\kevusowe.dll
O22 - SharedTaskScheduler: jugezatag - {69d5af0c-af8d-48e1-8c86-1e31d4c14aba} - c:\windows\system32\vafubamu.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {b6c09af3-77c1-4225-9652-456a91810165} - c:\windows\system32\pozowaha.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {6874b684-de13-4629-a09b-93c2076d1551} - c:\windows\system32\soyozisu.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {57b5f96a-7ea1-430b-8d33-625ad1a360ad} - c:\windows\system32\gofipina.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {6d3bf69f-eb33-4a9a-b230-f7e65ddc2d0f} - c:\windows\system32\gofipina.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {8e09232f-adc6-4d3e-a558-4df9b4011bc3} - c:\windows\system32\gofipina.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {e65af38b-cb7f-41ec-9644-8848c700aa5d} - c:\windows\system32\gofipina.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {6906c967-d16e-4d9d-8def-5bb0a036dfb6} - c:\windows\system32\rigitaza.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {22241272-46a5-4d9e-a1f7-7b2827819bdc} - c:\windows\system32\kevusowe.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lmab_device - Lexmark International, Inc. - C:\WINDOWS\system32\LMabcoms.exe
O23 - Service: lxdb_device - - C:\WINDOWS\system32\lxdbcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SSIRuntimeService - Unknown owner - C:\Program Files\Software Secure, Inc\SSIRuntimeService\SSIRuntimeService.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Web Update Wizard Service V4 (WebUpdate4) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc4.exe
--
End of file - 12073 bytes
Login 
Search 
Definite Virus, undeletable .dll's and constant pop-ups. GF's laptop please help! 
Facebook
Twitter
TechGuy.tv
TSG Mobile