Help Requested for Win32:Crypt-HQJ Infection - Log Attached

Viruses and worms
1

As per thread: http://forum.avast.com/index.php?topic=53253.0

Below is my OTL file is attached due to the character limitations of the forum.

2

welcome to the forum.

lets hope someone else can check that log for you sense I’m not that good at them. but that win32 infection is that avast that’s pop up and say you have on your computer or?

if so try a boot scan with avast and and let avast dell with the infection from there. recommends you send it to the chest where the infection does not do any harm to your computer.

if avast should be unlucky to remove the infection download malwarebytes antimalware.

install and scan with it remove what it finds and don’t forget to update before scanning.

good luck

and a small tips until next time you need help, we would be happy if you could bring us a lite more information so we can give you better help.

like what’s your os?

what file is avast detection as infected?

3

You have a very infected system from what i see in the OTL log,so please do the folloing steps first:
1.Scan with dr.web cure it! from here
http://www.freedrweb.com/cureit/?lng=en
2.Scan you PC with MBAM
http://www.malwarebytes.org/mbam.php
3.After cleaning system with Dr.web and MBAM post a hijack hunter log"attach"
http://www.novirusthanks.org/products/hijack-hunter/

4

+1

5

The joys of torrents

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:43902 O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKCU..\Run: [LvkSneiejl+1wMitchell\AppData\Local\Temp\2196556410.exe] C:\Users\Guy Mitchell\AppData\Local\Temp\2196556410.exe File not found O4 - HKCU..\Run: [LvkSneiejl+3xMitchell\AppData\Local\Temp\3839838034.exe] C:\Users\Guy Mitchell\AppData\Local\Temp\3839838034.exe File not found O4 - HKCU..\Run: [LvkSneiejl90xMitchell\AppData\Local\Temp\3262385521.exe] C:\Users\Guy Mitchell\AppData\Local\Temp\3262385521.exe File not found O4 - HKCU..\Run: [LvkSneiejlhb] C:\Users\Guy Mitchell\AppData\Local\Temp\debug.exe () O4 - HKCU..\Run: [LvkSneiejlk+] C:\Users\Guy Mitchell\AppData\Local\Temp\gdi32.exe () O4 - HKCU..\Run: [LvkSneiejlkc] C:\Users\Guy Mitchell\AppData\Local\Temp\cmd.exe () O4 - HKCU..\Run: [LvkSneiejlmc] C:\Users\Guy Mitchell\AppData\Local\Temp\mdm.exe () O4 - HKCU..\Run: [LvkSneiejlmc(Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9] C:\Users\Guy Mitchell\AppData\Local\Temp\mdm.exe () O4 - HKCU..\Run: [LvkSneiejlmc(Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Users\Guy Mitchell\AppData\Local\Temp\mdm.exe () O4 - HKCU..\Run: [LvkSneiejlmc(Windows; U; Windows NT 6.0; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3] C:\Users\Guy Mitchell\AppData\Local\Temp\mdm.exe () O4 - HKCU..\Run: [LvkSneiejlmc(Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5] C:\Users\Guy Mitchell\AppData\Local\Temp\mdm.exe () O4 - HKCU..\Run: [LvkSneiejlna] C:\Users\Guy Mitchell\AppData\Local\Temp\login.exe () O4 - HKCU..\Run: [LvkSneiejlo+] C:\Users\Guy Mitchell\AppData\Local\Temp\avp32.exe () O4 - HKCU..\Run: [LvkSneiejloc] C:\Users\Guy Mitchell\AppData\Local\Temp\jpkvh.exe () O4 - HKCU..\Run: [LvkSneiejlotc] C:\Users\Guy Mitchell\AppData\Local\Temp\hexdump.exe () O4 - HKCU..\Run: [LvkSneiejlotcWindows; U; Windows NT 5.1; en-US) AppleWebKit/533.9 (KHTML, like Gecko) Chrome/6.0.401.1 Safari/533.9] C:\Users\Guy Mitchell\AppData\Local\Temp\hexdump.exe () O4 - HKCU..\Run: [LvkSneiejlotcWindows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0] C:\Users\Guy Mitchell\AppData\Local\Temp\hexdump.exe () O4 - HKCU..\Run: [LvkSneiejlotcWindows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1] C:\Users\Guy Mitchell\AppData\Local\Temp\hexdump.exe () O4 - HKCU..\Run: [LvkSneiejlotcWindows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Users\Guy Mitchell\AppData\Local\Temp\hexdump.exe () O4 - HKCU..\Run: [LvkSneiejlotcWindows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1] C:\Users\Guy Mitchell\AppData\Local\Temp\hexdump.exe () O4 - HKCU..\Run: [LvkSneiejlotcWindows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5] C:\Users\Guy Mitchell\AppData\Local\Temp\hexdump.exe () O4 - HKCU..\Run: [LvkSneiejlpc] C:\Users\Guy Mitchell\AppData\Local\Temp\ycoxf.exe () O4 - HKCU..\Run: [LvkSneiejlqB] C:\Users\Guy Mitchell\AppData\Local\Temp\soj0s6.exe () O4 - HKCU..\Run: [LvkSneiejlqf] C:\Users\Guy Mitchell\AppData\Local\Temp\user.exe () O4 - HKCU..\Run: [LvkSneiejlqvc] C:\Users\Guy Mitchell\AppData\Local\Temp\wininst.exe () O4 - HKCU..\Run: [LvkSneiejlqvcWindows; U; Windows NT 5.1; en-US) AppleWebKit/533.9 (KHTML, like Gecko) Chrome/6.0.401.1 Safari/533.9] C:\Users\Guy Mitchell\AppData\Local\Temp\wininst.exe () O4 - HKCU..\Run: [LvkSneiejlqvcWindows; U; Windows NT 5.1; en-US) AppleWebKit/534.0 (KHTML, like Gecko) Chrome/6.0.408.1 Safari/534.0] C:\Users\Guy Mitchell\AppData\Local\Temp\wininst.exe () O4 - HKCU..\Run: [LvkSneiejlqvcWindows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1] C:\Users\Guy Mitchell\AppData\Local\Temp\wininst.exe () O4 - HKCU..\Run: [LvkSneiejlqW] C:\Users\Guy Mitchell\AppData\Local\Temp\drweb.exe () O4 - HKCU..\Run: [LvkSneiejlsPc] C:\Users\Guy Mitchell\AppData\Local\Temp\nvsvc32.exe () O4 - HKCU..\Run: [LvkSneiejlud] C:\Users\Guy Mitchell\AppData\Local\Temp\system.exe () O4 - HKCU..\Run: [LvkSneiejlud(Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Users\Guy Mitchell\AppData\Local\Temp\system.exe () O4 - HKCU..\Run: [LvkSneiejlupc] C:\Users\Guy Mitchell\AppData\Local\Temp\sysedit.exe () O4 - HKCU..\Run: [LvUaPiejl/0yMIT~1\AppData\Local\Temp\2773904812.exe] C:\Users\GUYMIT~1\AppData\Local\Temp\2773904812.exe File not found O4 - HKCU..\Run: [LvUaPiejl+1wMIT~1\AppData\Local\Temp\2196556410.exe] C:\Users\GUYMIT~1\AppData\Local\Temp\2196556410.exe File not found O4 - HKCU..\Run: [LvUaPiejl+3xMIT~1\AppData\Local\Temp\3839838034.exe] C:\Users\GUYMIT~1\AppData\Local\Temp\3839838034.exe File not found O4 - HKCU..\Run: [LvUaPiejl90xMIT~1\AppData\Local\Temp\3262385521.exe] C:\Users\GUYMIT~1\AppData\Local\Temp\3262385521.exe File not found O4 - HKCU..\Run: [LvUaPiejl91xMIT~1\AppData\Local\Temp\1354918223.exe] C:\Users\Guy Mitchell\AppData\Local\Temp\1354918223.exe () O4 - HKCU..\Run: [LvUaPiejlhb] C:\Users\Guy Mitchell\AppData\Local\Temp\debug.exe () O4 - HKCU..\Run: [LvUaPiejlk+] C:\Users\Guy Mitchell\AppData\Local\Temp\gdi32.exe () O4 - HKCU..\Run: [LvUaPiejlk+ (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1] C:\Users\Guy Mitchell\AppData\Local\Temp\gdi32.exe () O4 - HKCU..\Run: [LvUaPiejlk+ (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1] C:\Users\Guy Mitchell\AppData\Local\Temp\gdi32.exe () O4 - HKCU..\Run: [LvUaPiejlkc] C:\Users\Guy Mitchell\AppData\Local\Temp\cmd.exe () O4 - HKCU..\Run: [LvUaPiejlkc (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Users\Guy Mitchell\AppData\Local\Temp\cmd.exe () O4 - HKCU..\Run: [LvUaPiejlmc] C:\Users\Guy Mitchell\AppData\Local\Temp\mdm.exe () O4 - HKCU..\Run: [LvUaPiejlna] C:\Users\Guy Mitchell\AppData\Local\Temp\login.exe () O4 - HKCU..\Run: [LvUaPiejlo+] C:\Users\Guy Mitchell\AppData\Local\Temp\avp32.exe () O4 - HKCU..\Run: [LvUaPiejlotc] C:\Users\Guy Mitchell\AppData\Local\Temp\hexdump.exe () O4 - HKCU..\Run: [LvUaPiejlpc] C:\Users\Guy Mitchell\AppData\Local\Temp\ycoxf.exe () O4 - HKCU..\Run: [LvUaPiejlq+] C:\Users\Guy Mitchell\AppData\Local\Temp\win32.exe () O4 - HKCU..\Run: [LvUaPiejlqB] C:\Users\Guy Mitchell\AppData\Local\Temp\soj0s6.exe () O4 - HKCU..\Run: [LvUaPiejlqc] C:\Users\Guy Mitchell\AppData\Local\Temp\win.exe () O4 - HKCU..\Run: [LvUaPiejlqf] C:\Users\Guy Mitchell\AppData\Local\Temp\user.exe () O4 - HKCU..\Run: [LvUaPiejlqvc] C:\Users\Guy Mitchell\AppData\Local\Temp\wininst.exe () O4 - HKCU..\Run: [LvUaPiejlqW] C:\Users\Guy Mitchell\AppData\Local\Temp\drweb.exe () O4 - HKCU..\Run: [LvUaPiejlsPc] C:\Users\Guy Mitchell\AppData\Local\Temp\nvsvc32.exe () O4 - HKCU..\Run: [LvUaPiejlud] C:\Users\Guy Mitchell\AppData\Local\Temp\system.exe () O4 - HKCU..\Run: [LvUaPiejlupc] C:\Users\Guy Mitchell\AppData\Local\Temp\sysedit.exe () O4 - HKCU..\Run: [tcmsdctr] C:\Users\Guy Mitchell\AppData\Local\Temp\cleaperf.dll ()

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

.
THEN

http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Please download Malwarebytes’ Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.