Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

HJT Log [RESOLVED]

Started by mychellbell , Sep 05 2006 02:31 PM

This topic is locked

#1
mychellbell

Posted 05 September 2006 - 02:31 PM

New Member

Member
9 posts

Hi there...I just had a heck of a time trying to remove Winfixer and I just want my computer back to normal so I did a clean up and ran all the scans that the topic pinned here said to but wanted to post my log just in case I needed to do anything else. Thank you!

Logfile of HijackThis v1.99.1
Scan saved at 4:38:42 PM, on 9/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\CleanUp!\cleanup.exe
C:\Documents and Settings\Josh.PREFERRE-0748F8\Local Settings\Temporary Internet Files\Content.IE5\6TG369Y5\HijackThis[1].exe

O2 - BHO: (no name) - {57EEE1EA-3D16-48E9-A7D4-8D62C9F078DA} - C:\WINDOWS\System32\vtsts.dll (file missing)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00322} - C:\WINDOWS\g32327953.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: h618 - C:\WINDOWS\g2255640.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#2
cfa-ddg2

Posted 05 September 2006 - 06:02 PM

Visiting Staff

Visiting Consultant
963 posts

Hello mychellbell...Welcome to G2G!

1. You appear to have no anti-virus program installed on your system! Surfing the net these days without a reputable and updated anti-virus program is computer suicide.

Whether it is a free version like AVG or Anti-Vir, this is a must have. If you have no other AV program you choose to use, choose one of these two, install it, update it, run a system scan and let it fix what it finds.

2. You are currently using HijackThis from a temporary directory, this can cause problems.
HijackThis creates backups, these are needed in case of any recovery issues.
Please create a directory on your C:\ drive called C:\HJT, move the HJT download into this new location and unzip HijackThis into that directory. Run the program from that directory from now on.

STEPS For Creating Folder1. Please go to My Computer, open your C:\ drive, Select: New >> Folder and name the folder HJT.

2. Copy the HijackThis.zip download to the new folder

3. Double Click on 'HijackThis.zip' to extract and install HijackThis.exe to the new folder.
Run HJT from now on from this new folder...

3. Download win32delfkil.exe.
Save it on your desktop.
Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil.
Close all windows, open the win32delfkil folder and double click on fix.bat.
The computer will reboot automatically.
Post the contents of the logfile c\windelf.txt, along with a new hijackhislog.

#3
mychellbell

Posted 05 September 2006 - 10:18 PM

New Member

Topic Starter
Member
9 posts

This is the recnet HJT log...

Logfile of HijackThis v1.99.1
Scan saved at 12:24:09 AM, on 9/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\Program Files\Java\jre1.5.0_01\bin\javaw.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - Startup: MP3 Rocket (silent).lnk = C:\Program Files\MP3 Rocket\MP3Rocket_on_startup.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

and now the other log you requested...

WIN32DELFKIL LOGFILE - by Marckie

version 3.00
Wed 09/06/2006 0:17:51.82
running from: "C:\Documents and Settings\Josh.PREFERRE-0748F8\Desktop"

--- File(s) found in Windows directory ---
g19487078.dll
g25967281.dll
g32327953.dll
g3648015.dll
g9764437.dll

--- File(s) found in system32 folder ---
compstuih.dll

--- Export SharedTaskScheduler key ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00322}"="g322"
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"
"{259BA022-2005-45E9-A965-10EDB9C00618}"="Windowz Updater"

--- sharedtaskkey (1): A4F94C0C-54A7-4DB1-9AF3-B22E63D00322 ---
no keys found

--- sharedtaskkey (2): 03413bf7-e34c-445b-bfc0-a2b127255871 ---
no keys found

--- sharedtaskkey (3): 259BA022-2005-45E9-A965-10EDB9C00618 ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00618}]
@="C:\\WINDOWS\\g2255640.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00618}\InprocServer32]
@="C:\\WINDOWS\\g2255640.dll"
"ThreadingModel"="Apartment"

checking for file:
g2255640.dll NOT found

--- Notify key ---

--- rebooting the computer ---

--- File(s) found in Windows directory ---
g19487078.dll
g25967281.dll
g32327953.dll
g3648015.dll
g9764437.dll

--- File(s) found in system32 folder ---

--- Export SharedTaskSchedulerkey ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"

--- sharedtaskkey: 03413bf7-e34c-445b-bfc0-a2b127255871 ---
no keys found

--- Notify key ---

Finished!

I also downloaded the virus program as well. Thanks so much!

#4
cfa-ddg2

Posted 06 September 2006 - 05:22 PM

Visiting Staff

Visiting Consultant
963 posts

Hello mychellbell...that looks much better. Let's do some more:

1. Update Java and Remove old Java Versions

Download the latest version of Java Runtime Environment (JRE) 5.0 Update 8.<== scroll down the list to find THIS entry
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Remove older Java Versions:

Close any programs you may have running - especially your web browser.
Go to Start >> Control Panel double-click on Add/Remove Programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.

Install latest Java Version:

From your desktop, double-click on jre-1_5_0_08-windows-i586-p to install the newest version.

2. Next, download ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run ewido and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
- Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"

Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.

3. Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Save it to your desktop, we will use it later.

4. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter. Log into your usual account.

5. Double-click ATF-Cleaner.exe to run the program.Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

6. IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:

Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
ewido will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close ewido and reboot your system back into Normal Mode.

7. Post the results of the ewido report scan and a new HJT log...also let me know if your computer is still having any problems!

#5
mychellbell

Posted 06 September 2006 - 09:28 PM

New Member

Topic Starter
Member
9 posts

Here is my new HJT log after doing everything you said...I really have no idea what all we have doen but my computer is significantly faster! You guys are GREAT!

Logfile of HijackThis v1.99.1
Scan saved at 11:37:15 PM, on 9/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\HJT\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - Startup: MP3 Rocket (silent).lnk = C:\Program Files\MP3 Rocket\MP3Rocket_on_startup.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

And here is the Ewido log...

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:36:07 PM 9/6/2006

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{052b12f7-86fa-4921-8482-26c42316b522} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{873eb32d-ae1a-4183-89bd-45a77f761be4} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-422076145-1290859374-780513769-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{873EB32D-AE1A-4183-89BD-45A77F761BE4} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-422076145-1290859374-780513769-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{873EB32D-AE1A-4183-89BD-45A77F761BE4} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{65CB372D-E45C-438A-8D1D-62BA9819FA04}\RP109\A0060392.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\gebyy.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{65CB372D-E45C-438A-8D1D-62BA9819FA04}\RP110\A0060610.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\WINDOWS\g19487078.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\WINDOWS\g25967281.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\WINDOWS\g32327953.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\WINDOWS\g3648015.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\WINDOWS\g9764437.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\WINDOWS\system32\akuapuku.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\arrvkdgq.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bcywogba.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cnlttpia.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dicberpa.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\fbtoreav.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\fltvgbvr.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ftkdrxra.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\gghtpfha.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\gidsyrfp.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\hbamuute.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\hjpxrbbd.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\iertngpc.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ishdlcob.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ivmtvyed.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\jnmcshlg.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\jopdugrf.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\jrfyvddb.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\krmxasgw.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kxhpswjy.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\lnrdpxov.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\lvxnoupl.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mdohhwbm.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mkcuqume.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ondtbvqu.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\pqncjwqu.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\pxgepicc.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\qhvdrnop.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\qmgedwdc.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\qrqhwxnj.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rciscccg.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rjerguhn.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\shjywkkg.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sxpdyrud.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\tjcfgejj.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\uddlcquv.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\umdlikgg.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\uogrhumj.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wdjqivjg.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wiljufgm.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\yhbwtsdi.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\yluosikn.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\Documents and Settings\Josh.PREFERRE-0748F8\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

::Report end

#6
cfa-ddg2

Posted 06 September 2006 - 09:34 PM

Visiting Staff

Visiting Consultant
963 posts

Good job mychellbell....I am glad your system is doing better!

Your HJT log appears clean, but Ewido still found and cleaned a bunch...let's do one online scan to check for anything else that may be lurking...:

Please go HERE to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

#7
mychellbell

Posted 07 September 2006 - 09:40 AM

New Member

Topic Starter
Member
9 posts

Incident Status Location

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Josh.PREFERRE-0748F8\Cookies\josh@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Josh.PREFERRE-0748F8\Cookies\josh@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Josh.PREFERRE-0748F8\Cookies\josh@belnk[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Josh.PREFERRE-0748F8\Cookies\josh@bluestreak[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Josh.PREFERRE-0748F8\Cookies\josh@casalemedia[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Josh.PREFERRE-0748F8\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Josh.PREFERRE-0748F8\Cookies\josh@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Josh.PREFERRE-0748F8\Cookies\josh@fastclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Josh.PREFERRE-0748F8\Cookies\josh@hitbox[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Josh.PREFERRE-0748F8\Cookies\josh@realmedia[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Josh.PREFERRE-0748F8\Cookies\josh@trafficmp[1].txt

I ran the panda scan and it found more Should I buy the tool and get rid of them now?

#8
mychellbell

Posted 07 September 2006 - 09:43 AM

New Member

Topic Starter
Member
9 posts

Wow, Im so glad I found this place...Seriously just for the record and other readers I had Norton on my PC, Lavasoft Adaware and Xoftspy and none of them never alerted me to alot of these things..this is just amazing to me that this stuff isnt detected in products I payed so much money for!

#9
cfa-ddg2

Posted 07 September 2006 - 03:47 PM

Visiting Staff

Visiting Consultant
963 posts

Hello mychellbell....

No, no need to buy anything else...all Panda found were some relatively harmless cookies. I'll give you some references for some 'free' anti-malware programs in just a bit. Every anti-malware program (and there are different 'types' like anti-virus, anti-spyware etc) tends to be better at finding and fixing different things...so be careful! Just because those programs you mentioned 'didn't find' these things, they may have found, cleaned or prevented others from infecting your system! If you stick with the Anti-Vir AV you installed (and keep it updated) and then pick and choose from the list I'm going to give you below your computer will be pretty secure...but these malcontents that develop malware are ALWAYS looking at new ways to infect and compromise your system. Safe internet usage, like avoiding P2P/File Sharing programs, explicit websites and the like is just as important as what programs you try and use to keep your system clean.

Your HJT appears clean and I'm glad your system is running well with out problems!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

THIS IS IMPORTANT! - If you are using Windows XP then you should reset system restore to make sure there are no infected files found in a restore point and that you have a clean restore point should you need one!

Now let's reset your restore points.

Click Start Menu >> All Programs >> Accessories >> System Tools >> SystemRestore

Press OK. Choose 'Create a Restore Point' then Next. Name it and press 'Create' then when the confirmation screen shows the restore point has been created click 'Close'.

Next go to Start Menu >> Run, then type:

cleanmgr

click OK, when Disk Cleanup opens go to the 'More Options' tab and press 'Cleanup' on the system restore area which will remove all the restore points except the one we just created. To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
- From within Internet Explorer click on the Tools menu and then click on Options.
- Click once on the Security tab
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
- Change the Download signed ActiveX controls to Prompt
- Change the Download unsigned ActiveX controls to Disable
- Change the Initialize and script ActiveX controls not marked as safe to Disable
- Change the Installation of desktop items to Prompt
- Change the Launching programs and files in an IFRAME to Prompt
- Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
ATF Cleaner by Atribune. This program is for XP and Windows 2000 only. ATF is a new, freeware, temporary file cleaner for Windows, IE, Firefox and Opera with a simple, easy-to-use interface. The main screen allows the user to either clean all temporary files, or select files for cleaning. The program also knows if Firefox and or Opera is being used, and gives the option of cleaning the temporary files associated with those applications.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein. These are excellent reads too: I'm not pulling your leg and Malware: Preventing the Infection

Remember...be careful out there and good luck!

#10
mychellbell

Posted 07 September 2006 - 04:52 PM

New Member

Topic Starter
Member
9 posts

YEA! Thank you so much for helping me!! :whistling:

#11
cfa-ddg2

Posted 07 September 2006 - 04:55 PM

Visiting Staff

Visiting Consultant
963 posts

You are welcome!

Good luck! :whistling:

#12
cfa-ddg2

Posted 07 September 2006 - 04:56 PM

Visiting Staff

Visiting Consultant
963 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.