WinFixer problem - Please help with HijackThis Lo

I have been invaded by this nasty virus and I have tried several spyware removal tools with no luck. Can someone tell me what i need to delete to fix this.
Thanks

Here is my log

Edit by bjgarrick: Unrequested, Inline HJT log removed!

 

Please follow standard cleanup procedures as given below:

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps below:



Download HijackThis 1.99.1

Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

Run HijackThis and save your log file.

Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

Need help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

I am in the process of running through all of the steps to clean up my system in SafeMode. When I am done doing this first online virus scan, am I able to boot in normal mode since this is my work machine and then finish the process after work or would that require going through all of the steps again.
Thanks for your help!!

 

Just run the online scans in whichever mode you can run them in, run full scans with Ad-Aware SE & Spybot S&D. After you do this attach a fresh HJT log.

 

Ok, I finished running through all of the steps. I was able to run everything in the tutorial and there were no viruses found. On one of the programs it did find my registry setting for Notify was turned off for Antivirus software. Prior to receiving your first post I followed steps that I found to remove - O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:\WINDOWS\system32\mljgd.dll

and
O20 - Winlogon Notify: mljgd - C:\WINDOWS\system32\mljgd.dll


I haven't seen anymore popups buy occasionaly I see a new icon appear at the bottom toolbar like something is trying to run but it disappears before I can click on it.
Thanks for all the help.

 

Before we begin the fix, may I ask how you removed those entries?

 

Yeah, I found another post for someone else that was having the same problem. It recommended using ProcessExplorer to kill any instances of mljgd.dll, then run HijackThis and remove those lines I listed previously, and use killbox to update some registry settings.

 

Go ahead and attach a fresh HJT log from normal mode and we will get the leftovers.

 

Here is the latest file.
Thanks for all the help.

 

Let me start off by pointing out that you have more than one antivirus, this is NOT recommended as running more than one will cause conflicts so please pick ONE and uninstall the other.

Also, I need you to uninstall Microsoft AntiSpyware so it will not block anything. I also need you to disable/close SpySweeper so it will not block anything we try and fix also.

Next, copy the contents of the Quote Box below to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file iefix.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.)

Double-click on the iefix.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to merge, click YES!

After you address the above issues attach a fresh HJT log.

 

Here's the latest.

 

Scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://localhost:8080
(Keep this if you need it)

O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll (file missing)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
(Unecessary startup entry)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

Again, make sure All Browser Windows are Closed when you Click FIX.

NEXT:
Run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


After you complete the above, reboot and let me know how things are running along with a fresh HJT log.

 

Alright, I think everything is working fine. I haven't seen any popups since I removed all traces of the mljgd.dll. I ran spybot and ad-aware and nothing was found. Here is the latest file.
Thanks again for all the help.

 

Your HJT log is clean, are you having any further problems?

 

The only thing I have seen, but don't know if I have seen it today, is the icon that flickers down on the Program task bar. It only appears for about a second and I can't click on it to try to see what it is. I think the last time I saw it happen was yesterday.
Thanks for the help.

 

Download Pocket KillBox

Locate PocketKillbox
(Procede with this step even if they do not show in blue)


Next, you will be entering items into Pocket KillBox. Please select the “Delete on Reboot” Option. Copy&Paste each of the file names listed below into the box one by one, making sure Delete on Reboot is Checked for each entry. Click the Red X for each entry, but DO NOT Allow your machine to be rebooted until the last item has been entered:

** Note: For any of the .dll files, check the Unregister .dll Before Deleting box as well. If this option is not enabled, don't worry about it.

• If you get an error message about Pending Operations, just reboot your computer manually.

C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\dgjlm.ini
C:\WINDOWS\system32\dgjlm.ini2
C:\WINDOWS\system32\dgjlm.bak
C:\WINDOWS\system32\dgjlm.bak1
C:\WINDOWS\system32\dgjlm.bak2
C:\WINDOWS\system32\dgjlm.tmp

After you have entered the LAST file, allow Killbox to reboot your system. Afterwards let me know how things are running.

 

Everything seems to be fixed except for the flickering icon that shows up a few times a day.
Thanks

 

What does the icon look like exactly? Can you get me a screenshot of it when it comes up?

 

Well I have tried to get a screen capture of my desktop with task manager running when the icon appears. I haven't been able to get a screenshot of the icon that appears but I did notice that there would be 2 new processes showing up in the task manager. One of them is named HPCMPMGR which is the HP component manager. I did find other posts on google where somebody else was complaining about the same issue that happens every 15 mins. I searched my system for the locations of this file and found it in Windows\prefetch, ProgramFiles\hp\hpcoretech, progfiles\Overland\overland.cab and hp\tmp\src\sptr\pexpress\overland.cab.
Thanks again for all the help.

 

I just now got a screen shot of the icon at the bottom of the screen. I removed my name from the Task Mgr showing the processes that were running at the time. One suggestion that i saw was to just remove the hpcmpmgr from startup by using msconfig. But i didn't know if this was the best solution.
Thanks

 

The icon your talking about in the system tray, does it belong to the HPCMPMGR? Is this what your saying?

I do not recognize that particular icon in the system tray. If the icon is part of HPCMPMGR is legit if you have an HP.