Aim bug 2

Please read the announcement and sticky threads. HJT logs should only be posted when requested and then they must be attachments to your message but also only after the READ ME FIRST sticky has been run.

Please run the steps below.

Download EliteToolbar Remover do not run it yet. Just extract it to its own folder. We will run it later on in the process after we are booted in safe mode.

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Make sure you check version numbers and get all updates.

- After doing all the steps in the READ ME FIRST and while still in safe mode, run the ETRemover_v210.exe file (from EliteToolBar Remover) by double clicking on it.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

.

 

You have malware issues on your PC that need to be fixed. The procedure needs to be followed so we do not miss any possible hidden processes or files. I see several trojans that are a bigger problem than an AIM bug. If you do not follow the procedure, you will not get them fixed.

 

Besides you are running your system with no antivirus, no firewall and no antispyware programs. No wonder you have a problem.

 

Hundreds of people (novices to experts) follow them weekly. Make sure you run them as directed and in the order directed and in safe mode as directed. Do not skip any steps especially the online scanners from BitDefender and RavAntivirus. You have some nasty trojans in there. One of them even allows remote access into your PC.

 

Use Internet Explorer for the online scans! You cannot always avoid using IE. For example, you cannot get any updates from Microsoft without it and many other websites require it too.
Use FireFox to do all the downloading and other steps.

 

When run the online scanners you need to be connected to run them, but I would not do anything else during that time because it will slow you down and could cause problems with the scans. (Note: some people cannot connect in safe mode)

I WOULD RECOMMEND THAT YOU DO NOT RUN AIM during this time.

All the other cleaning steps should be run in safe mode without any internet connectivity and with no browsers opened. So yes, if necessary print or safe to a local file (not an html file because we want browsers closed).

 

You don't need to scan individual files with Rav. It allows you to scan your whole PC by selecting Auto Clean then click Scan My PC!

Try uninstalling mIRC after booting in safe mode.

Did you run EliteToolbar Remover in safe mode?

Post a new HJT log as an attachment.

 

Give it a new name!

 

That's just a warning and is not a problem. Only certain file name extensions like .log, .txt, .doc can be uploaded. Do you have it named correctly? You were able to upload it in your first message. Are you doing something different? Post it inline if necessary.

 

I see why your log will not upload. There is a bug in vB that has a problems with the below line in your log:
C:\WINDOWS\system32\cmd.exe

Why is this running anyway? Do you have a command prompt Window open?

Your PC has new infections now. You are going to keep getting infected unless you get an antivirus, spyware blocker, and a firewall installed. See:How to Protect yourself from malware!

But let's see what we can do with the current problem.

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.
C:\Program Files\My Love\c4nn0t.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\services.exe

After killing all the above processes, click "Back".
Then please click "Scan" and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
O4 - HKLM\..\Run: [jid] C:\WINDOWS\jid.exe
O4 - HKLM\..\Run: [SECRETSERVICE] C:\Program Files\My Love\c4nn0t.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-67-525-0000166.exe

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Program Files\My Love <--- the whole folder
C:\WINDOWS\jid.exe
C:\Program Files\Common Files\services.exe
C:\Program Files\Common Files\mc-67-525-0000166.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

No the firewall in SP2 is not a true bidirectional firewall and does not provide adequate protection. Use one of the ones in the sticky.

If you do not like AVG, use one of the others mentioned. You need an AV.

I missed one item in you log last time. Have HJT fix the below (make sure all browsers are closed before clicking fix).

O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll

Then exit HJT and make sure the below folder is deleted:
C:\Program Files\DNS

You may need to delete from safe mode.

I'm not sure what you mean by the "Project64 for one " in Prefetch. What exactly did you see? And were you or did you use some kind of Nintendo emulator that this related too?

 

Okay! If there are no other malware problems, I assume we are finished. Surf Safely.