help with my hijackthis log file

hey im new here and am not sure where this goes...i also do not know a hell of alot about computers...i know i have some serious crap wrong with my computer...ill post my log files and if you can tell me how to remove any of the bad things it would be excellent.
[log removed]

is that how it is done??

anyway any help will be very much appreciated...

 

oops im so sorry..i just read about not posting before being asked..im sorry.

i have ran my VET anti virus and it picks up expliot torjans..i read on another forum that deleting the .jar cache in java will fix..i deleted them and ran another virus scan and this time only 1 exloit torjan came up opposed to 5-6.

i have downloaded spybot,adaware,spyware doctor and they pick up spyware but they do not seem to delte them...spybot jsut stops and says "not responding". when running spy doctor it picks up riongs 1800 solutions and many more and i press remove but they do not remove...as i said in my previous post i do not know a hell of alo about computers...so please help.

 

did you go through our first tutorial?

 

to tell you the truth i dont really understand it 100 %....i said i dont know alot about that computer stuff...so if someone could take a little bit of time to maybe make it easyier?or walk me through it would be great.

 

so if someone could jsut look at the logfiles i psoted up first..and tell me it.

 

The tutorial spells things out pretty well. It will get rid of a lot of crap that would otherwise clog up a HJT log! If you have any questions, just ask. We are happy to walk you through it

- Try to do the Online Scans
-Make sure you run McAfee AVERT Stinger and a-squared (in the additional steps section.)

Best,
PP

 

Slater1,
Please follow these instructions for HijackThis:

Note that your HijackThis should be up-to-date (v1.98.2) and MUST be extracted to its own safe folder - C:\Program Files\HijackThis

If you need a Fresh Download of HJT, get it HERE: HijackThis 1.98.2

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt file and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

As I mentioned in the PM, you should try to familiarize yourself with Safe Mode, System Restore and the tools in the Tutorial. You will likely still need to use them. I'll check back when I get a chance.

PP

 

this i what i did before i got your pm..i did a scan and evertything was closed...i then read the tutorial that described what everthing meant{ R0,O8}ETC..i then read and went to the links that it provided to see what some of them were...i did that found the bad ones and deleted...is that ok?...it was not in safe mode...is that a problem?if so what should i do...?and how the hell do i get to "safe mode"???please if philliephan doesnt come on often then could someone else please answer this...

 

this is what my log file is now....

 

Dude. . . Relax. Take a deep breath or two.

What I'd like you to do is to REBOOT to Normal Windows and then scan with HijackThis as per the instructions in my last post.

Then, ATTACH the log as per the instructions in my last post.

I'm cutting out for a bit - I'll take a look at your log when I get back, if somebody doesn't beat me to it.

Read the tutorial (it instructs you on how to boot to Safe Mode) and the FAQ while you're waiting. Everything is explained very well! Frequently Asked Questions (Read Only)

Hang in there

PP

 

Please move HijackThis to its own Safe folder C:\Program Files\ HijackThis

Back in a bit,
PP

 

how mate? i got hijackthi and i moved it into programs and files and made a new folder called hijackthis and moved it there.

 

ok,

i turned off system restore then rebooted..i then scanned {BUT it wasnt in its own file i:e-not in c:\prgram files\hijackthis}i then saved the log...

 

ok ok,

this should be it..i followed your instructions to the best of my knowledge and ability and read the FAQS...this is the log

 

Hi Slater1,

P2P crap like Ares is a good way to land more malware on your computer. I suggest you dump it.

Please print out these instructions so that you can operate with All Browser Windows CLOSED.

Please make sure System Restore is OFF and the Viewing of Hidden Files is Enabled as per the tutorial.

Now, look in Task Manager (Ctrl-Alt-Del) for the following running processes and END them:
mghzgn.exe
ytqvshcf.exe
Ares.exe

Now scan with HijackThis and check the boxes for the following:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: jimmyhelp.CBrowserHelper - {408BCCA1-FBC5-47DB-9D16-CBEF8EEFD7C1} - C:\WINDOWS\vybhbt.dll

O2 - BHO: mprapdd - {75019F0B-2531-B3A4-10D8-84A10A4EA426} - C:\WINDOWS\System32\mprapdd.dll (file missing)

O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll

O4 - HKLM\..\Run: [riktfdasdhps] C:\WINDOWS\System32\mghzgn.exe

O4 - HKLM\..\Run: [ytqvshcf] C:\WINDOWS\ytqvshcf.exe

O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\dimity\My Documents\Ares\Ares.exe" -h

Again, make sure All Browser Windows are Closed when you Click FIX.

Now boot into Safe Mode and DELETE:

C:\Documents and Settings\dimity\My Documents\Ares
C:\WINDOWS\ytqvshcf.exe
C:\WINDOWS\System32\mghzgn.exe
(Again, you must be able to view Hidden Files, as per the tutorial, to find all of these.)

Reboot to Normal Windows and Scan with HijackThis and attach that log. Let us know of any problems you may have encountered with the above instructions and how your computer is running now.

Best luck
PP

 

Thanks Chas! - I promised to check back and post a fix, but real life intruded & I am a bit rushed. The 2 BHOs didn't even register in my tiny brain!

Slater1 - Please download the tool that Chas linked. You may need to use it if your LSP chain is broken.

Likewise, follow his recommendation to uninstall Ares via Add or Remove Programs. While you are at it, look for Quick Search as well.

Also, add these to be DELETED in safe mode:
C:\Program Files\QuickSearch
C:\WINDOWS\vybhbt.dll

Again, let us know if you run into any problems.

PP

 

ok..first of all thank you both very much for taking time out and helping me.

i have deleted ares...now i just wanna ask...

i scan using HJT- i check the boxes that you said in your post,{with sys restore off etc}

i then boot into safe mode and delte the problems,now where will these problems appear? do i jsut go to HJT agian and they are there?

i have looked in the task manager and dont see mghzgn.exe,ytqvshcf.exe or ares.exe.

i then delete to normal windows and scan...

is that it?

 

*edit*

 

i did the above ,i found and deleted C:\Documents and Settings\dimity\My Documents\Ares using stinger but could not find the other 2 {C:\WINDOWS\ytqvshcf.exe
C:\WINDOWS\System32\mghzgn.exe}

and yes i did have view hidden files checked.

i am totally lost tbh...so please a step by step on every little step would help me immensly.

 

there was a file in the tho >windows>system32> rundll32.exe file
it looked wierd but i didnt know if i should delete coz you didnt mention that in your post. so all in all im back at square one...just now i dont have ares..

 

ive actually noticed that medload and a few other spyware etc are now gone..i am now running my anti virus to see if it picks anything up.will let you know how it goes.

 

ok ran the virus scanner and got this..:

C:\Documents and Settings\dimity\Local Settings\Temporary Internet Files\Content.IE5\85MJ4DUR\pop[1].htm>unknown - JS.ModalDZoneBypass.exploit trojan.


C:\Documents and Settings\dimity\Local Settings\Temporary Internet Files\Content.IE5\85MJ4DUR\pop[1].htm contains infected files.

they are the only ones...before i had 6-7 ..now only these 2...it says they are in temp internet files BUT i cant get into the temp files...i go to>control panel >internet options>delete files but then the screen will freeze and say" not responding" ..i then found the temp internet files and tried to remove them manully but some like java and others still stay there while some things get removed like old pictures and stuff that i have gone to on the net.

thanks.

 

just ran my scan after running CCleaner in safe mode..and got this:


NOTHING!!!!!!!!

no virus.. looked in temp internet files....NADA...

thanks heaps guys chaslang,PhilliePhan sorry about using up your time..but thanks heaps...