Hijack this log

kbeaubs · Apr 27, 2009

My Mozilla is freezing up constantly and when I click on links it is saying they are not found. I have run malware, AntiSpyware, AVG, and Ad-Aware(?)

Help!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:23:42 PM, on 4/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Edit by chaslang: Inline HJT log removed. READ & RUN ME FIRST. Malware Removal Guide sticky not followed.

kbeaubs · Apr 23, 2009

My appologies. I didn't complete all suggestions before printing that hijack this log. Since then, I have completed everything including the combofix. Attached are the files.

Unfortunately in order to run combofix, I had to completely remove my AVG. Is this possibly the problem? Is it safe to reinstall AVG?

Thank you for your help!

dr.moriarty · Apr 27, 2009

Hello, kbeaubs

First - yes... you should not connect to the internet without an anti-virus program installed and working.

Second - You need to attach the below logs created by running the requested scans

SASlog.txt log from SuperAntiSpyware.

Malwarebytes Anti-Malware log

ComboFix.txt (normally C:\ComboFix.txt)

MGlogs.zip - normally it is C:\MGlogs.zip - only attach this log from MGtools.exe DO NOT attach any logs seen in the MGtools folder.

Be patient after posting your logs and wait for one of the helpers to get to you. It can take a while to read thru all of the logs and to create individual fixes for you.

dr.m

kbeaubs · Apr 27, 2009

Hiya Doc.

I have also attached an ActiveScan log. I hope this helps.

I can't seem to find the combo fix txt or the Mglogs. I'm saving this so I can work on it.

kbeaubs · Apr 27, 2009

I found the Combofix log under log.txt (attached)

I appologize. I'm not sure what MGlogs is or where to find it.

dr.moriarty · Apr 27, 2009

Hello, kbeaubs

kbeaubs said: ↑

I'm not sure what MGlogs is or where to find it.
Click to expand...

According to your logs, you did download MGTools.exe to your C: drive - which is also where the MGLogs.zip would be located; provided you did run the executable.

dr.m

kbeaubs · Apr 28, 2009

Ahh. Got it.

I hope this is everything!!

dr.moriarty · Apr 29, 2009

Hello, kbeaubs

I am currently reviewing your logs and will get back to you with a set of instructions as soon as possible. Our queue is working the oldest threads first.

Thanks for your patience.
dr.m

dr.moriarty · Apr 30, 2009

Hello, kbeaubs

The below fixes are specific to your problem and should only be used for issue(s) on this machine. Also, please do not install any other software while we are still working with you unless instructed. Once we have given you the all clean and final instructions you will be free to install what you want.

I strongly recommend that you clean up your Desktop immediately leaving only links. Do not store downloads, exe files, iso files....etc on your Desktop. First it is not a safe place to keep them (i.e., you may loose them due to malware, and a cluttered Desktop is an easy hiding place for malware), and last but not least it can have an effect on your PCs performance.

An observation - Ad-Aware is becoming useless in detecting and removing malware...SAS & MBAM are far better tools.

Note: You're in need of a RAM upgrade.
Total Physical Memory ------ 512.00 MB
Available Physical Memory --- 88.61 MB

Step 1:
Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Step 2:
Using Windows Explorer - navigate to and delete the following:
C:\WINDOWS\system32\yohuruki

Step 3:
Open Ccleaner - select "Cleaner" > "Run Cleaner" <---use this ONLY

Step 4:
Now install the latest Sun Java Runtime Environment

Step 5:
Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, use right click and select Run As Administrator).

Then attach the below logs to your next reply:

C:\MGlogs.zip

Make sure you tell me if you had any problems running this procedure and give a description of how things are working now!

dr.m

kbeaubs · Apr 30, 2009

Thanks so much for the help doc. I have drastically reduced items on my desktop, and will continue to do so after this message.

Attached is the zip file. I have accomplished all requests except the Ram. I assume I can just go to Best Buy tomorrow and pick that up. I have also removed ad-aware.

Thank you so much for the help.

dr.moriarty · Apr 30, 2009

You're Welcome!

I may be able to post back tonight on your log...but definitely tomorrow.

dr.m

PS: You'll see improvement with 1gb.

dr.moriarty · May 1, 2009

** OPTIONAL: You may want to use this to de-select some un-needed applications and processes from loading at startup.
Startup_Control_Panel_Standalone

You could get help with sorting through them by posting a new thread in our Software Forum.

------------------------------------------------
Your logs look good! If you are not having any other malware problems, it is time to do our final steps:

We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significan amount of resources ( except a little disk space ) until you run a scan.

If we had you use ComboFix, uninstall ComboFix (=This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required

"%userprofile%\Desktop\combofix" /u

Notes: The space between the combofix" and the /u, it must be there.

This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

Delete the C:\combofix folder from combofix (if it exists)

If we had you run Avenger, you can delete all files related to Avenger now.

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.

If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Go to add/remove programs and uninstall HijackThis.

You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip

If you are running Vista, Windows XP or Windows ME, do the below:

Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.

Then reboot and Enable System Restore to create a new clean Restore Point.

After doing the above, you should work thru the below link:

How to Protect yourself from malware

Click to expand...

Safe surfing! http://i268.photobucket.com/albums/jj5/drmoriarty/Emoticons/char145.gif

kbeaubs · May 1, 2009

I sure do appreciate the help Doc.

I am still getting the error that it can't find a link. For example:

"Warning
Cannot find "http://www.ballparkdigest.com/"

Error - Server cannot be found"

It happens for any site including this one.

Tonight I get to buy more Ram!!!

dr.moriarty · May 2, 2009

Ok, kbeaubs - first some questions:

1) Exactly when do you get that warning message?
2) Are you going to that URL via clicking a link or are you directly entering it into your browser?
3) Does it happen with all browsers?
4) Does it happen for all sites or only certain ones?
5) Have you tried using an IP address instead of a URL?

Then run this online scanner. Please follow the instructions in the below link and attach the log.

Running Kaspersky Online Scanner

dr.m

kbeaubs · May 3, 2009

Hiya again Doc.

Wow was that a long scan. It found absolutely nothing, so it didn't have a log to save. All it said was "No malware detected"

All I am doing when I get directed to a bad screen is either clicking on a link (for example, some of the links you have directed me to) OR typing in the web site. It only happens about once every 5th time.

It does happen using both Firefox and I.E.

All your help has been wonderful. I sure appreciate these efforts. Any other thoughts on what I can do?

kbeaubs · May 5, 2009

Well, an unbelievable twist of events occurred.

Yesterday things kept getting worse and worse until finally I had no internet capability. I couldn't even get on with my company laptop. That caused me to call Comcast.

They advised me that the very specific modem that I have is causing them big time problems. They said they've been sending new software over to the modem for several days with no effect.

Bottom line is this. It appears the problem was the modem. I will keep you posted on any other changes as now that the new modem is in place, I haven't had one issue.

Again, thank you for your help!!

dr.moriarty · May 11, 2009

I've started a new job and missed your post, kbeaubs. I'm glad that you found the cause of your connection problems.

Good Luck with your PC and glad to be able to help you.

dr.m http://i268.photobucket.com/albums/jj5/drmoriarty/Emoticons/char145.gif

Log in or Sign up

Hijack this log

kbeaubs Private E-2

kbeaubs Private E-2

Attached Files:

catchmelogapril23.txt

hijackthis.log

dr.moriarty Malware Super Sleuth Staff Member

kbeaubs Private E-2

Attached Files:

Activescan3.txt

SUPERAntiSpyware Scan Log - 04-27-2009 - 20-31-17.log

mbam-log-2009-04-25 (13-34-02).txt

kbeaubs Private E-2

Attached Files:

log.txt

dr.moriarty Malware Super Sleuth Staff Member

kbeaubs Private E-2

Attached Files:

MGlogs.zip

dr.moriarty Malware Super Sleuth Staff Member

dr.moriarty Malware Super Sleuth Staff Member

kbeaubs Private E-2

Attached Files:

MGlogs.zip

dr.moriarty Malware Super Sleuth Staff Member

dr.moriarty Malware Super Sleuth Staff Member

kbeaubs Private E-2

dr.moriarty Malware Super Sleuth Staff Member

kbeaubs Private E-2

kbeaubs Private E-2

dr.moriarty Malware Super Sleuth Staff Member