I need help: here's my HJT log!

Hey guys!

Today I redid the whole procedure on the "Read and run" thread for the second time in the same week, and the programs were still unable to solve some problems. In particular, the file "n63vgjdn" comes up often in the reports, and my firewall has just warned me that the file tried to get access to internet or something. So anyways, here are my HJT log and my Bitdefender and Panda reports. I really hope one of you guys can help me with this, and that I am not imagining this whole threat! By the way, this website is great, what you guys are doing for us computer dummies is quite amazing! Thank you so much!

Éva

 

Welcome to MajorGeeks.com!

Please see the below threads on how to install and run Spy Sweeper and Ewido Anti-Malware. After you ran both programs, attach the logs to your next post along with a fresh HJT log from normal mode.

• Running Spy Sweeper...
  
  
• Running Ewido Security Suite ...

 

I installed both programs and ran them. Everything went well, except when I tried to open my Web browser after I was done: no web sites would appear, not even the homepage. I decided to delete Spy Sweeper and Ewido from my computer, after which my browser did open (I was kind of stressed out at that point!) By the way, I was looking for a way to remove Lycos SideSearch from my computer today and I came across the Spy Sweeper site. It suggested a procedure to manually remove the sidesearch, which I tried, but unsuccessfully because none of the files that had to be removed were present on my computer. I had hoped Spy Sweeper would get rid of the thing but it didn't. I guess I'm stucked with it. Anyways, here are the logs. Thank you so much for your help, you have no idea of how much I appreciate it!

Éva

 

Please look in Add/Remove Programs for the following and uninstall them if found:

Messenger Plus! 3

AntiVir OR Norton AntiVirus
(You need to pick ONE and uninstall the other)

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

O2 - BHO: (no name) - {00000000-0000-4B81-827F-BF759E9CFF84} - C:\Program Files\Lycos\IEagent\IEagent.dll (file missing)
O2 - BHO: (no name) - {A91EED8A-2E1E-8BA3-6FA0-6443928FCDA0} - (no file)
O2 - BHO: Scriptlet.Tools - {EEBA788A-C268-492A-B7FE-42C2B6C553D4} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bin\bin.dll

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [n63vgjdn] C:\Program Files\n63vgjdn\n63vgjdn.exe
O4 - HKLM\..\Run: [Gqssffa] C:\Program Files\Warg\Ofivf.exe

O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\Program Files\Messenger Plus! 3 ← Delete this whole folder if it exist!

C:\Program Files\n63vgjdn ← Delete this whole folder if it exist!

C:\Program Files\Lycos ← Delete this whole folder if it exist!

C:\Program Files\Warg ← Delete this whole folder if it exist!

C:\Documents and Settings\All Users\Application Data\Bin ← Delete this whole folder if it exist!

Next, run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:

• Temporary Files
• Temporary Internet Files
• Recycle Bin

And Click OK.

After you complete the above, REBOOT and proceed with the rest of this fix...

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

Hello again!

I just finished doing what you suggested. Everything went rather well. Most of the files were present on my computer and I was able to delete them. Neither Ad-Aware nor Spybot has detected any malicious software. Plus, Lycos seems to be definitely removed! Just for that, I cannot thank you enough! But I do have another question: when I removed Ewido from my computer, I didn't delete the quarantine files and report logs. Should I delete them now? Anyways, here's a fresh HJT log. And again, thank you so much for your help!

Éva

 

Yes, I would go ahead and delete those files.

Your HJT log is clean, are you having any further problems?

 

Nope, everything is going just great!
Thanks again for your help! I really appreciate it! You're my savior!

Éva

 

Your Welcome!

You should see this article on How to Protect yourself from malware!

Surf Safely!