My hijackthis log

We downloaded and ran AVG yesterday and it keeps finding these Trojans. It puts them into the vault and we delete them, after it says that our healing efforts failed. They just keep coming back up though. The recent two are both called Trojan Horse Downloader.VB.S. We downloaded HijackThis and followed the instructions to run it. Here's our log file. Please tell us what we need to fix to get rid of these problems. Thanks!

 

Welcome to MajorGeeks.com!

Please follow forum guidelines and perform cleaning steps in the sticky thread before posting HijackThis logs.

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

 

All right, so we went through the steps like you suggested. Here are the log files. Let me know if you see any problems that we should fix.

Make sure you tell us the results from running the tutorial...was anything found? Several trojans and viruses with the AntiSpyware and lots of spyware with several of the other programs.
Were you unable to complete any of the scans?...Were you unable to download any of the tools?...No problems were encountered in these steps
Did you do the on-line scans as suggested? etc. Yes, we completed the steps as suggested

 

Your log indicated that you are not running a software firewall. The Windows firewall is not a true firewall and does not adequately protect your system.

Scan with HijackThis and fix teh following:

Download
- Pocket Killbox
- ExplorerXP

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open ExplorerXP navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Follow the directions for
Running Ewido Security Suite.

Download WinPFind

Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind in the C:\ folder. Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard. Then save it to a file using notepad and upload the text file here as an attachment.

Post the Ewido log, WinPFind.txt along with a fresh HijackThis log.

 

All right, here's what you asked for:

 

Is there anything else wrong? What else do I need to do? What firewall do you suggest? Is there a free one?

 

Using Add or Remove Programs in the Control Panel UNINSTALL the following:

Next follow the directions for Running Hoster.

Copy & paste the contents of the below quote box in to Notepad and Save As FixReg.reg to your desktop.

REBOOT to Safe Mode.

Open Windows Explorer; navigate to a DELETE the following:

Search for and delete D0CE0C16B1.

REBOOT to Normal Mode.

Post a fresh WinPDind log.

 

Okay, I didn't have a few of the things I was supposed to delete, but I got rid of the ones I could find. Here's the WinPFind log, and I got you another hijackthis log just in case you needed it for something.

 

Disable Microsoft Antispyware and Ewido Security Suite.

Run Hoster again.

Open Regedit; navigate to and delete the following key:

Open Windows Explorer navigate to and delete the following directory:

REBOOT

How is your computer running?

 

Things seem to be running very smoothly. I don't think there are any more problems. Thanks for all of your help. What's next? You said something about our lack of firewall being the cause of all of these problems. Can you recommend one? Are there any that are free? Yea... I know... I'm cheap.

 

Disable System Restore and then enable System Restore. This will flush all your restore points and create a new clean one for your system.

System Restore

How to Protect yourself from malware!

 

Alright, I tried the Sygate Personal Firewall Free as listed in the "How to Protect Yourself from Malware!" information, but it wouldn't work. I assume it's because they knew I didn't pay for it. I tried ZoneAlarm and it seems to be working. The only question I have on that is that when I push the "check for update" button on it, I get an error message saying "Cannot determine your currently installed version. Your progam may be installed incorrectly." I'm not sure why it's saying that, but if you have an idea, I'd be willing to try to fix it. Other than that, everything seems to be doing really well. I've run some adware and spybot programs to check for any malware and it's coming up much cleaner than ever before. Thanks so much for your help!

 

ZoneAlarm is a very good firewall. If you are getting error messages it may not have installed properly. Uninstall and reinstall.

 

Thanks! It worked like a charm!