Newbie with a problem..

Re: Hijackthis log

Please do not start multiple threads. I assume this is related to the thread you already started. You must remain in one thread.

Also, even though you are implying you cannot download anything, that does not mean you cannot read the instructions in the sticky threads. No logs should be posted inline. They must be attachments.

I'm merging you back to your first thread. And I will look at your HJT log after I attach it.

 

Re: Hijackthis log

Make sure viewing of hidden files is enabled (per the tutorial).
Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-9672ECD9D99B} - C:\WINDOWS\system32\winbrume.dll
O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hp5903.tmp (file missing)
O2 - BHO: (no name) - {C8F21DFE-B35C-4274-82EC-1E072D09025E} - C:\WINDOWS\system32\winbrume.dll
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\system32\winbrume.dll

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

I already gave you steps to do in message # 6. Just run them. And if you do not have CCleaner, just empty the below manually:
C:\windows\Temp <--- delete all files and folder in this Temp folder. A few from the current date will not be deleteable.
Then click Start, Run, and enter %temp% and click OK! Now select all files in this folder that pops up. This folder will be something like:
C:\DOCUME~1\username\LOCALS~1\Temp

where username will be your actual user account name.

Then empty the Prefetch folder as mentioned.
Then empty your Recylce Bin.

 

Please do not post logs inline! You must ATTACH them to your messages as the directions in the READ & RUN ME FIRST Before Asking for Support sticky thread indicate. Also you now need to try to follow the READ & RUN ME sticky. Make sure you get the proper version of HijackThis as given in step 7 of the sticky. Attach the two online scanner logs from step 6 and a new HJT log when finished.

 

Not really! Norton misses many things! So do other antivirus programs. Also remember there is a difference between antivirus and antispyware programs. While there is overlap, they are not the same.

You have signs from a SmitFraud infection. Run the steps in the two below procedures. You may not see many of the things mentioned in the second procedure for SmitRem (like various filenames and process names), just skip that name and continue thru all steps and attach the Ewido, smitfiles.txt, and also get a new Panda log when finished.

Running Ewido Anti-Malware

SpywareQuake Removal Procedure

 

Okay! Delete the below if still found:
C:\w.exe
C:\Program Files\Internet Explorer\setup45.exe
C:\Program Files\Internet Explorer\update.exe
F:\save folder\ops\Security\Arsenal\IRC MegaPac\ae.zip
F:\save folder\Save4mail\Internet Stash\stuff\Downloaded Progs\Download agents\GetRight\TSUninstaller.exe
F:\save folder\Save4mail\Internet Stash\stuff\Downloaded Progs\Winamp\Plug ins\milkdrop_099c.exe

Empty your Recycle Bin and Norton Nprotect folder as indicated in step 0 of the READ ME.

After this you should be clean. If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!

 

You're welcome. Surf safely!