Dire Need Of Help With Virus

[chloedog]

ok- I clicked on fixed check and everything cleared- is that correct?  I did not get any message such as finished or anything.  Now what do I do?  Thanks.

[polonus]

Howdy Cloedog,

When it is all-right, you can now run another HijackThisLog, safe it
as a logfile, and post it, so we can see if the nasties have left your machine. I think they have, but we have to check the log first.
Later if the log is sound looking, we are going to scan the computer completely, and then run the anti-malware programs so you keep the slimewareaway. First think, then click. Free toolbars is no options, mostly it comes at a price, and you paid yours now.
So keep a clean machine.

polonus

[chloedog]

Logfile of HijackThis v1.99.1
Scan saved at 6:26:44 PM, on 6/30/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\intel32.exe
C:\Program Files\Winferno\Secure IE\SIEPulse.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\America Online 8.0\aol.exe
C:\Program Files\America Online 8.0\waol.exe
C:\Program Files\America Online 8.0\aolwbspd.exe
C:\Documents and Settings\Debbie Diamond\Local Settings\Temp\Temporary Directory 3 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\DEBBIE~1\LOCALS~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\DEBBIE~1\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ADOBE 6\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {20F6DD0F-FDB2-4B82-8980-54DAA19F641B} - C:\WINDOWS\System32\jfge.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [intel32.exe] C:\WINDOWS\System32\intel32.exe
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [SIE2004] "C:\Program Files\Winferno\Secure IE\SIEPulse.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E24A4EB9-B1BF-4BDC-A998-B019E1886D46}: NameServer = 205.188.146.145
O18 - Filter: text/html - {E39C5294-3AFA-46F5-821F-2D6310E3C4D5} - C:\WINDOWS\System32\jfge.dll
O18 - Filter: text/plain - {E39C5294-3AFA-46F5-821F-2D6310E3C4D5} - C:\WINDOWS\System32\jfge.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

[polonus]

Hi Chloedog,

Yep. With this HJT log you can feel as snug as a bug in the proverbial rug, OK dear. You can find your results here:
http://hijackthis.de/logfiles/d7d6d2ca54cce097b6f7d406cde51691.html
Update the IE or turn to a safer browser like Firefox or Opera.

Safe surfing and stay clear of mal- and slimeware,

best greetings from the old continent,

polonus

[chloedog]

sorry to bother u again....should I start all over and run the avast scan?  First I'll restart computer- right now my computer still has the alert of a virus so I guess it's not clear yet.  Also, there's one possible danger on results page- should I delete the item and to do so do I start hijackthis again?  Thanks so much!!

[polonus]

Hi chloedog,

You do that. Could be that the BHO return when you are not in safe mode, but I doubt it. Do a complete AVAST scan. If one of the thingies FIXER mentioned staid behind, clear the out with ToolbarCop. This proggie is specially made to deal with the wrong searchbars and browser helper objects. Download Firefox 1.04, it is better, safer, and a lot of crap cannot get on your comp any longer. All that AVAST finds goes into the chest, it is safe there. Have a nice day there in NY,

greets,

polonus

[DavidR]

1. you need an urgent visit to windows update your OS is very out of date as will be your IE browser.

2. You also need to update Sun Java.

3. I may be wrong but I don't see a firewall installed, this is playing Russian Roulette with an automatic.

Resolve the three issues above or you will be fighting a loosing battle as fast as you get rid of stuff it or others will replace it.

I would also suggest using firefox as your browser.

The HJT log is full of Nasty, unknown, un-necessary stuff, see this on-line analysis of your log (available for three days).

Edit: Ooops missed the link for the analysis of your log file - http://hijackthis.de/logfiles/85f9bca9c074077969c3b4ff796e2c94.html

[FreewheelinFrank]

Hi chloedog,

Glad to see you got some help. I hope everything is OK, now?

If you're still having problems with Trojan-Spy.HTML.Smitfraud.c, the Panda online scanner should detect and remove it. (They call it Trj/Citifraud.A.):

http://www.pandasoftware.com/products/activescan/com/activescan_principal.htm

A firewall is essential as DavidR said. You seem to be with AOL: isn't there an option to turn on a firewall in the AOL security centre?

[polonus]

Hi chloedog,

You need to update your Microsoft XP, run SP2, definitely take a firewall ZoneAlarm  is free, else you run into new nasties before you can say Jack Russell or you can download a new HJT log. Absolutely vital to do this. Your line of defense should be: a good AV product, like AVAST, a good and safe browser last version, good Java = Sun Java last version, good firewall ZoneAlarm last version, anti-adware solution like Ad-Aware, Spybot S&D, SpywareBlaster, a-squared anti-trojan scanner or Ewido, and then we can talk about a reasonable first defense line. Install these free programs, and stay happy.

greets,

polonus

[chloedog]

I can't download anything b/c it says my ActiveX is not running or something like that...how do I install or make ActiveX run?  Thanks

[FreewheelinFrank]

Click on Tools in Internet Explorer then Internet Options>Security.

Click on the globe (Internet.)

If there is a slider, make sure it is set to 'Medium'.

If you see 'Custom Level', make sure 'download signed ActiveX controls' is set to 'prompt' and 'run ActiveX controls and plug-ins' is set to 'Enable'.

[chloedog]

still not working- what about download unsigned activex controls?  set it to what?  I must've tried downloading a couple of spyware protection and downloaded PC Resuce which I just paid for & can't use till I get the download instructions in my email after the payment is processed (which it already has been)  *sigh*  Whenever I try to go to IE is when I get the warning that I have a virus and I keep clicking on Move To Chest.... when I ran the PC rescue scan it found 189 problems!  Is this ever gonna be fixed?  I have no idea what programs to unistall, remove, etc.  I can't update windows cause of the Activex problem...

[chloedog]

I also get this Error message:  RUNDLL
Error loading C:\Docume~1\Debbie~\Locals~1\Temp\se.dll
The specified module could not be found.

[FreewheelinFrank]

Run HijackThis! again and fix this entry. Reboot and you should be ok.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\DEBBIE~1\LOCALS~1\Temp\se.dll/spage.html

[DavidR]

That is one of the entries flagged as Nasty (and should fix) in the link to the on-line analysis of your log file. Did you visit the link and use it to select the items to fix?

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\DEBBIE~1\LOCALS~1\Temp\se.dll/spage.html     Nasty
This entry should be fixed by HijackThis!