Member Panel

PraiseJah

Alright, I've been suffering with my computer for a while because I didnt wanna take up your time so soon after asking for all that help with my cousin and stuff. . . not to mension the fact that its probably my fault its gotten this bad again for not going and getting SP2. I promise, I will go and do that after this. lol anyway, its freezing, bringing up about 9000 pop ups, and the whole nine yards. . this program called Winfixer 2005 popped up and scanned my Hd (I have no idea where it came from) and tells me I have like 2500 invaild files of somthing like that (but of course you have to pay 20 in order to register it and fix them.). . oh and if you hadnt already guessed, I havent been able to wipe my computer yet. oh and also I've run ewido like every night and it always finds like 35 things wrong. . . *hangs head in shame* I'm a bad computer user. lol

Thank you guys!!

joe5

Its pretty bad again..

Can you download and run Stinger , Vcleaner and run one or more online AV scans? See below for links. And then post a new hjt log.

Spaceman3750

Hey Jah,
Unless Panda includes a Firewall, part of the problem is that you have no firewall installed. May I recommend Zone Alarm Personal as a free solution?

ladygreenwitch

PraisJah!!! You PROMISED! You need to not only upgrade but finish protecting your PC. If you don't read that article in my signature, PCHF Protecting Your PC, and follow it, I am not going to let Joe help you anymore!!

(Well OK, not really, but darn it all to .... you keep messing up your PC!)

Where the heck do you visit that you keep getting infected like this?

Look forward to your reply,

TTFN

LGW

PraiseJah

To be honest, I dont know where it all comes from. I dont surf the net that much. I go to Gamefaqs.com for faqs and walkthroughs on games. I go to www.watchtower.org for research and study. I do to pchelpforum :-P ummm hotmail. . . Xanga. . . and thats about it. . lol anyway, here is my new HJT log and I downloaded that ZoneAlarm Firewall thing lol. it has some really neat options.

P.S. I'll read the thingy in your signature but I know you wouldnt ban me, you all love me to much. :-P

ladygreenwitch

:kiss: You know it's true!

@Joe, any of these sites ring a bell as to where PJ might be picking up these infections?

TTFN

LGW

joe5 · 05:42 PM

Im pretty sure its not coming from those sites , but just being connected to the net without a firewall and an unupdated version of windows does the trick...

But atleast there is finally an firewall present.

Before fixing things with HijackThis Please Do the Following:

Show hidden files and folders:

For XP:

On the Tools menu in Windows Explorer, click Folder Options.
Click the View tab.
Under Hidden files and folders, click Show hidden files and folders.
If you see a warning message, click Yes.
Click Apply.
Click OK.

Disable System Restore to prevent re-infection.
(If you have/use it. You can turn it back on when youre PC is clean).

How to disable system restore:

WinXP.

Click the Start button.
Right-click My Computer, and then click Properties.
On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.

And download CCleaner

Then un-install "MediaGateway" and "webHancer Customer Companion" in add/remove programs if present.

After that boot in safemode (hit f8 when booting up).

Click Start>Run and type in: services.msc
Click OK
In the Services window find:

Command Service

Select/highlight and right click the entry, and choose: Properties
On the General tab, under Service Status click the Stop button
Beside: Startup Type, in the drop menu, select: Disabled
Click Apply, then OK

Open HJT and click config > misc tools > “delete an NT service”
Copy and past:

cmdService

Click OK.

and fix these with hjt:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: (no name) - {30977243-EDA5-C951-88FA-C769378EDCC3} - C:\WINNT\System32\hhhiom.dll
O4 - HKLM\..\Run: [Gpyqa] C:\Program Files\Ogwplos\Jcbmq.exe
O4 - HKLM\..\Run: [Driv] c:\windows\mrjj.exe
O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O4 - HKCU\..\Run: [urwm] C:\PROGRA~1\COMMON~1\urwm\urwmm.exe
O4 - HKCU\..\Run: [Tewt] "C:\Program Files\eoas\ruar.exe" -vt yazb
O4 - HKCU\..\Run: [Fnsw] C:\WINNT\System32\??xplore.exe
O4 - HKCU\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\uwfx5.exe /scan
O4 - HKCU\..\Run: [WinFixer2005] "C:\Program Files\WinFixer 2005\uwfx5.exe" /min
O4 - Global Startup: winlogin.exe
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/180s...bridge-c24.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\VHJpc3RlbiBTaGF3\command.exe (file missing)

Then delete the files/folders in bold , run Ccleaner and do a manuall search for "winlogin.exe" and delete all you find.

Reboot and post a new hjt log to check.

Member Panel

Sponsors and Ads

Join the Team

Live Tag Cloud