Im pretty sure its not coming from those sites , but just being connected to the net without a firewall and an unupdated version of windows does the trick...
But atleast there is finally an firewall present.
Before fixing things with HijackThis Please Do the Following:
Show hidden files and folders:
For XP:- On the Tools menu in Windows Explorer, click Folder Options.
- Click the View tab.
- Under Hidden files and folders, click Show hidden files and folders.
- If you see a warning message, click Yes.
- Click Apply.
- Click OK.
Disable System Restore to prevent re-infection.
(If you have/use it. You can turn it back on when youre PC is clean).
How to disable system restore:
WinXP.- Click the Start button.
- Right-click My Computer, and then click Properties.
- On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.
And download
CCleaner
Then un-install "MediaGateway" and "webHancer Customer Companion" in add/remove programs if present.
After that boot in safemode (hit f8 when booting up).
Click Start>Run and type in: services.msc
Click OK
In the Services window find:
Command Service
Select/highlight and right click the entry, and choose: Properties
On the General tab, under Service Status click the Stop button
Beside: Startup Type, in the drop menu, select: Disabled
Click Apply, then OK
Open
HJT and click config > misc tools > “delete an NT service”
Copy and past:
cmdService
Click OK.
and fix these with
hjt:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: (no name) - {30977243-EDA5-C951-88FA-C769378EDCC3} - C:\WINNT\System32\
hhhiom.dll
O4 - HKLM\..\Run: [Gpyqa] C:\Program Files\
Ogwplos\Jcbmq.exe
O4 - HKLM\..\Run: [Driv] c:\windows\
mrjj.exe
O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\
MediaGateway\MediaGateway.exe
O4 - HKCU\..\Run: [urwm] C:\PROGRA~1\COMMON~1\
urwm\urwmm.exe
O4 - HKCU\..\Run: [Tewt] "C:\Program Files\
eoas\ruar.exe" -vt yazb
O4 - HKCU\..\Run: [Fnsw] C:\WINNT\System32\
??xplore.exe
O4 - HKCU\..\Run: [WinFixer 2005] C:\Program Files\
WinFixer 2005\uwfx5.exe /scan
O4 - HKCU\..\Run: [WinFixer2005] "C:\Program Files\WinFixer 2005\uwfx5.exe" /min
O4 - Global Startup: winlogin.exe
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} -
http://static.zangocash.com/cab/180s...bridge-c24.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) -
http://cabs.elitemediagroup.net/cabs/mediaview.cab
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\
VHJpc3RlbiBTaGF3\command.exe (file missing)
Then delete the files/folders in bold , run Ccleaner and do a manuall search for "winlogin.exe" and delete all you find.
Reboot and post a new
hjt log to check.
PC Help Forum
» Security & Safety
» [Fixed] Hijackthis! Logs
»
[Resolved] I have returned!!
[Resolved] I have returned!!
PraisJah!!! You PROMISED! You need to not only upgrade but finish protecting your PC. If you don't read that article in my signature, PCHF Protecting Your PC, and follow it, I am not going to let Joe help you anymore!!
(Well OK, not really, but darn it all to .... you keep messing up your PC!)
Linear Mode
