It is gone! No more hggffgd.dll file found
I have reason to believe that I am clean now. Because when I was scanning and fixing my computer a box appeared saying unable to find internet connection randomlly every 30 minutes, something like that. That was because my internet was gone for security reasons but Vondo kept on trying to connnet to it.
Now, after I removed it, I did not get the message.
1)Why is it that when I told HiJackThis to delete hggffgd.dll on reboot, it failed? Was it because, the virus was made to look like an OS file?
2)Does the AVG Anti-Spyware Program work for free (I mean, I know it does not auto protect but does it still manually update and disinfect). I love that program. Thank you so much, it did the trick, after failing to remove the file it restarted and deleted it on reboot.
3)I removed the Winlogon Notify registry entry, hence it does not appear in HiJack This.
4)The second extry for hggffgd.dll is gone after AVG deleted the file.
5)Today in the morning as I was on the internet reading the forums, I got a message from Spyware Doctor, that something entered my computer. I immedialtly knew the file downloaded something. It was lots and lots of Vondo. But thanks to your program, VondoFix, it removed all the dll's with ease. So I did not have to waste time, searhing and finding these files and deleting them manually after I removed hggffgd.dll
Here is my AVG Anti-Virus Log:
Code:
C:\System Volume Information\_restore{7167BCE7-B0B2-428A-B01D-39F2A9232A8C}\RP103\A0062078.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7167BCE7-B0B2-428A-B01D-39F2A9232A8C}\RP104\A0063106.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7167BCE7-B0B2-428A-B01D-39F2A9232A8C}\RP103\A0062071.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7167BCE7-B0B2-428A-B01D-39F2A9232A8C}\RP104\A0063128.exe -> Adware.ValueAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7167BCE7-B0B2-428A-B01D-39F2A9232A8C}\RP104\A0063216.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7167BCE7-B0B2-428A-B01D-39F2A9232A8C}\RP103\A0062076.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\Documents and Settings\G\Local Settings\Temp\Cookies\g@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
C:\System Volume Information\_restore{7167BCE7-B0B2-428A-B01D-39F2A9232A8C}\RP104\A0063176.dll -> Trojan.Agent.acl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7167BCE7-B0B2-428A-B01D-39F2A9232A8C}\RP103\A0062098.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7167BCE7-B0B2-428A-B01D-39F2A9232A8C}\RP103\A0062104.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7167BCE7-B0B2-428A-B01D-39F2A9232A8C}\RP103\A0062074.exe -> Trojan.Small : Cleaned with backup (quarantined).
Here is my HiJackThis log (after I updated it by removing an entry).
Code:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Grisoft\AVG Anti-Spyware\avgas.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Grisoft\AVG Anti-Spyware\guard.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Files\HiJack This!\AnalyzeThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F2DA3C9-7F6C-B30E-95CC-00D31CEB09F3} - blank (file missing)
O2 - BHO: (no name) - {494ED3C8-6FCE-422E-B64A-37AB0DF8A144} - blank (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = D:\America Online 9.0\aoltray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156198480769
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware\guard.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
6)I used Spyware Doctor, it found some malicious ActiveX in the registry, My guess it is the remanants of the deleted Vondo (and other trojans).
7)I used Spybot Seach and Destroy. Again nothing serious just remanants of the registry files after the deleted trojans.
Look in the attachment.
I am about to use Panda-Active Scan and then perhaps use Bit-Defender (if I have time, that one takes so long).
Now I got two questions:
A)Is there an excellent, fully functional and free anti-virus program. Because as I see anti-spyware products are not as secure.
B)This question, I kept on asking and still no response. I would really like to know, is why I could have not fixed the problems in HiJack this. I did not because you did not tell me to, but I really wanted to, why could that not work? Is it because it will not let? Or do serious damage to OS?
Thank you again.
I just wanted to add, that though, AVG found something it was not dangerous because it was in the System Restore folder and was not being used by the computer.