I am having a problem when i use a search engine is always brings me to asiuoqgusdbaksd.com. I tryed to clean up my computer with Trend Micro PC but it says it doesn't find any viruses. My firefox quit working also. I am empty the temp internet files and stuff but I'm not sure what else to do.

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------


Click here (http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe) to download HJTinstall.exe

Save HJTinstall.exe to your desktop.
Double click on the HJTinstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\Hijack This.
Click I accept
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.




Installed Programs

Please could you give me a list of the programs that are installed.

Start HijackThis
Click on the Misc Tools button
Click on the Open Uninstall Manager button.


You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.

Here is the log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:12:17, on 7/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
O2 - BHO: (no name) - {37F0C601-C555-491B-BDEE-EAAD0BB7A31A} - C:\WINDOWS\system32\ddcCVpml.dll (file missing)
O2 - BHO: 931928 helper - {5F6D7A37-A3D1-47F1-920D-3F48370D509B} - (no file)
O2 - BHO: (no name) - {5FC728BE-EBA3-4076-A401-2EEA7DB4B217} - C:\WINDOWS\system32\cbXNDTMc.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MDNS] C:\WINDOWS\system32\service.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [100d4d65] rundll32.exe "C:\WINDOWS\system32\uiadpxxh.dll",b
O4 - HKLM\..\RunOnce: [TSC] "C:\PROGRA~1\TRENDM~1\INTERN~1\tsc.exe" /HD
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-1085031214-484763869-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Matt')
O4 - HKUS\S-1-5-21-1085031214-484763869-725345543-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Matt')
O4 - HKUS\S-1-5-21-1085031214-484763869-725345543-1004\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Matt')
O4 - HKUS\S-1-5-21-1085031214-484763869-725345543-1004\..\Run: [789:;<=>?@ABCDEFGHIJexe] ,-./0123456789:;<=>?@ABCDEFGHIJexe (User 'Matt')
O4 - HKUS\S-1-5-21-1085031214-484763869-725345543-1004\..\Run: [3456789:;<=>?@ABCDEFexe] ()*+,-./0123456789:;<=>?@ABCDEFexe (User 'Matt')
O4 - HKUS\S-1-5-21-1085031214-484763869-725345543-1004\..\Run: [+,-./0123456789:;<=>exe] !"#$%&'()*+,-./0123456789:;<=>exe (User 'Matt')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O20 - Winlogon Notify: ddcCVpml - ddcCVpml.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
--
End of file - 7015 bytes

That is the list of programs installed.




Adobe Flash Player 9 ActiveX
Adobe Reader 8
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
Apple Mobile Device Support
Apple Software Update
BCM V.92 56K Modem
Bonjour
Compatibility Pack for the 2007 Office system
ContextTool
Dell Photo AIO Printer 924
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Intel(R) PRO Network Adapters and Drivers
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
Linksys Wireless-G USB Network Adapter
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word Viewer 2003
Mozilla Firefox (3.0)
NVIDIA Windows 2000/XP Display Drivers
OpenOffice.org 2.0
PlayMP3z
QuickTime
RegCure 1.5.0.1
Rhapsody
Security Update for Excel 2007 (KB946974)
Security Update for Excel 2007 (KB946974)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB947801)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Visio 2007 (KB947590)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Trend Micro PC-cillin Internet Security 2007
Trend Micro PC-cillin Internet Security 2007
Update for Office 2007 (KB932080)
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb950378)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Windows Installer 3.1 (KB893803)
Windows Live OneCare safety scanner
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WordPerfect Office 11
Yahoo! Toolbar

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

I can not get on to that website to download it. It keeps bringing me to a page that says "page cannot be displayed".

Download and Run ComboFix
Please download an updated copy from one of the links below



ComboFix.exe 1 (http://subs.geekstogo.com/ComboFix.exe)
ComboFix.exe 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
ComboFix.exe 3 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)


You must download it to and run it from your Desktop

Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

Double click combofix.exe & follow the prompts.

When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log

Re-enable all the programs that were disabled during the running of ComboFix..



Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
ComboFix SHOULD NOT be used unless requested by a forum helper

This what keeps coming up when I click the links. I went through the steps they recomend but it still won't let me through. Ever since the hijackthis started it won't let me get on a lot of spyware or malware sites.

res://shdoclc.dll/pagerror.gifThe page cannot be displayed

The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings.res://xpsp3res.dll/xpnetdiag.gifTo attempt fixing network connectivity problems, click Tools, and then click "Diagnose Connection Problems..."
Other options to try:
<LI id=instructionsText1>Click the res://shdoclc.dll/refresh.gif (javascript:location.reload()) Refresh (javascript:location.reload()) button, or try again later.
<LI id=instructionsText2>If you typed the page address in the Address bar, make sure that it is spelled correctly.
<LI id=instructionsText3>To check your connection settings, click the Tools menu, and then click Internet Options. On the Connections tab, click Settings. The settings should match those provided by your local area network (LAN) administrator or Internet service provider (ISP). <LI id=list4>See if your Internet connection settings are being detected. You can set Microsoft Windows to examine your network and automatically discover network connection settings (if your network administrator has enabled this setting). <LI id=instructionText6>Click the Tools menu, and then click Internet Options. <LI id=instructionText7>On the Connections tab, click LAN Settings.
Select Automatically detect settings, and then click OK.
<LI id=instructionsText5>Some sites require 128-bit connection security. Click the Help menu and then click About Internet Explorer to determine what strength security you have installed. <LI id=instructionsText4>If you are trying to reach a secure site, make sure your Security settings can support it. Click the Tools menu, and then click Internet Options. On the Advanced tab, scroll to the Security section and check settings for SSL 2.0, SSL 3.0, TLS 1.0, PCT 1.0.
Click the res://shdoclc.dll/back.gif Back (javascript:history.back(1)) button to try another link.


Cannot find server or DNS Error
Internet Explorer

OK, please try this first, and then try the ComboFix download

Restore Host File

Download HostsXpert v4.1 (http://www.funkytoad.com/download/HostsXpert.zip) and unzip it to your desktop.

Double click on HostsXpert.exe to launch the program.
Click on Restore MS Hosts File to restore your Hosts file to its default condition.
Click on Make ReadOnly to secure it against further infection. (unless you plan to use another host file)
Exit the program.


Visit the Website (http://www.funkytoad.com/content/view/13/31/) for more information.

Ok, i tried that but i am still getting the same thing.

Right, let's be tricky :bigggrin:

Download ComboFix from Here (Link Removed)



You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during the running of ComboFix..



Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
ComboFix SHOULD NOT be used unless requested by a forum helper

Alright now i have it downloaded to my desktop but when i double click on it nothing happens. The hour glass shows up for a few seconds and then nothing.

Download and Run SD Fix

Please download SDFix (link removed) (http://neoshine.co.uk/mina/Downloads/SDFix.exe) and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F5 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.



Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log






Download and Run ComboFix
Please delete the copy of ComboFix that you have and download an updated copy from one of the links below


Link Removed
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during the running of ComboFix..



Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
ComboFix SHOULD NOT be used unless requested by a forum helper

Here is the SDfix log

SDFix: Version 1.204
Run by Matt on Fri 07/11/2008 at 14:18
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\****\Desktop\SDFix
Checking Services :
Name :
clbdriver
Path :
\??\globalroot\systemroot\system32\drivers\vmdesched.sys
clbdriver - Deleted

Restoring Default Security Values
Restoring Default Hosts File
Rebooting

Checking Files :
Trojan Files Found:
C:\Documents and Settings\User\Favorites\Error Cleaner.url - Deleted
C:\Documents and Settings\User\Favorites\Privacy Protector.url - Deleted
C:\Documents and Settings\User\Favorites\Spyware&Malware Protection.url - Deleted
C:\WINDOWS\smdat32a.sys - Deleted
C:\WINDOWS\system32\service.exe - Deleted

Folder C:\WINDOWS\system32\931928 - Removed

Removing Temp Files
ADS Check :


Final Check :

Remaining Services :


Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\BitDownload\\BitDownload.exe"="C:\\Program Files\\BitDownload\\BitDownload.exe:*:Enabled:Warez3"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :

File Backups: - C:\DOCUME~1\****\Desktop\SDFix\backups\backups.zip
Files with Hidden Attributes :
Sat 16 Aug 2003 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 21 Jul 2004 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
Wed 21 Jul 2004 48 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
Sat 3 Mar 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"
Fri 11 Jul 2008 265,495 A..H. --- "C:\Documents and Settings\User\Desktop\ComboFix.exe"
Wed 31 Aug 2005 3,661,408 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP216\A0075616.exe"
Wed 7 Sep 2005 3,679,896 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP216\A0075617.exe"
Fri 16 Sep 2005 366,204 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP216\A0075618.exe"
Wed 28 Sep 2005 487,384 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP216\A0075619.exe"
Mon 10 Oct 2005 3,784,507 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP216\A0075620.exe"
Wed 26 Oct 2005 3,841,248 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP216\A0075621.exe"
Sat 5 Nov 2005 227,504 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP216\A0075622.exe"
Sat 19 Nov 2005 261,085 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP216\A0075623.exe"
Mon 1 Oct 2007 90,112 A..H. --- "C:\System Volume Information\_restore{A7D09120-E8D8-460C-AC40-D5E66B1C701F}\RP248\A0088829.DLL"
Sat 4 Feb 2006 4,200,936 A..H. --- "C:\System Volume Information\_restore{A7D09120-E8D8-460C-AC40-D5E66B1C701F}\RP301\A0103458.exe"
Tue 4 Apr 2006 186,624 A..H. --- "C:\System Volume Information\_restore{A7D09120-E8D8-460C-AC40-D5E66B1C701F}\RP301\A0103460.exe"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del3.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del4.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del44B7.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del44B8.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del5.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del67BE.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del6D03.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del6D04.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del72DD.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del72DE.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del7EA2.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del8AEC.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del90E6.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del942A.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del942B.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del942C.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del942D.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del942E.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del942F.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del98F0.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del98F1.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del98F2.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del98F3.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del9CF5.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelA238.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelA239.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelA23A.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelA23B.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelA23C.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelA23D.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelAA82.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelAA83.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelAA84.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelAA85.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelAAC6.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelAAC7.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelAAC8.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelAB49.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelBA97.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelBA98.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelBA99.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelC19A.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelC19B.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelCB1C.tmp"
Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelCB1D.tmp"
Tue 1 Jul 2008 1,713,921 ..SH. --- "C:\Documents and Settings\Matt\Local Settings\Temp\nnipdisj.tmp"
Tue 18 Oct 2005 9,352,392 A..H. --- "C:\Documents and Settings\Matt Hayes\Local Settings\Temp\BIT3A.tmp"
Wed 6 Apr 2005 218 A..H. --- "C:\Documents and Settings\Matt Hayes\Local Settings\Temp\e.dll"
Wed 6 Apr 2005 218 A..H. --- "C:\Documents and Settings\Matt Hayes\Local Settings\Temp\z41t.dll"
Tue 21 Dec 2004 552 A..H. --- "C:\Documents and Settings\Peter Hayes\Local Settings\Temp\bvd.dll"
Sun 13 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT6.tmp"
Mon 1 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\14a2354517107bc1d6b9d1d0c325d0d8\BIT4.tmp"
Sun 13 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT4.tmp"
Sun 13 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT8.tmp"
Sun 13 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b04031f0b83ee952189dd8beb4ee929a\BIT3.tmp"
Fri 11 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b5ceb6274f4d7fd206d6adab3df8e834\BIT5.tmp"
Sun 13 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813\BIT7.tmp"
Mon 1 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c8e1092e4a07bde9d108020eaac84239\BIT3.tmp"
Fri 11 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d7694bef8bd7032a201cda9934644640\BIT3.tmp"
Sun 13 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT9.tmp"
Fri 11 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e3ae0283cc5a5b1aa1e0729354e5096d\BIT4.tmp"
Sun 13 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa6c916bb150f8a929e7a4ffdfbc120f\BIT5.tmp"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BITC.tmp"
Sat 16 Aug 2003 4,348 ...H. --- "C:\Documents and Settings\Matt Hayes\My Documents\My Music\License Backup\drmv1key.bak"
Thu 30 Dec 2004 20 A..H. --- "C:\Documents and Settings\Matt Hayes\My Documents\My Music\License Backup\drmv1lic.bak"
Wed 21 Jul 2004 400 ...H. --- "C:\Documents and Settings\Matt Hayes\My Documents\My Music\License Backup\drmv2key.bak"
Thu 30 Dec 2004 1,536 A..H. --- "C:\Documents and Settings\Matt Hayes\My Documents\My Music\License Backup\drmv2lic.bak"
Sat 3 Mar 2007 4,348 ...H. --- "C:\Documents and Settings\User\My Documents\My Music\License Backup\drmv1key.bak"
Sat 3 Mar 2007 20 A..H. --- "C:\Documents and Settings\User\My Documents\My Music\License Backup\drmv1lic.bak"
Sat 3 Mar 2007 400 ...H. --- "C:\Documents and Settings\User\My Documents\My Music\License Backup\drmv2key.bak"
Sat 3 Mar 2007 1,536 A..H. --- "C:\Documents and Settings\User\My Documents\My Music\License Backup\drmv2lic.bak"
Tue 8 Oct 2002 106,496 A..H. --- "C:\Program Files\Common Files\aolshare\shell\us\shellext.dll"
Sat 3 Mar 2007 4,348 ...H. --- "C:\Documents and Settings\User\Application Data\Real\rhapsody\wmlicbackup\drmv1key.bak"
Sun 18 Mar 2007 20 A..H. --- "C:\Documents and Settings\User\Application Data\Real\rhapsody\wmlicbackup\drmv1lic.bak"
Sat 3 Mar 2007 400 ...H. --- "C:\Documents and Settings\User\Application Data\Real\rhapsody\wmlicbackup\drmv2key.bak"
Sun 18 Mar 2007 1,536 A..H. --- "C:\Documents and Settings\User\Application Data\Real\rhapsody\wmlicbackup\drmv2lic.bak"
Sat 16 Aug 2003 4,348 A..H. --- "C:\Documents and Settings\User\My Documents\Matt's My Documents\My Music\License Backup\drmv1key.bak"
Thu 30 Dec 2004 20 A..H. --- "C:\Documents and Settings\User\My Documents\Matt's My Documents\My Music\License Backup\drmv1lic.bak"
Wed 21 Jul 2004 400 A..H. --- "C:\Documents and Settings\User\My Documents\Matt's My Documents\My Music\License Backup\drmv2key.bak"
Thu 30 Dec 2004 1,536 A..H. --- "C:\Documents and Settings\User\My Documents\Matt's My Documents\My Music\License Backup\drmv2lic.bak"
Fri 20 May 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Fri 20 May 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Fri 20 May 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp"
Fri 20 May 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"
Finished!

An the HJT log



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:33:10, on 7/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
O2 - BHO: (no name) - {5FC728BE-EBA3-4076-A401-2EEA7DB4B217} - C:\WINDOWS\system32\cbXNDTMc.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [100d4d65] rundll32.exe "C:\WINDOWS\system32\uiadpxxh.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
--
End of file - 5867 bytes

I was able to download the combo fix, but when i try to open it i get an error that says "some installation files are corrupt. Please download a fresh copy and retry the installation". I've deleted it and tryed to download it 3 times but it keeps bringing up that error.

Fix With HJT

Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines IF still present
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
O2 - BHO: (no name) - {5FC728BE-EBA3-4076-A401-2EEA7DB4B217} - C:\WINDOWS\system32\cbXNDTMc.dll (file missing)
O4 - HKLM\..\Run: [100d4d65] rundll32.exe "C:\WINDOWS\system32\uiadpxxh.dll",b
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase5036.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis



Let's see if you can access the main site for ComboFix now



Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

ComboFix 08-07-11.1 - **** 2008-07-12 0:52:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.188 [GMT -5:00]
Running from: C:\Documents and Settings\****\Desktop\bghg.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Amber Hayes\Local Settings\Temporary Internet Files\temp.dmf
C:\Documents and Settings\User\Start Menu\Programs\PlayMP3z
C:\Documents and Settings\User\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk
C:\Program Files\ContextTool
C:\Program Files\ContextTool\pcre3.dll
C:\Program Files\ContextTool\uninstall.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\enpq.exe
C:\WINDOWS\Fonts\acrsec.fon
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\clbdll.dll
C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\cMTDNXbc.ini
C:\WINDOWS\system32\cMTDNXbc.ini2
C:\WINDOWS\system32\drivers\clbdriver.sys
C:\WINDOWS\system32\FgQAHkkj.ini
C:\WINDOWS\system32\FgQAHkkj.ini2
C:\WINDOWS\system32\hxxpdaiu.ini
C:\WINDOWS\system32\lqktwjlt.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\oxyuwjmu.ini
C:\WINDOWS\system32\pavmosne.ini
C:\WINDOWS\system32\pfntpkul.ini
C:\WINDOWS\system32\uiadpxxh.dll
C:\WINDOWS\system32\yeocstgu.ini
.
((((((((((((((((((((((((( Files Created from 2008-06-12 to 2008-07-12 )))))))))))))))))))))))))))))))
.
2008-07-11 14:12 . 2008-07-11 14:12 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-11 13:59 . 2008-07-09 11:52 <DIR> d-------- C:\SDFix
2008-07-10 00:41 . 2008-07-10 00:41 <DIR> d--h----- C:\WINDOWS\PIF
2008-07-09 12:48 . 2008-07-09 14:46 <DIR> d-------- C:\Documents and Settings\****\Application Data\OpenOffice.org2
2008-07-07 13:05 . 2008-07-08 13:08 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-07-07 12:44 . 2008-07-07 12:44 2,946 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-07 12:42 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-07 12:42 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-07 12:42 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-07 12:42 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-07 12:42 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-07 12:42 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-07 12:42 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-07 12:42 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-07 12:42 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-07 11:29 . 2008-07-07 11:29 <DIR> d---s---- C:\Documents and Settings\****\UserData
2008-07-07 06:26 . 2008-07-07 06:27 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-07-07 04:32 . 2008-07-07 04:32 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-07-04 16:12 . 2008-07-04 16:12 <DIR> d-------- C:\Program Files\RegCure
2008-07-04 16:06 . 2008-07-04 16:07 <DIR> d-------- C:\Documents and Settings\****\Application Data\MSN6
2008-07-04 13:31 . 2008-07-04 13:31 <DIR> d-------- C:\Documents and Settings\****\Application Data\Yahoo!
2008-07-04 13:24 . 2008-07-07 11:29 <DIR> d-------- C:\Documents and Settings\****
2008-07-04 12:49 . 2008-07-04 12:49 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-03 13:08 . 2008-07-03 13:08 <DIR> d-------- C:\Documents and Settings\User\Application Data\TmpRecentIcons
2008-07-01 13:45 . 2008-07-02 04:01 1,282 --ahs---- C:\WINDOWS\system32\frojidme.ini
2008-07-01 04:01 . 2001-08-23 10:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-11 17:51 --------- d-----w C:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-07-07 13:38 --------- d-----w C:\Program Files\Trend Micro
2008-07-03 19:41 --------- d-----w C:\Program Files\DivX
2008-07-03 19:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-03 18:14 --------- d-----w C:\Documents and Settings\Matt\Application Data\OpenOffice.org2
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 08:01 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-05-14 19:28 --------- d-----w C:\Documents and Settings\Matt\Application Data\Leadertech
2008-05-14 19:28 --------- d-----w C:\Documents and Settings\Matt\Application Data\AdobeUM
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-03-14 14:59 4493312]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-01-23 15:26 3429904]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-04-03 20:30 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R2 WUSB54Gv4SVC;WUSB54Gv4SVC;C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54Gv4.exe []
*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
"2008-07-12 06:00:00 C:\WINDOWS\Tasks\AA0CD060918B4A4C.job"
- c:\docume~1\user\applic~1\eggsme~1\Peakeachchic.exe
"2008-06-28 23:35:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-12 06:02:16 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-07-10 08:00:00 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 01:03:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-07-12 1:08:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-12 06:08:06
Pre-Run: 53,975,293,952 bytes free
Post-Run: 56,123,117,568 bytes free
150 --- E O F --- 2008-07-11 08:02:06

That looks better :)
How are things running now ?






Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary and let the database download.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.


Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


Please post the Kaspersky log in your reply

Whilst we appreciate that you may be busy, it has been 7 days or more since we heard from you. This topic is now closed.

Infections can change and fresh instructions will now need to be given. If you wish to reopen your topic, please send a Private Message (PM) to Trogan (http://icrontic.com/forum/private.php?do=newpm&u=2703) with a link to your thread.

If you are not the user who started this thread, you must start your own Thread (http://icrontic.com/forum/newthread.php?do=newthread&f=57) instead :)