Hijackthis

I am having a problem when i use a search engine is always brings me to asiuoqgusdbaksd.com. I tryed to clean up my computer with Trend Micro PC but it says it doesn't find any viruses. My firefox quit working also. I am empty the temp internet files and stuff but I'm not sure what else to do.

Comments

  • edited July 2008
    Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

    If you think you have similar problems, please post a log in the HJT forum and wait for help.

    Hello and welcome to the forums

    My name is Katana and I will be helping you to remove any infection(s) that you may have.

    Please observe these rules while we work:
    1. If you don't know, stop and ask! Don't keep going on.
    2. Please reply to this thread. Do not start a new topic.
    3. Please continue to respond until I give you the "All Clear"
    (Just because you can't see a problem doesn't mean it isn't there)

    If you can do those three things, everything should go smoothly :D

    Please Note, your security programs may give warnings for some of the tools I will ask you to use.
    Be assured, any links I give are safe



    Click here to download HJTinstall.exe
    • Save HJTinstall.exe to your desktop.
    • Double click on the HJTinstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\Hijack This.
    • Click I accept
    • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    • Click Save to save the log file and then the log will open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.



    Installed Programs

    Please could you give me a list of the programs that are installed.
    • Start HijackThis
    • Click on the Misc Tools button
    • Click on the Open Uninstall Manager button.

    You will see a list with the programs installed in your computer.
    Click on save list button and specify where you would like to save this file.
    When you press Save button a notepad will open with the contents of that file.
    Simply copy and paste the contents of that notepad into your next post.
  • edited July 2008
    Here is the log.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 03:12:17, on 7/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
    O2 - BHO: (no name) - {37F0C601-C555-491B-BDEE-EAAD0BB7A31A} - C:\WINDOWS\system32\ddcCVpml.dll (file missing)
    O2 - BHO: 931928 helper - {5F6D7A37-A3D1-47F1-920D-3F48370D509B} - (no file)
    O2 - BHO: (no name) - {5FC728BE-EBA3-4076-A401-2EEA7DB4B217} - C:\WINDOWS\system32\cbXNDTMc.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [MDNS] C:\WINDOWS\system32\service.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [100d4d65] rundll32.exe "C:\WINDOWS\system32\uiadpxxh.dll",b
    O4 - HKLM\..\RunOnce: [TSC] "C:\PROGRA~1\TRENDM~1\INTERN~1\tsc.exe" /HD
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-21-1085031214-484763869-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Matt')
    O4 - HKUS\S-1-5-21-1085031214-484763869-725345543-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Matt')
    O4 - HKUS\S-1-5-21-1085031214-484763869-725345543-1004\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Matt')
    O4 - HKUS\S-1-5-21-1085031214-484763869-725345543-1004\..\Run: [789:;<=>?@ABCDEFGHIJexe] ,-./0123456789:;<=>?@ABCDEFGHIJexe (User 'Matt')
    O4 - HKUS\S-1-5-21-1085031214-484763869-725345543-1004\..\Run: [3456789:;<=>?@ABCDEFexe] ()*+,-./0123456789:;<=>?@ABCDEFexe (User 'Matt')
    O4 - HKUS\S-1-5-21-1085031214-484763869-725345543-1004\..\Run: [+,-./0123456789:;<=>exe] !"#$%&'()*+,-./0123456789:;<=>exe (User 'Matt')
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
    O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
    O20 - Winlogon Notify: ddcCVpml - ddcCVpml.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    --
    End of file - 7015 bytes
  • edited July 2008
    That is the list of programs installed.




    Adobe Flash Player 9 ActiveX
    Adobe Reader 8
    Adobe Shockwave Player
    Adobe® Photoshop® Album Starter Edition 3.0
    Apple Mobile Device Support
    Apple Software Update
    BCM V.92 56K Modem
    Bonjour
    Compatibility Pack for the 2007 Office system
    ContextTool
    Dell Photo AIO Printer 924
    HijackThis 2.0.2
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Intel(R) PRO Network Adapters and Drivers
    iTunes
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 6
    Linksys Wireless-G USB Network Adapter
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional 2007
    Microsoft Office Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Office Word Viewer 2003
    Mozilla Firefox (3.0)
    NVIDIA Windows 2000/XP Display Drivers
    OpenOffice.org 2.0
    PlayMP3z
    QuickTime
    RegCure 1.5.0.1
    Rhapsody
    Security Update for Excel 2007 (KB946974)
    Security Update for Excel 2007 (KB946974)
    Security Update for Microsoft Office Publisher 2007 (KB950114)
    Security Update for Microsoft Office system 2007 (KB951808)
    Security Update for Microsoft Office system 2007 (KB951808)
    Security Update for Microsoft Office Word 2007 (KB950113)
    Security Update for Microsoft Office Word 2007 (KB950113)
    Security Update for Office 2007 (KB934062)
    Security Update for Office 2007 (KB934062)
    Security Update for Office 2007 (KB947801)
    Security Update for Office 2007 (KB947801)
    Security Update for Outlook 2007 (KB946983)
    Security Update for the 2007 Microsoft Office System (KB936960)
    Security Update for the 2007 Microsoft Office System (KB936960)
    Security Update for Visio 2007 (KB947590)
    Security Update for Visio 2007 (KB947590)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925454)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928090)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB929969)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931768)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933566)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB937143)
    Security Update for Windows XP (KB937894)
    Security Update for Windows XP (KB938127)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB939653)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB942615)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944533)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB948881)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Trend Micro PC-cillin Internet Security 2007
    Trend Micro PC-cillin Internet Security 2007
    Update for Office 2007 (KB932080)
    Update for Office 2007 (KB932080)
    Update for Office 2007 (KB934391)
    Update for Office 2007 (KB946691)
    Update for Office 2007 (KB946691)
    Update for Outlook 2007 Junk Email Filter (kb950378)
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB932823-v3)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB942840)
    Update for Windows XP (KB946627)
    Windows Installer 3.1 (KB893803)
    Windows Live OneCare safety scanner
    Windows Media Format Runtime
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Service Pack 2
    WordPerfect Office 11
    Yahoo! Toolbar
  • edited July 2008
    Download and Run ComboFix (by sUBs)
    Please visit this webpage for instructions for downloading and running ComboFix:

    Bleeping Computer ComboFix Tutorial

    Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper
  • edited July 2008
    I can not get on to that website to download it. It keeps bringing me to a page that says "page cannot be displayed".
  • edited July 2008
    Download and Run ComboFix
    Please download an updated copy from one of the links below
      ComboFix.exe 1
      ComboFix.exe 2
      ComboFix.exe 3


      [*] You must download it to and run it from your Desktop

      [*] Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

      [*] Double click combofix.exe & follow the prompts.

      [*] When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log

      [*] Re-enable all the programs that were disabled during the running of ComboFix..



      Note:
      Do not mouse-click combofix's window while it is running. That may cause it to stall.

      CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
      ComboFix SHOULD NOT be used unless requested by a forum helper
    • edited July 2008
      This what keeps coming up when I click the links. I went through the steps they recomend but it still won't let me through. Ever since the hijackthis started it won't let me get on a lot of spyware or malware sites.

      [IMG]res://shdoclc.dll/pagerror.gif[/IMG]The page cannot be displayed

      The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings.[IMG]res://xpsp3res.dll/xpnetdiag.gif[/IMG]To attempt fixing network connectivity problems, click Tools, and then click "Diagnose Connection Problems..."
      Other options to try:
        <LI id=instructionsText1>Click the
      [URL="javascript:location.reload()"][IMG]res://shdoclc.dll/refresh.gif[/IMG][/URL] [URL="javascript:location.reload()"]Refresh[/URL] button, or try again later.
      <LI id=instructionsText2>If you typed the page address in the Address bar, make sure that it is spelled correctly.
      <LI id=instructionsText3>To check your connection settings, click the Tools menu, and then click Internet Options. On the Connections tab, click Settings. The settings should match those provided by your local area network (LAN) administrator or Internet service provider (ISP). <LI id=list4>See if your Internet connection settings are being detected. You can set Microsoft Windows to examine your network and automatically discover network connection settings (if your network administrator has enabled this setting).
        <LI id=instructionText6>Click the
      Tools menu, and then click Internet Options. <LI id=instructionText7>On the Connections tab, click LAN Settings.
      [*]Select Automatically detect settings, and then click OK.
      <LI id=instructionsText5>Some sites require 128-bit connection security. Click the Help menu and then click About Internet Explorer to determine what strength security you have installed. <LI id=instructionsText4>If you are trying to reach a secure site, make sure your Security settings can support it. Click the Tools menu, and then click Internet Options. On the Advanced tab, scroll to the Security section and check settings for SSL 2.0, SSL 3.0, TLS 1.0, PCT 1.0.
      [*]Click the [URL="javascript:history.back(1)"][IMG]res://shdoclc.dll/back.gif[/IMG] Back[/URL] button to try another link.


      Cannot find server or DNS Error
      Internet Explorer


    • edited July 2008
      OK, please try this first, and then try the ComboFix download

      Restore Host File

      Download HostsXpert v4.1 and unzip it to your desktop.
      • Double click on HostsXpert.exe to launch the program.
      • Click on Restore MS Hosts File to restore your Hosts file to its default condition.
      • Click on Make ReadOnly to secure it against further infection. (unless you plan to use another host file)
      • Exit the program.

      Visit the Website for more information.
    • edited July 2008
      Ok, i tried that but i am still getting the same thing.
    • edited July 2008
      Right, let's be tricky :bigggrin:

      Download ComboFix from Here (Link Removed)

      • You must download it to and run it from your Desktop
      • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
      • Double click combofix.exe & follow the prompts.
      • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
      • Re-enable all the programs that were disabled during the running of ComboFix..


      Note:
      Do not mouse-click combofix's window while it is running. That may cause it to stall.

      CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
      ComboFix SHOULD NOT be used unless requested by a forum helper


    • edited July 2008
      Alright now i have it downloaded to my desktop but when i double click on it nothing happens. The hour glass shows up for a few seconds and then nothing.
    • edited July 2008
      Download and Run SD Fix

      Please download SDFix (link removed) and save it to your Desktop.

      Double click SDFix.exe and it will extract the files to %systemdrive%
      (Drive that contains the Windows Directory, typically C:\SDFix)

      Please then reboot your computer in Safe Mode by doing the following :
      • Restart your computer
      • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F5 key continually;
      • Instead of Windows loading as normal, the Advanced Options Menu should appear;
      • Select the first option, to run Windows in Safe Mode, then press Enter.
      • Choose your usual account.
      • Open the extracted SDFix folder and double click RunThis.bat to start the script.
      • Type Y to begin the cleanup process.
      • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
      • Press any Key and it will restart the PC.
      • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
      • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
        (Report.txt will also be copied to Clipboard ready for posting back on the forum).
      • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log





      Download and Run ComboFix
      Please delete the copy of ComboFix that you have and download an updated copy from one of the links below
      • Link Removed
      • You must download it to and run it from your Desktop
      • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
      • Double click combofix.exe & follow the prompts.
      • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
      • Re-enable all the programs that were disabled during the running of ComboFix..


      Note:
      Do not mouse-click combofix's window while it is running. That may cause it to stall.

      CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
      ComboFix SHOULD NOT be used unless requested by a forum helper
    • edited July 2008
      Here is the SDfix log

      SDFix: Version 1.204
      Run by Matt on Fri 07/11/2008 at 14:18
      Microsoft Windows XP [Version 5.1.2600]
      Running From: C:\DOCUME~1\****\Desktop\SDFix
      Checking Services :
      Name :
      clbdriver
      Path :
      \??\globalroot\systemroot\system32\drivers\vmdesched.sys
      clbdriver - Deleted

      Restoring Default Security Values
      Restoring Default Hosts File
      Rebooting

      Checking Files :
      Trojan Files Found:
      C:\Documents and Settings\User\Favorites\Error Cleaner.url - Deleted
      C:\Documents and Settings\User\Favorites\Privacy Protector.url - Deleted
      C:\Documents and Settings\User\Favorites\Spyware&Malware Protection.url - Deleted
      C:\WINDOWS\smdat32a.sys - Deleted
      C:\WINDOWS\system32\service.exe - Deleted

      Folder C:\WINDOWS\system32\931928 - Removed

      Removing Temp Files
      ADS Check :


      Final Check :

      Remaining Services :


      Authorized Application Key Export:
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
      "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
      "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
      "C:\\Program Files\\BitDownload\\BitDownload.exe"="C:\\Program Files\\BitDownload\\BitDownload.exe:*:Enabled:Warez3"
      "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
      "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
      "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
      "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
      "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
      "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
      Remaining Files :

      File Backups: - C:\DOCUME~1\****\Desktop\SDFix\backups\backups.zip
      Files with Hidden Attributes :
      Sat 16 Aug 2003 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
      Wed 21 Jul 2004 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
      Wed 21 Jul 2004 48 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
      Sat 3 Mar 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"
      Fri 11 Jul 2008 265,495 A..H. --- "C:\Documents and Settings\User\Desktop\ComboFix.exe"
      Wed 31 Aug 2005 3,661,408 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP216\A0075616.exe"
      Wed 7 Sep 2005 3,679,896 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP216\A0075617.exe"
      Fri 16 Sep 2005 366,204 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP216\A0075618.exe"
      Wed 28 Sep 2005 487,384 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP216\A0075619.exe"
      Mon 10 Oct 2005 3,784,507 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP216\A0075620.exe"
      Wed 26 Oct 2005 3,841,248 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP216\A0075621.exe"
      Sat 5 Nov 2005 227,504 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP216\A0075622.exe"
      Sat 19 Nov 2005 261,085 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP216\A0075623.exe"
      Mon 1 Oct 2007 90,112 A..H. --- "C:\System Volume Information\_restore{A7D09120-E8D8-460C-AC40-D5E66B1C701F}\RP248\A0088829.DLL"
      Sat 4 Feb 2006 4,200,936 A..H. --- "C:\System Volume Information\_restore{A7D09120-E8D8-460C-AC40-D5E66B1C701F}\RP301\A0103458.exe"
      Tue 4 Apr 2006 186,624 A..H. --- "C:\System Volume Information\_restore{A7D09120-E8D8-460C-AC40-D5E66B1C701F}\RP301\A0103460.exe"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del3.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del4.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del44B7.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del44B8.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del5.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del67BE.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del6D03.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del6D04.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del72DD.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del72DE.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del7EA2.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del8AEC.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del90E6.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del942A.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del942B.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del942C.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del942D.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del942E.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del942F.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del98F0.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del98F1.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del98F2.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del98F3.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\Del9CF5.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelA238.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelA239.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelA23A.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelA23B.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelA23C.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelA23D.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelAA82.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelAA83.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelAA84.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelAA85.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelAAC6.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelAAC7.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelAAC8.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelAB49.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelBA97.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelBA98.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelBA99.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelC19A.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelC19B.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelCB1C.tmp"
      Tue 6 Jul 2004 0 A..H. --- "C:\Documents and Settings\Darla Hayes\Local Settings\Temp\DelCB1D.tmp"
      Tue 1 Jul 2008 1,713,921 ..SH. --- "C:\Documents and Settings\Matt\Local Settings\Temp\nnipdisj.tmp"
      Tue 18 Oct 2005 9,352,392 A..H. --- "C:\Documents and Settings\Matt Hayes\Local Settings\Temp\BIT3A.tmp"
      Wed 6 Apr 2005 218 A..H. --- "C:\Documents and Settings\Matt Hayes\Local Settings\Temp\e.dll"
      Wed 6 Apr 2005 218 A..H. --- "C:\Documents and Settings\Matt Hayes\Local Settings\Temp\z41t.dll"
      Tue 21 Dec 2004 552 A..H. --- "C:\Documents and Settings\Peter Hayes\Local Settings\Temp\bvd.dll"
      Sun 13 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT6.tmp"
      Mon 1 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\14a2354517107bc1d6b9d1d0c325d0d8\BIT4.tmp"
      Sun 13 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT4.tmp"
      Sun 13 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT8.tmp"
      Sun 13 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b04031f0b83ee952189dd8beb4ee929a\BIT3.tmp"
      Fri 11 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b5ceb6274f4d7fd206d6adab3df8e834\BIT5.tmp"
      Sun 13 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813\BIT7.tmp"
      Mon 1 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c8e1092e4a07bde9d108020eaac84239\BIT3.tmp"
      Fri 11 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d7694bef8bd7032a201cda9934644640\BIT3.tmp"
      Sun 13 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT9.tmp"
      Fri 11 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e3ae0283cc5a5b1aa1e0729354e5096d\BIT4.tmp"
      Sun 13 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa6c916bb150f8a929e7a4ffdfbc120f\BIT5.tmp"
      Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BITC.tmp"
      Sat 16 Aug 2003 4,348 ...H. --- "C:\Documents and Settings\Matt Hayes\My Documents\My Music\License Backup\drmv1key.bak"
      Thu 30 Dec 2004 20 A..H. --- "C:\Documents and Settings\Matt Hayes\My Documents\My Music\License Backup\drmv1lic.bak"
      Wed 21 Jul 2004 400 ...H. --- "C:\Documents and Settings\Matt Hayes\My Documents\My Music\License Backup\drmv2key.bak"
      Thu 30 Dec 2004 1,536 A..H. --- "C:\Documents and Settings\Matt Hayes\My Documents\My Music\License Backup\drmv2lic.bak"
      Sat 3 Mar 2007 4,348 ...H. --- "C:\Documents and Settings\User\My Documents\My Music\License Backup\drmv1key.bak"
      Sat 3 Mar 2007 20 A..H. --- "C:\Documents and Settings\User\My Documents\My Music\License Backup\drmv1lic.bak"
      Sat 3 Mar 2007 400 ...H. --- "C:\Documents and Settings\User\My Documents\My Music\License Backup\drmv2key.bak"
      Sat 3 Mar 2007 1,536 A..H. --- "C:\Documents and Settings\User\My Documents\My Music\License Backup\drmv2lic.bak"
      Tue 8 Oct 2002 106,496 A..H. --- "C:\Program Files\Common Files\aolshare\shell\us\shellext.dll"
      Sat 3 Mar 2007 4,348 ...H. --- "C:\Documents and Settings\User\Application Data\Real\rhapsody\wmlicbackup\drmv1key.bak"
      Sun 18 Mar 2007 20 A..H. --- "C:\Documents and Settings\User\Application Data\Real\rhapsody\wmlicbackup\drmv1lic.bak"
      Sat 3 Mar 2007 400 ...H. --- "C:\Documents and Settings\User\Application Data\Real\rhapsody\wmlicbackup\drmv2key.bak"
      Sun 18 Mar 2007 1,536 A..H. --- "C:\Documents and Settings\User\Application Data\Real\rhapsody\wmlicbackup\drmv2lic.bak"
      Sat 16 Aug 2003 4,348 A..H. --- "C:\Documents and Settings\User\My Documents\Matt's My Documents\My Music\License Backup\drmv1key.bak"
      Thu 30 Dec 2004 20 A..H. --- "C:\Documents and Settings\User\My Documents\Matt's My Documents\My Music\License Backup\drmv1lic.bak"
      Wed 21 Jul 2004 400 A..H. --- "C:\Documents and Settings\User\My Documents\Matt's My Documents\My Music\License Backup\drmv2key.bak"
      Thu 30 Dec 2004 1,536 A..H. --- "C:\Documents and Settings\User\My Documents\Matt's My Documents\My Music\License Backup\drmv2lic.bak"
      Fri 20 May 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
      Fri 20 May 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
      Fri 20 May 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp"
      Fri 20 May 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"
      Finished!

      An the HJT log



      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 14:33:10, on 7/11/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal
      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
      C:\WINDOWS\System32\svchost.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
      C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
      C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
      C:\WINDOWS\system32\WgaTray.exe
      C:\WINDOWS\Explorer.EXE
      C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
      C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
      O2 - BHO: (no name) - {5FC728BE-EBA3-4076-A401-2EEA7DB4B217} - C:\WINDOWS\system32\cbXNDTMc.dll (file missing)
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [100d4d65] rundll32.exe "C:\WINDOWS\system32\uiadpxxh.dll",b
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
      O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
      O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
      O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
      O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
      O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
      O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
      --
      End of file - 5867 bytes
    • edited July 2008
      I was able to download the combo fix, but when i try to open it i get an error that says "some installation files are corrupt. Please download a fresh copy and retry the installation". I've deleted it and tryed to download it 3 times but it keeps bringing up that error.
    • edited July 2008
      Fix With HJT

      Close all other windows and then start HiJack This
      Click Do A System Scan Only
      When it has finished scanning put a check next to the following lines IF still present
      O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
      O2 - BHO: (no name) - {5FC728BE-EBA3-4076-A401-2EEA7DB4B217} - C:\WINDOWS\system32\cbXNDTMc.dll (file missing)
      O4 - HKLM\..\Run: [100d4d65] rundll32.exe "C:\WINDOWS\system32\uiadpxxh.dll",b
      O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase5036.cab
      O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
      - Close ALL open windows (especially Internet Explorer!)-
      Now click Fix checked
      Click yes to any prompts
      Close HijackThis



      Let's see if you can access the main site for ComboFix now



      Download and Run ComboFix (by sUBs)
      Please visit this webpage for instructions for downloading and running ComboFix:

      Bleeping Computer ComboFix Tutorial

      Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

      A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
      ComboFix SHOULD NOT be used unless requested by a forum helper
    • edited July 2008
      ComboFix 08-07-11.1 - **** 2008-07-12 0:52:17.1 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.188 [GMT -5:00]
      Running from: C:\Documents and Settings\****\Desktop\bghg.exe
      * Created a new restore point
      WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      C:\Documents and Settings\Amber Hayes\Local Settings\Temporary Internet Files\temp.dmf
      C:\Documents and Settings\User\Start Menu\Programs\PlayMP3z
      C:\Documents and Settings\User\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk
      C:\Program Files\ContextTool
      C:\Program Files\ContextTool\pcre3.dll
      C:\Program Files\ContextTool\uninstall.exe
      C:\WINDOWS\cookies.ini
      C:\WINDOWS\enpq.exe
      C:\WINDOWS\Fonts\acrsec.fon
      C:\WINDOWS\Fonts\acrsecB.fon
      C:\WINDOWS\Fonts\acrsecI.fon
      C:\WINDOWS\smdat32m.sys
      C:\WINDOWS\system32\clbdll.dll
      C:\WINDOWS\system32\clbinit.dll
      C:\WINDOWS\system32\cMTDNXbc.ini
      C:\WINDOWS\system32\cMTDNXbc.ini2
      C:\WINDOWS\system32\drivers\clbdriver.sys
      C:\WINDOWS\system32\FgQAHkkj.ini
      C:\WINDOWS\system32\FgQAHkkj.ini2
      C:\WINDOWS\system32\hxxpdaiu.ini
      C:\WINDOWS\system32\lqktwjlt.ini
      C:\WINDOWS\system32\mcrh.tmp
      C:\WINDOWS\system32\oxyuwjmu.ini
      C:\WINDOWS\system32\pavmosne.ini
      C:\WINDOWS\system32\pfntpkul.ini
      C:\WINDOWS\system32\uiadpxxh.dll
      C:\WINDOWS\system32\yeocstgu.ini
      .
      ((((((((((((((((((((((((( Files Created from 2008-06-12 to 2008-07-12 )))))))))))))))))))))))))))))))
      .
      2008-07-11 14:12 . 2008-07-11 14:12 <DIR> d
      C:\WINDOWS\ERUNT
      2008-07-11 13:59 . 2008-07-09 11:52 <DIR> d
      C:\SDFix
      2008-07-10 00:41 . 2008-07-10 00:41 <DIR> d--h
      C:\WINDOWS\PIF
      2008-07-09 12:48 . 2008-07-09 14:46 <DIR> d
      C:\Documents and Settings\****\Application Data\OpenOffice.org2
      2008-07-07 13:05 . 2008-07-08 13:08 <DIR> d
      C:\Program Files\Windows Live Safety Center
      2008-07-07 12:44 . 2008-07-07 12:44 2,946 --a
      C:\WINDOWS\system32\tmp.reg
      2008-07-07 12:42 . 2007-09-06 00:22 289,144 --a
      C:\WINDOWS\system32\VCCLSID.exe
      2008-07-07 12:42 . 2006-04-27 17:49 288,417 --a
      C:\WINDOWS\system32\SrchSTS.exe
      2008-07-07 12:42 . 2008-05-29 09:35 86,528 --a
      C:\WINDOWS\system32\VACFix.exe
      2008-07-07 12:42 . 2008-05-18 21:40 82,944 --a
      C:\WINDOWS\system32\IEDFix.exe
      2008-07-07 12:42 . 2008-07-02 13:33 82,432 --a
      C:\WINDOWS\system32\IEDFix.C.exe
      2008-07-07 12:42 . 2008-05-23 18:21 81,920 --a
      C:\WINDOWS\system32\404Fix.exe
      2008-07-07 12:42 . 2003-06-05 21:13 53,248 --a
      C:\WINDOWS\system32\Process.exe
      2008-07-07 12:42 . 2004-07-31 18:50 51,200 --a
      C:\WINDOWS\system32\dumphive.exe
      2008-07-07 12:42 . 2007-10-04 00:36 25,600 --a
      C:\WINDOWS\system32\WS2Fix.exe
      2008-07-07 11:29 . 2008-07-07 11:29 <DIR> d---s---- C:\Documents and Settings\****\UserData
      2008-07-07 06:26 . 2008-07-07 06:27 <DIR> d
      C:\WINDOWS\system32\NtmsData
      2008-07-07 04:32 . 2008-07-07 04:32 230 --a
      C:\WINDOWS\system32\spupdsvc.inf
      2008-07-04 16:12 . 2008-07-04 16:12 <DIR> d
      C:\Program Files\RegCure
      2008-07-04 16:06 . 2008-07-04 16:07 <DIR> d
      C:\Documents and Settings\****\Application Data\MSN6
      2008-07-04 13:31 . 2008-07-04 13:31 <DIR> d
      C:\Documents and Settings\****\Application Data\Yahoo!
      2008-07-04 13:24 . 2008-07-07 11:29 <DIR> d
      C:\Documents and Settings\****
      2008-07-04 12:49 . 2008-07-04 12:49 <DIR> d
      C:\Documents and Settings\Administrator
      2008-07-03 13:08 . 2008-07-03 13:08 <DIR> d
      C:\Documents and Settings\User\Application Data\TmpRecentIcons
      2008-07-01 13:45 . 2008-07-02 04:01 1,282 --ahs---- C:\WINDOWS\system32\frojidme.ini
      2008-07-01 04:01 . 2001-08-23 10:00 4,224 --a
      C:\WINDOWS\system32\beep.sys
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-07-11 17:51
      d
      w C:\Documents and Settings\User\Application Data\OpenOffice.org2
      2008-07-07 13:38
      d
      w C:\Program Files\Trend Micro
      2008-07-03 19:41
      d
      w C:\Program Files\DivX
      2008-07-03 19:36
      d--h--w C:\Program Files\InstallShield Installation Information
      2008-07-03 18:14
      d
      w C:\Documents and Settings\Matt\Application Data\OpenOffice.org2
      2008-06-13 13:10 272,128
      w C:\WINDOWS\system32\drivers\bthport.sys
      2008-06-10 08:01
      d
      w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
      2008-05-14 19:28
      d
      w C:\Documents and Settings\Matt\Application Data\Leadertech
      2008-05-14 19:28
      d
      w C:\Documents and Settings\Matt\Application Data\AdobeUM
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-03-14 14:59 4493312]
      "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-01-23 15:26 3429904]
      "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-04-03 20:30 413696]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
      "DisableMonitoring"=dword:00000001
      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
      "DisableMonitoring"=dword:00000001
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\StubInstaller.exe"=
      "C:\\Program Files\\LimeWire\\LimeWire.exe"=
      "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
      "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
      "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\iTunes\\iTunes.exe"=
      R2 WUSB54Gv4SVC;WUSB54Gv4SVC;C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54Gv4.exe []
      *Newly Created Service* - GTNDIS5
      .
      Contents of the 'Scheduled Tasks' folder
      "2008-07-12 06:00:00 C:\WINDOWS\Tasks\AA0CD060918B4A4C.job"
      - c:\docume~1\user\applic~1\eggsme~1\Peakeachchic.exe
      "2008-06-28 23:35:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2008-07-12 06:02:16 C:\WINDOWS\Tasks\RegCure Program Check.job"
      - C:\Program Files\RegCure\RegCure.exe
      "2008-07-10 08:00:00 C:\WINDOWS\Tasks\RegCure.job"
      - C:\Program Files\RegCure\RegCure.exe
      .
      **************************************************************************
      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-07-12 01:03:37
      Windows 5.1.2600 Service Pack 2 NTFS
      scanning hidden processes ...
      scanning hidden autostart entries ...
      scanning hidden files ...
      scan completed successfully
      hidden files: 0
      **************************************************************************
      .
      Other Running Processes
      .
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\wdfmgr.exe
      C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
      C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\system32\WgaTray.exe
      C:\WINDOWS\system32\cmd.exe
      C:\Program Files\iPod\bin\iPodService.exe
      .
      **************************************************************************
      .
      Completion time: 2008-07-12 1:08:09 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-07-12 06:08:06
      Pre-Run: 53,975,293,952 bytes free
      Post-Run: 56,123,117,568 bytes free
      150 --- E O F --- 2008-07-11 08:02:06
    • edited July 2008
      That looks better :)
      How are things running now ?






      Kaspersky Online Scanner .
      Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
      NOTE:- This scan is best done from IE (Internet Explorer)

      NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
      Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

      Read the Requirements and limitations before you click Accept.
      Allow the ActiveX download if necessary and let the database download.
      Once the database has downloaded, click My Computer in the left pane
      Now go and put the kettle on !
      When the scan has completed, click Save Report As...
      Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
      Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


      **Note**

      To optimize scanning time and produce a more sensible report for review:
      • Close any open programs.
      • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

      Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


      Please post the Kaspersky log in your reply
    • edited July 2008
      Whilst we appreciate that you may be busy, it has been 7 days or more since we heard from you. This topic is now closed.

      Infections can change and fresh instructions will now need to be given. If you wish to reopen your topic, please send a Private Message (PM) to Trogan with a link to your thread.

      If you are not the user who started this thread, you must start your own Thread instead :)
    This discussion has been closed.