Computer Hope

Software => Computer viruses and spyware => Topic started by: DANKK on May 22, 2008, 11:52:03 PM

Title: can't access certain websites
Post by: DANKK on May 22, 2008, 11:52:03 PM
Hello:
I had a spyware attack last week and since then I can't access certain websites from IE or Firefox. I can ping these sites and view from another machine. With three different programs I got rid of all the spyware (I hope). If I type the URL in the address box, it changes to google.com/search/URL and show the results. When I click the link on the results, it says "no page found". I found the hosts file has a bunch of addresses with 127.0.0.1 as IP addresses. I changed the name of the hosts file, still no luck.

I cleared the cache, cookies etc.

Any help on this would be highly appreciated.

Thanks a lot

DanK
Title: Re: can't access certain websites
Post by: evilfantasy on May 23, 2008, 12:26:25 AM
Try this.

Download  HostsXpert (http://www.funkytoad.com/content/view/13/)
.
Note: if you use SpywareBlaster, Spybot and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and select Enable all protection. For Spybot run the program and select Immunize. For IE-SPYAD, run the batch file and reinstall the protection.
Title: Re: can't access certain websites
Post by: NOT ADMIN :P on May 23, 2008, 12:27:25 AM
what firewall are you using?

What leaniancy is it set to?
Title: Re: can't access certain websites
Post by: Broni on May 23, 2008, 07:36:58 PM
What is " leaniancy"?
Title: Re: can't access certain websites
Post by: DANKK on May 23, 2008, 09:27:39 PM
Try this.

Hostsexpert is downloaded and Host file is replaced. Still can't access the sites
Title: Re: can't access certain websites
Post by: DANKK on May 23, 2008, 09:30:34 PM
what firewall are you using?

What leaniancy is it set to?

Firewall comes with XP.

Leniancy: exceptions to certain sites
Title: Re: can't access certain websites
Post by: Broni on May 23, 2008, 09:32:45 PM
Quote
Leniancy
Never heard of such a word...
Title: Re: can't access certain websites
Post by: evilfantasy on May 23, 2008, 09:49:34 PM
Click Start > Run and copy and paste the following line into the run box:
regsvr32 urlmon.dll
Press OK
Once it is completed you will get this message DllRegisterServer in urlmon.dll succeeded, repeat the above steps, but replace regsvr32 urlmon.dll with the following: (enter each line one at a time selecting OK after each)

When finished restart your computer.

How about now?
Title: Re: can't access certain websites
Post by: Broni on May 23, 2008, 10:13:48 PM
 Can you post links to some sites, you can't access?
Title: Re: can't access certain websites
Post by: DANKK on May 23, 2008, 10:52:42 PM
Click Start > Run and copy and paste the following line into the run box:
regsvr32 urlmon.dll
Press OK
Once it is completed you will get this message DllRegisterServer in urlmon.dll succeeded, repeat the above steps, but replace regsvr32 urlmon.dll with the following: (enter each line one at a time selecting OK after each)

  • regsvr32 actxprxy.dll
  • regsvr32 shdocvw.dll
  • regsvr32 mshtml.dll
  • regsvr32 browseui.dll
  • regsvr32 jscript.dll
  • regsvr32 vbscript.dll
  • regsvr32 oleaut32.dll
When finished restart your computer.

How about now?

Ran everything except regsvr32 mshtml.dll, which I got "mshtml.dll was loaded, but DllregisterServer entry point was not found. not registered" message.  Still can't access.
Title: Re: can't access certain websites
Post by: DANKK on May 23, 2008, 10:54:41 PM
Can you post links to some sites, you can't access?

didn't uderstand the question. I can visit some sites, some I can't.
Title: Re: can't access certain websites
Post by: evilfantasy on May 23, 2008, 10:59:22 PM
I've got one more idea then.....don't know.

Reset settings for Internet Explorer 6
Reset Explorer Settings IE 6 (http://www.malwarehelp.org/how-to-reset-internet-explorer-6-to.html/)

Reset Settings in Internet Explorer 7
Reset Explorer Settings IE 7 (http://blogs.msdn.com/ie/archive/2006/06/12/628499.aspx)

Clear cache in Firefox - Go to Tools > Clear Private Data...
Title: Re: can't access certain websites
Post by: DANKK on May 23, 2008, 11:23:46 PM
I've got one more idea then.....don't know.

Reset settings for Internet Explorer 6
Reset Explorer Settings IE 6 (http://www.malwarehelp.org/how-to-reset-internet-explorer-6-to.html/)

Reset Settings in Internet Explorer 7
Reset Explorer Settings IE 7 (http://blogs.msdn.com/ie/archive/2006/06/12/628499.aspx)

Clear cache in Firefox - Go to Tools > Clear Private Data...

no luck
Title: Re: can't access certain websites
Post by: Broni on May 24, 2008, 09:11:36 AM
I asked, if there is particular TYPE of web sites, you can't access.
Also, do you use Norton?
Title: Re: can't access certain websites
Post by: DANKK on May 24, 2008, 11:00:35 AM
I asked, if there is particular TYPE of web sites, you can't access.
Also, do you use Norton?
I can't access norton.com. mcafee.com. bankofamerica.com etc.
I can access computerhope.com, ebay.com, msn.com etc
some sites take me to wrong sites, eg, norton.com take me findcheapairlines.com

I use spyware doctor, Adware, CA
Title: Re: can't access certain websites
Post by: Broni on May 24, 2008, 07:08:26 PM
Quote
some sites take me to wrong sites, eg, norton.com take me findcheapairlines.com

Print these instructions out.

1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/ (http://www.superantispyware.com/)

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html (http://www.superantispyware.com/definitions.html).)
    * Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Under "Configuration and Preferences", click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
          o Close browsers before scanning.
          o Scan for tracking cookies.
          o Terminate memory threats before quarantining.
    * Click the "Close" button to leave the control center screen.
    * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under "Complete Scan", choose Perform Complete Scan.
    * Click "Next" to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    * Make sure everything has a checkmark next to it and click "Next".
    * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    * If asked if you want to reboot, click "Yes".
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
          o Click Preferences, then click the Statistics/Logs tab.
          o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
          o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
          o Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
Post SUPERAntiSpyware log.

RESTART COMPUTER!

2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

3. Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html (http://www.snapfiles.com/get/hijackthis.html)
Post HijackThis log.
Title: Re: can't access certain websites
Post by: DANKK on May 25, 2008, 02:02:46 AM
Quote
some sites take me to wrong sites, eg, norton.com take me findcheapairlines.com

Print these instructions out.

1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/ (http://www.superantispyware.com/)

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html (http://www.superantispyware.com/definitions.html).)
    * Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Under "Configuration and Preferences", click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
          o Close browsers before scanning.
          o Scan for tracking cookies.
          o Terminate memory threats before quarantining.
    * Click the "Close" button to leave the control center screen.
    * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under "Complete Scan", choose Perform Complete Scan.
    * Click "Next" to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    * Make sure everything has a checkmark next to it and click "Next".
    * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    * If asked if you want to reboot, click "Yes".
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
          o Click Preferences, then click the Statistics/Logs tab.
          o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
          o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
          o Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
Post SUPERAntiSpyware log.

RESTART COMPUTER!

2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

3. Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html (http://www.snapfiles.com/get/hijackthis.html)
Post HijackThis log.

It is not  letting me access any of these these sites.
Title: Re: can't access certain websites
Post by: Broni on May 25, 2008, 09:17:47 AM
Download those programs on other computer, and move them to yours by CD, USB stick, or so.
Title: Re: can't access certain websites
Post by: DANKK on May 28, 2008, 12:03:35 AM
Quote
some sites take me to wrong sites, eg, norton.com take me findcheapairlines.com

Print these instructions out.

1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/ (http://www.superantispyware.com/)

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html (http://www.superantispyware.com/definitions.html).)
    * Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Under "Configuration and Preferences", click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
          o Close browsers before scanning.
          o Scan for tracking cookies.
          o Terminate memory threats before quarantining.
    * Click the "Close" button to leave the control center screen.
    * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under "Complete Scan", choose Perform Complete Scan.
    * Click "Next" to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    * Make sure everything has a checkmark next to it and click "Next".
    * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    * If asked if you want to reboot, click "Yes".
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
          o Click Preferences, then click the Statistics/Logs tab.
          o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
          o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
          o Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
Post SUPERAntiSpyware log.

RESTART COMPUTER!

2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

3. Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html (http://www.snapfiles.com/get/hijackthis.html)
Post HijackThis log.

It is not  letting me access any of these these sites.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/25/2008 at 04:00 PM

Application Version : 4.1.1046

Core Rules Database Version : 3459
Trace Rules Database Version: 1450

Scan type       : Complete Scan
Total Scan Time : 02:33:11

Memory items scanned      : 245
Memory threats detected   : 0
Registry items scanned    : 6076
Registry threats detected : 0
File items scanned        : 102684
File threats detected     : 61

Adware.Tracking Cookie
   C:\Documents and Settings\DAN\Cookies\[email protected][1].txt
   C:\Documents and Settings\DAN\Cookies\[email protected][1].txt
   C:\Documents and Settings\DAN\Cookies\[email protected][1].txt
   C:\Documents and Settings\DAN\Cookies\dan@overture[1].txt
   C:\Documents and Settings\DAN\Cookies\[email protected][2].txt
   C:\Documents and Settings\DAN\Cookies\[email protected][1].txt
   C:\Documents and Settings\DAN\Cookies\dan@questionmarket[2].txt
   C:\Documents and Settings\DAN\Cookies\dan@revsci[1].txt
   C:\Documents and Settings\DAN\Cookies\dan@insightexpressai[1].txt
   C:\Documents and Settings\DAN\Cookies\[email protected][1].txt
   C:\Documents and Settings\DAN\Cookies\dan@dealtime[1].txt
   C:\Documents and Settings\DAN\Cookies\dan@tacoda[1].txt
   C:\Documents and Settings\DAN\Cookies\[email protected][1].txt
   C:\Documents and Settings\DAN\Cookies\dan@doubleclick[1].txt
   C:\Documents and Settings\DAN\Cookies\dan@apmebf[1].txt
   C:\Documents and Settings\DAN\Cookies\dan@tribalfusion[1].txt
   C:\Documents and Settings\DAN\Cookies\dan@atdmt[1].txt
   C:\Documents and Settings\DAN\Cookies\dan@atwola[1].txt
   C:\Documents and Settings\DAN\Cookies\dan@advertising[2].txt
   C:\Documents and Settings\DAN\Cookies\dan@mediaplex[1].txt
   C:\Documents and Settings\DAN\Cookies\dan@revenue[1].txt
   C:\Documents and Settings\DAN\Cookies\[email protected][1].txt
   C:\Documents and Settings\DAN\Cookies\dan@fastclick[1].txt
   C:\Documents and Settings\DAN\Cookies\dan@adrevolver[2].txt
   C:\Documents and Settings\DAN\Cookies\[email protected][2].txt
   C:\Documents and Settings\DAN\Cookies\dan@enhance[2].txt
   C:\Documents and Settings\DAN\Cookies\[email protected][1].txt

Trojan.Downloader-Gen/JLove
   C:\DOCUMENTS AND SETTINGS\DAN\MY DOCUMENTS\SCURIT~1\RUNDLL.EXE

Adware.ClickSpring
   C:\PROGRAM FILES\COMMON FILES\STEM32~1\WOWEXEC.EXE

Trojan.Fake-Drop/Gen
   C:\WINDOWS\ACCESSS.EXE
   C:\WINDOWS\CLRSSN.EXE
   C:\WINDOWS\CPAN.DLL
   C:\WINDOWS\CTFMON32.EXE
   C:\WINDOWS\DIRECTX32.EXE
   C:\WINDOWS\DNSRELAY.DLL
   C:\WINDOWS\EXPLORER32.EXE
   C:\WINDOWS\FUNNIEST.EXE
   C:\WINDOWS\FUNNY.EXE
   C:\WINDOWS\GFMNAAA.DLL
   C:\WINDOWS\HELPCVS.EXE
   C:\WINDOWS\INETINF.EXE
   C:\WINDOWS\MSSPI.DLL
   C:\WINDOWS\MSWSC10.DLL
   C:\WINDOWS\MSWSC20.DLL
   C:\WINDOWS\MTWIRL32.DLL
   C:\WINDOWS\SEARCHWORD.DLL
   C:\WINDOWS\SVCINIT.EXE
   C:\WINDOWS\TIME.EXE
   C:\WINDOWS\USERS32.EXE
   C:\WINDOWS\WIN32E.EXE
   C:\WINDOWS\WIN64.EXE
   C:\WINDOWS\WINAJBM.DLL
   C:\WINDOWS\WINMGNT.EXE
   C:\WINDOWS\X.EXE
   C:\WINDOWS\XPLUGIN.DLL
   C:\WINDOWS\Y.EXE

Trojan.Downloader-Systeem
   C:\WINDOWS\SYSTEEM.EXE

Trojan.Unknown Origin
   C:\WINDOWS\SYSTEM32\CFCWROUV.EXE
   C:\WINDOWS\SYSTEM32\MSKLMUDP.EXE
   C:\WINDOWS\SYSTEM32\UURDJLKH.EXE

Trojan.Downloader-SystemCritcial/Fake Alert
   C:\WINDOWS\SYSTEMCRITICAL.EXE


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:26 PM, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Documents and Settings\DAN\Application Data\Microsoft\dtsc\26074.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\PROGRA~1\APC\POWERC~1\server\PBESER~1.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\DAN\Application Data\Microsoft\dtsc\26074.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://goldenram.com/upgradedetect/upgradedetect.cab?9218
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) - http://www.investors.com/member/ocx/plotwon.ocx
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: nnnljkLe - nnnljkLe.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: APC PBE Server (APCPBEServer) - APC - C:\PROGRA~1\APC\POWERC~1\server\PBESER~1.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Action Script - Unknown owner - C:\WINDOWS\system32\scvhost.exe (file missing)
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: (no name) - http://www.luxurytoursofindia.com/images/kerala2.jpg

--
End of file - 8279 bytes



It is not letting me  install the second program " mbam-setup.exe". I have it on the desktop. It doesn't open.

Title: Re: can't access certain websites
Post by: Broni on May 28, 2008, 05:54:19 PM
Malwarebytes log is missing...
Title: Re: can't access certain websites
Post by: DANKK on May 28, 2008, 09:03:59 PM
Malwarebytes log is missing...
It is not running. When I double click on the setup icon nothing happens. I try to run different way, but no luck.
Title: Re: can't access certain websites
Post by: Broni on May 28, 2008, 09:46:56 PM
Maybe bad download. Try to download it again.
Title: Re: can't access certain websites
Post by: DANKK on May 28, 2008, 10:35:08 PM
Maybe bad download. Try to download it again.

I  did from two different computers. It works fine where it was copied. I copied to this machine from that, but it is not letting
me run on this. And I cannot download straight to this machine, because I can't access that site.
Any suggestions?
Title: Re: can't access certain websites
Post by: Broni on May 28, 2008, 10:38:18 PM
Let me check your HJT log....
Title: Re: can't access certain websites
Post by: Broni on May 28, 2008, 10:41:44 PM
I see some services of McAfee running. What do you have there from McAfee? Is it antivirus, and firewall?
Title: Re: can't access certain websites
Post by: Broni on May 28, 2008, 10:42:29 PM
I'm off to bed, so we'll have to continue tomorrow...
Title: Re: can't access certain websites
Post by: DANKK on May 29, 2008, 07:49:55 AM
I see some services of McAfee running. What do you have there from McAfee? Is it antivirus, and firewall?

It is antivirus. I doesn't run anymore.  Something is blocking all these from running.
Title: Re: can't access certain websites
Post by: Broni on May 29, 2008, 06:14:24 PM
Quote
It is antivirus. I doesn't run anymore.  Something is blocking all these from running.
That explains your HJT log listings. Is Windows firewall on?
I'll check HJT log.
Title: Re: can't access certain websites
Post by: Broni on May 29, 2008, 06:17:39 PM
I want you to run one more program (if it'll run)...

Download SDFix (http://downloads.andymanchesta.com/removaltools/sdfix.exe) and save it to your Desktop.

    * Run the SDFix.exe by double clicking on it.
    * Allow it to install into the default location which is c:\SDFix
    * Now please reboot your computer into Safe Mode:
      # After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
      # Instead of Windows loading as normal, the Advanced Options Menu should appear;
      # Select the first option, to run Windows in Safe Mode, then press Enter.
    * When you have booted into safe mode, open the C:\SDFix folder and double click RunThis.bat to start the script.
    * Type Y to begin the cleanup process.
    * It will remove any Trojan Services or Registry entries found and then prompt you to press any key to Reboot.
    * Press any Key and it will restart the PC.
    * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    * Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
    * Attach the Report.txt file to your next message.
Title: Re: can't access certain websites
Post by: DANKK on May 29, 2008, 11:11:36 PM
I want you to run one more program (if it'll run)...

Download SDFix (http://downloads.andymanchesta.com/removaltools/sdfix.exe) and save it to your Desktop.

    * Run the SDFix.exe by double clicking on it.
    * Allow it to install into the default location which is c:\SDFix
    * Now please reboot your computer into Safe Mode:
      # After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
      # Instead of Windows loading as normal, the Advanced Options Menu should appear;
      # Select the first option, to run Windows in Safe Mode, then press Enter.
    * When you have booted into safe mode, open the C:\SDFix folder and double click RunThis.bat to start the script.
    * Type Y to begin the cleanup process.
    * It will remove any Trojan Services or Registry entries found and then prompt you to press any key to Reboot.
    * Press any Key and it will restart the PC.
    * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    * Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
    * Attach the Report.txt file to your next message.

SDFix: Version 1.186
Run by DAN on Thu 05/29/2008 at 06:40 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Desktop Wallpaper

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\000060.exe - Deleted
C:\WINDOWS\system32\000090.exe - Deleted
C:\WINDOWS\astctl32.ocx  - Deleted
C:\WINDOWS\default.htm  - Deleted
C:\WINDOWS\hosts  - Deleted
C:\WINDOWS\rundll32.vbe  - Deleted
C:\WINDOWS\system32\drivers\hosts  - Deleted
C:\WINDOWS\system32\hljwugsf.bin  - Deleted
C:\WINDOWS\xxxvideo.hta  - Deleted





Removing Temp Files

ADS Check :
 


                                 Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware

detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 21:48:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUIL

anguages\RCV2\clb.dll]
"0"=hex:00,00,28,0a,01,00,05,00
"1"=hex:b6,00,b6,eb,2f,6b,03,cb,5a,e8,c3,ac,b9,40,38,e1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUIL

anguages\RCV2\clbcatex.dll]
"0"=hex:2a,00,3e,11,0c,00,d1,07
"1"=hex:cf,24,2a,85,a4,d7,fe,3c,03,76,96,fe,18,b6,ec,d3
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUIL

anguages\RCV2\clbcatq.dll]
"0"=hex:2a,00,3e,11,0c,00,d1,07
"1"=hex:6a,b7,9d,1d,7d,d8,1d,46,23,79,12,2a,da,6a,19,42
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot

\Minimal\vmdesched.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot

\Network\vmdesched.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\clbdriv

er]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\??\globalroot\systemroot\system32\driver

s\vmdesched.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILangu

ages\RCV2\clb.dll]
"0"=hex:00,00,28,0a,01,00,05,00
"1"=hex:b6,00,b6,eb,2f,6b,03,cb,5a,e8,c3,ac,b9,40,38,e1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILangu

ages\RCV2\clbcatex.dll]
"0"=hex:2a,00,3e,11,0c,00,d1,07
"1"=hex:cf,24,2a,85,a4,d7,fe,3c,03,76,96,fe,18,b6,ec,d3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILangu

ages\RCV2\clbcatq.dll]
"0"=hex:2a,00,3e,11,0c,00,d1,07
"1"=hex:6a,b7,9d,1d,7d,d8,1d,46,23,79,12,2a,da,6a,19,42
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Min

imal\vmdesched.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Net

work\vmdesched.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\clbdriver]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\??\globalroot\systemroot\system32\driver

s\vmdesched.sys"

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\clbImageData]
"affid"="7"
"subid"="run04"
"control"=hex:1a,00,15,13,07,11,18,1f,14,0a,49,09,4b,1a,09,50

,11,e5,f5
"prov"="10010"
"googleadserver"="pagead2.googlesyndication.com"
"flagged"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\

Shell

Extensions\Approved\{443EA021-5049-9583-E2C5-EC68521FB889}]
"famgilbokocb"=hex:68,61,6f,62,6b,61,69,6d,68,61,64,62,6f,6c,

62,6b,00,02
"famgilbokopa"=hex:68,61,6f,62,6b,61,69,6d,68,61,64,62,6f,6c,

62,6b,00,02
"faaghhcjldie"=hex:61,61,00,00

scanning hidden files ...

C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll 110080 bytes

executable
C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll 498688 bytes

executable
C:\WINDOWS\system32\drivers\vmdesched.sys 6656 bytes

executable
C:\WINDOWS\system32\clb.dll 10752 bytes executable
C:\WINDOWS\system32\clbcatex.dll 110080 bytes executable
C:\WINDOWS\system32\clbcatq.dll 498688 bytes executable
C:\WINDOWS\system32\cdosys.dll 31560 bytes executable
C:\WINDOWS\system32\clbinit.dll 1695 bytes
C:\WINDOWS\system32\dllcache\clb.dll 10752 bytes executable
C:\WINDOWS\system32\dllcache\clbcatex.dll 110080 bytes

executable
C:\WINDOWS\system32\dllcache\clbcatq.dll 498688 bytes

executable
C:\WINDOWS\$NtUninstallKB902400$\clbcatex.dll 110080 bytes

executable
C:\WINDOWS\$NtUninstallKB902400$\clbcatq.dll 501248 bytes

executable

scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 13


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shareda

ccess\parameters\firewallpolicy\standardprofile\authorizedapp

lications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmg

r.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online

9.0\\waol.exe"="C:\\Program Files\\America Online

9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program

Files\\Symantec\\pcAnywhere\\AWHOST32.EXE"="C:\\Program

Files\\Symantec\\pcAnywhere\\AWHOST32.EXE:*:Disabled:pcAnywhe

re Host Service"
"C:\\Program

Files\\Symantec\\pcAnywhere\\awrem32.exe"="C:\\Program

Files\\Symantec\\pcAnywhere\\awrem32.exe:*:Disabled:pcAnywher

e Remote Service"
"C:\\Program Files\\Common

Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common

Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common

Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common

Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program

Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network

Diagnostic\\xpnetdiag.exe"="%windir%\\Network

Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\APC\\PowerChute Business

Edition\\server\\pbeserver.exe"="C:\\Program

Files\\APC\\PowerChute Business

Edition\\server\\pbeserver.exe:*:Disabled:PowerChute Business

Edition Server"
"C:\\Program Files\\Common

Files\\AOL\\1170644168\\ee\\aolsoftware.exe"="C:\\Program

Files\\Common

Files\\AOL\\1170644168\\ee\\aolsoftware.exe:*:Enabled:AOL

Shared Components"
"C:\\Program Files\\Common

Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common

Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Google\\Google

Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google

Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program

Files\\Symantec\\pcAnywhere\\WINAW32.EXE"="C:\\Program

Files\\Symantec\\pcAnywhere\\WINAW32.EXE:*:Disabled:pcAnywher

e Main Program"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program

Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program

Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program

Files\\Bonjour\\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program

Files\\Skype\\Phone\\Skype.exe:*:Disabled:Skype"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program

Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shareda

ccess\parameters\firewallpolicy\domainprofile\authorizedappli

cations\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmg

r.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online

9.0\\waol.exe"="C:\\Program Files\\America Online

9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Common

Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common

Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common

Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common

Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"%windir%\\Network

Diagnostic\\xpnetdiag.exe"="%windir%\\Network

Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed  1 Sep 2004        54,384 A..H. --- "C:\Program

Files\America Online 9.0\aolphx.exe"
Wed  1 Sep 2004       156,784 A..H. --- "C:\Program

Files\America Online 9.0\aoltray.exe"
Wed  1 Sep 2004        31,344 A..H. --- "C:\Program

Files\America Online 9.0\RBM.exe"
Tue 20 May 2008           377 A..H. --- "C:\Program

Files\InterActual\InterActual Player\iti705.tmp"
Tue 20 May 2008           114 A..H. --- "C:\Program

Files\InterActual\InterActual Player\itiAF.tmp"
Wed 19 Apr 2006        95,892 A..H. --- "C:\Program

Files\Walgreens\Walgreens PhotoShow 4\data\Walgreens

PhotoShow Express.exe"
Thu  8 May 2008             0 A..H. ---

"C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8

c0d990dc65796\BIT5.tmp"
Wed 25 May 2005             8 A..H. --- "C:\Documents and

Settings\All Users\Application

Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Wed 25 May 2005             8 A..H. --- "C:\Documents and

Settings\All Users\Application

Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Fri 10 Jun 2005             8 A..H. --- "C:\Documents and

Settings\All Users\Application

Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp"
Fri 10 Jun 2005             8 A..H. --- "C:\Documents and

Settings\All Users\Application

Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"

Finished!


Title: Re: can't access certain websites
Post by: DANKK on June 04, 2008, 11:21:01 PM
I want you to run one more program (if it'll run)...

Download SDFix (http://downloads.andymanchesta.com/removaltools/sdfix.exe) and save it to your Desktop.

    * Run the SDFix.exe by double clicking on it.
    * Allow it to install into the default location which is c:\SDFix
    * Now please reboot your computer into Safe Mode:
      # After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
      # Instead of Windows loading as normal, the Advanced Options Menu should appear;
      # Select the first option, to run Windows in Safe Mode, then press Enter.
    * When you have booted into safe mode, open the C:\SDFix folder and double click RunThis.bat to start the script.
    * Type Y to begin the cleanup process.
    * It will remove any Trojan Services or Registry entries found and then prompt you to press any key to Reboot.
    * Press any Key and it will restart the PC.
    * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    * Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
    * Attach the Report.txt file to your next message.

SDFix: Version 1.186
Run by DAN on Thu 05/29/2008 at 06:40 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Desktop Wallpaper

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\000060.exe - Deleted
C:\WINDOWS\system32\000090.exe - Deleted
C:\WINDOWS\astctl32.ocx  - Deleted
C:\WINDOWS\default.htm  - Deleted
C:\WINDOWS\hosts  - Deleted
C:\WINDOWS\rundll32.vbe  - Deleted
C:\WINDOWS\system32\drivers\hosts  - Deleted
C:\WINDOWS\system32\hljwugsf.bin  - Deleted
C:\WINDOWS\xxxvideo.hta  - Deleted





Removing Temp Files

ADS Check :
 


                                 Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware

detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 21:48:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUIL

anguages\RCV2\clb.dll]
"0"=hex:00,00,28,0a,01,00,05,00
"1"=hex:b6,00,b6,eb,2f,6b,03,cb,5a,e8,c3,ac,b9,40,38,e1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUIL

anguages\RCV2\clbcatex.dll]
"0"=hex:2a,00,3e,11,0c,00,d1,07
"1"=hex:cf,24,2a,85,a4,d7,fe,3c,03,76,96,fe,18,b6,ec,d3
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUIL

anguages\RCV2\clbcatq.dll]
"0"=hex:2a,00,3e,11,0c,00,d1,07
"1"=hex:6a,b7,9d,1d,7d,d8,1d,46,23,79,12,2a,da,6a,19,42
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot

\Minimal\vmdesched.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot

\Network\vmdesched.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\clbdriv

er]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\??\globalroot\systemroot\system32\driver

s\vmdesched.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILangu

ages\RCV2\clb.dll]
"0"=hex:00,00,28,0a,01,00,05,00
"1"=hex:b6,00,b6,eb,2f,6b,03,cb,5a,e8,c3,ac,b9,40,38,e1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILangu

ages\RCV2\clbcatex.dll]
"0"=hex:2a,00,3e,11,0c,00,d1,07
"1"=hex:cf,24,2a,85,a4,d7,fe,3c,03,76,96,fe,18,b6,ec,d3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILangu

ages\RCV2\clbcatq.dll]
"0"=hex:2a,00,3e,11,0c,00,d1,07
"1"=hex:6a,b7,9d,1d,7d,d8,1d,46,23,79,12,2a,da,6a,19,42
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Min

imal\vmdesched.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Net

work\vmdesched.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\clbdriver]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\??\globalroot\systemroot\system32\driver

s\vmdesched.sys"

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\clbImageData]
"affid"="7"
"subid"="run04"
"control"=hex:1a,00,15,13,07,11,18,1f,14,0a,49,09,4b,1a,09,50

,11,e5,f5
"prov"="10010"
"googleadserver"="pagead2.googlesyndication.com"
"flagged"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\

Shell

Extensions\Approved\{443EA021-5049-9583-E2C5-EC68521FB889}]
"famgilbokocb"=hex:68,61,6f,62,6b,61,69,6d,68,61,64,62,6f,6c,

62,6b,00,02
"famgilbokopa"=hex:68,61,6f,62,6b,61,69,6d,68,61,64,62,6f,6c,

62,6b,00,02
"faaghhcjldie"=hex:61,61,00,00

scanning hidden files ...

C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll 110080 bytes

executable
C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll 498688 bytes

executable
C:\WINDOWS\system32\drivers\vmdesched.sys 6656 bytes

executable
C:\WINDOWS\system32\clb.dll 10752 bytes executable
C:\WINDOWS\system32\clbcatex.dll 110080 bytes executable
C:\WINDOWS\system32\clbcatq.dll 498688 bytes executable
C:\WINDOWS\system32\cdosys.dll 31560 bytes executable
C:\WINDOWS\system32\clbinit.dll 1695 bytes
C:\WINDOWS\system32\dllcache\clb.dll 10752 bytes executable
C:\WINDOWS\system32\dllcache\clbcatex.dll 110080 bytes

executable
C:\WINDOWS\system32\dllcache\clbcatq.dll 498688 bytes

executable
C:\WINDOWS\$NtUninstallKB902400$\clbcatex.dll 110080 bytes

executable
C:\WINDOWS\$NtUninstallKB902400$\clbcatq.dll 501248 bytes

executable

scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 13


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shareda

ccess\parameters\firewallpolicy\standardprofile\authorizedapp

lications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmg

r.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online

9.0\\waol.exe"="C:\\Program Files\\America Online

9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program

Files\\Symantec\\pcAnywhere\\AWHOST32.EXE"="C:\\Program

Files\\Symantec\\pcAnywhere\\AWHOST32.EXE:*:Disabled:pcAnywhe

re Host Service"
"C:\\Program

Files\\Symantec\\pcAnywhere\\awrem32.exe"="C:\\Program

Files\\Symantec\\pcAnywhere\\awrem32.exe:*:Disabled:pcAnywher

e Remote Service"
"C:\\Program Files\\Common

Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common

Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common

Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common

Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program

Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network

Diagnostic\\xpnetdiag.exe"="%windir%\\Network

Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\APC\\PowerChute Business

Edition\\server\\pbeserver.exe"="C:\\Program

Files\\APC\\PowerChute Business

Edition\\server\\pbeserver.exe:*:Disabled:PowerChute Business

Edition Server"
"C:\\Program Files\\Common

Files\\AOL\\1170644168\\ee\\aolsoftware.exe"="C:\\Program

Files\\Common

Files\\AOL\\1170644168\\ee\\aolsoftware.exe:*:Enabled:AOL

Shared Components"
"C:\\Program Files\\Common

Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common

Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Google\\Google

Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google

Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program

Files\\Symantec\\pcAnywhere\\WINAW32.EXE"="C:\\Program

Files\\Symantec\\pcAnywhere\\WINAW32.EXE:*:Disabled:pcAnywher

e Main Program"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program

Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program

Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program

Files\\Bonjour\\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program

Files\\Skype\\Phone\\Skype.exe:*:Disabled:Skype"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program

Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shareda

ccess\parameters\firewallpolicy\domainprofile\authorizedappli

cations\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmg

r.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online

9.0\\waol.exe"="C:\\Program Files\\America Online

9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Common

Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common

Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common

Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common

Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"%windir%\\Network

Diagnostic\\xpnetdiag.exe"="%windir%\\Network

Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed  1 Sep 2004        54,384 A..H. --- "C:\Program

Files\America Online 9.0\aolphx.exe"
Wed  1 Sep 2004       156,784 A..H. --- "C:\Program

Files\America Online 9.0\aoltray.exe"
Wed  1 Sep 2004        31,344 A..H. --- "C:\Program

Files\America Online 9.0\RBM.exe"
Tue 20 May 2008           377 A..H. --- "C:\Program

Files\InterActual\InterActual Player\iti705.tmp"
Tue 20 May 2008           114 A..H. --- "C:\Program

Files\InterActual\InterActual Player\itiAF.tmp"
Wed 19 Apr 2006        95,892 A..H. --- "C:\Program

Files\Walgreens\Walgreens PhotoShow 4\data\Walgreens

PhotoShow Express.exe"
Thu  8 May 2008             0 A..H. ---

"C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8

c0d990dc65796\BIT5.tmp"
Wed 25 May 2005             8 A..H. --- "C:\Documents and

Settings\All Users\Application

Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Wed 25 May 2005             8 A..H. --- "C:\Documents and

Settings\All Users\Application

Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Fri 10 Jun 2005             8 A..H. --- "C:\Documents and

Settings\All Users\Application

Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp"
Fri 10 Jun 2005             8 A..H. --- "C:\Documents and

Settings\All Users\Application

Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"

Finished!




any further hope on this before I reformat the harddrrive?
Title: Re: can't access certain websites
Post by: fauley on June 05, 2008, 11:43:46 PM
I had a similar problem, then I found his forum... try checking your "host" file... it worked for me


http://www.broadbandreports.com/forum/remark,10186774
Title: Re: can't access certain websites
Post by: Broni on June 06, 2008, 03:24:12 PM
I lost this thread, somehow. I think, I didn't get any email notification.
DANKK, if you're still there, please, update me on your computer status.
Title: Re: can't access certain websites
Post by: DANKK on June 06, 2008, 06:43:10 PM
I lost this thread, somehow. I think, I didn't get any email notification.
DANKK, if you're still there, please, update me on your computer status.
I want you to run one more program (if it'll run)...

Download SDFix (http://downloads.andymanchesta.com/removaltools/sdfix.exe) and save it to your Desktop.

    * Run the SDFix.exe by double clicking on it.
    * Allow it to install into the default location which is c:\SDFix
    * Now please reboot your computer into Safe Mode:
      # After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
      # Instead of Windows loading as normal, the Advanced Options Menu should appear;
      # Select the first option, to run Windows in Safe Mode, then press Enter.
    * When you have booted into safe mode, open the C:\SDFix folder and double click RunThis.bat to start the script.
    * Type Y to begin the cleanup process.
    * It will remove any Trojan Services or Registry entries found and then prompt you to press any key to Reboot.
    * Press any Key and it will restart the PC.
    * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    * Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
    * Attach the Report.txt file to your next message.


SDFix: Version 1.186
Run by DAN on Thu 05/29/2008 at 06:40 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Desktop Wallpaper

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\000060.exe - Deleted
C:\WINDOWS\system32\000090.exe - Deleted
C:\WINDOWS\astctl32.ocx  - Deleted
C:\WINDOWS\default.htm  - Deleted
C:\WINDOWS\hosts  - Deleted
C:\WINDOWS\rundll32.vbe  - Deleted
C:\WINDOWS\system32\drivers\hosts  - Deleted
C:\WINDOWS\system32\hljwugsf.bin  - Deleted
C:\WINDOWS\xxxvideo.hta  - Deleted





Removing Temp Files

ADS Check :
 


                                 Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware

detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 21:48:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUIL

anguages\RCV2\clb.dll]
"0"=hex:00,00,28,0a,01,00,05,00
"1"=hex:b6,00,b6,eb,2f,6b,03,cb,5a,e8,c3,ac,b9,40,38,e1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUIL

anguages\RCV2\clbcatex.dll]
"0"=hex:2a,00,3e,11,0c,00,d1,07
"1"=hex:cf,24,2a,85,a4,d7,fe,3c,03,76,96,fe,18,b6,ec,d3
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUIL

anguages\RCV2\clbcatq.dll]
"0"=hex:2a,00,3e,11,0c,00,d1,07
"1"=hex:6a,b7,9d,1d,7d,d8,1d,46,23,79,12,2a,da,6a,19,42
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot

\Minimal\vmdesched.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot

\Network\vmdesched.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\clbdriv

er]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\??\globalroot\systemroot\system32\driver

s\vmdesched.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILangu

ages\RCV2\clb.dll]
"0"=hex:00,00,28,0a,01,00,05,00
"1"=hex:b6,00,b6,eb,2f,6b,03,cb,5a,e8,c3,ac,b9,40,38,e1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILangu

ages\RCV2\clbcatex.dll]
"0"=hex:2a,00,3e,11,0c,00,d1,07
"1"=hex:cf,24,2a,85,a4,d7,fe,3c,03,76,96,fe,18,b6,ec,d3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILangu

ages\RCV2\clbcatq.dll]
"0"=hex:2a,00,3e,11,0c,00,d1,07
"1"=hex:6a,b7,9d,1d,7d,d8,1d,46,23,79,12,2a,da,6a,19,42
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Min

imal\vmdesched.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Net

work\vmdesched.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\clbdriver]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\??\globalroot\systemroot\system32\driver

s\vmdesched.sys"

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\clbImageData]
"affid"="7"
"subid"="run04"
"control"=hex:1a,00,15,13,07,11,18,1f,14,0a,49,09,4b,1a,09,50

,11,e5,f5
"prov"="10010"
"googleadserver"="pagead2.googlesyndication.com"
"flagged"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\

Shell

Extensions\Approved\{443EA021-5049-9583-E2C5-EC68521FB889}]
"famgilbokocb"=hex:68,61,6f,62,6b,61,69,6d,68,61,64,62,6f,6c,

62,6b,00,02
"famgilbokopa"=hex:68,61,6f,62,6b,61,69,6d,68,61,64,62,6f,6c,

62,6b,00,02
"faaghhcjldie"=hex:61,61,00,00

scanning hidden files ...

C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll 110080 bytes

executable
C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll 498688 bytes

executable
C:\WINDOWS\system32\drivers\vmdesched.sys 6656 bytes

executable
C:\WINDOWS\system32\clb.dll 10752 bytes executable
C:\WINDOWS\system32\clbcatex.dll 110080 bytes executable
C:\WINDOWS\system32\clbcatq.dll 498688 bytes executable
C:\WINDOWS\system32\cdosys.dll 31560 bytes executable
C:\WINDOWS\system32\clbinit.dll 1695 bytes
C:\WINDOWS\system32\dllcache\clb.dll 10752 bytes executable
C:\WINDOWS\system32\dllcache\clbcatex.dll 110080 bytes

executable
C:\WINDOWS\system32\dllcache\clbcatq.dll 498688 bytes

executable
C:\WINDOWS\$NtUninstallKB902400$\clbcatex.dll 110080 bytes

executable
C:\WINDOWS\$NtUninstallKB902400$\clbcatq.dll 501248 bytes

executable

scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 13


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shareda

ccess\parameters\firewallpolicy\standardprofile\authorizedapp

lications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmg

r.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online

9.0\\waol.exe"="C:\\Program Files\\America Online

9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program

Files\\Symantec\\pcAnywhere\\AWHOST32.EXE"="C:\\Program

Files\\Symantec\\pcAnywhere\\AWHOST32.EXE:*:Disabled:pcAnywhe

re Host Service"
"C:\\Program

Files\\Symantec\\pcAnywhere\\awrem32.exe"="C:\\Program

Files\\Symantec\\pcAnywhere\\awrem32.exe:*:Disabled:pcAnywher

e Remote Service"
"C:\\Program Files\\Common

Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common

Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common

Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common

Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program

Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network

Diagnostic\\xpnetdiag.exe"="%windir%\\Network

Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\APC\\PowerChute Business

Edition\\server\\pbeserver.exe"="C:\\Program

Files\\APC\\PowerChute Business

Edition\\server\\pbeserver.exe:*:Disabled:PowerChute Business

Edition Server"
"C:\\Program Files\\Common

Files\\AOL\\1170644168\\ee\\aolsoftware.exe"="C:\\Program

Files\\Common

Files\\AOL\\1170644168\\ee\\aolsoftware.exe:*:Enabled:AOL

Shared Components"
"C:\\Program Files\\Common

Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common

Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Google\\Google

Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google

Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program

Files\\Symantec\\pcAnywhere\\WINAW32.EXE"="C:\\Program

Files\\Symantec\\pcAnywhere\\WINAW32.EXE:*:Disabled:pcAnywher

e Main Program"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program

Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program

Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program

Files\\Bonjour\\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program

Files\\Skype\\Phone\\Skype.exe:*:Disabled:Skype"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program

Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shareda

ccess\parameters\firewallpolicy\domainprofile\authorizedappli

cations\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmg

r.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online

9.0\\waol.exe"="C:\\Program Files\\America Online

9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Common

Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common

Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common

Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common

Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"%windir%\\Network

Diagnostic\\xpnetdiag.exe"="%windir%\\Network

Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed  1 Sep 2004        54,384 A..H. --- "C:\Program

Files\America Online 9.0\aolphx.exe"
Wed  1 Sep 2004       156,784 A..H. --- "C:\Program

Files\America Online 9.0\aoltray.exe"
Wed  1 Sep 2004        31,344 A..H. --- "C:\Program

Files\America Online 9.0\RBM.exe"
Tue 20 May 2008           377 A..H. --- "C:\Program

Files\InterActual\InterActual Player\iti705.tmp"
Tue 20 May 2008           114 A..H. --- "C:\Program

Files\InterActual\InterActual Player\itiAF.tmp"
Wed 19 Apr 2006        95,892 A..H. --- "C:\Program

Files\Walgreens\Walgreens PhotoShow 4\data\Walgreens

PhotoShow Express.exe"
Thu  8 May 2008             0 A..H. ---

"C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8

c0d990dc65796\BIT5.tmp"
Wed 25 May 2005             8 A..H. --- "C:\Documents and

Settings\All Users\Application

Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Wed 25 May 2005             8 A..H. --- "C:\Documents and

Settings\All Users\Application

Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Fri 10 Jun 2005             8 A..H. --- "C:\Documents and

Settings\All Users\Application

Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp"
Fri 10 Jun 2005             8 A..H. --- "C:\Documents and

Settings\All Users\Application

Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"

Finished!


Title: Re: can't access certain websites
Post by: Broni on June 06, 2008, 11:18:22 PM
How is your computer doing?
Title: Re: can't access certain websites
Post by: DANKK on June 07, 2008, 12:21:51 AM
How is your computer doing?
[/quote

still the same. can't access some sites. some of them takes me to differnet sites.
Title: Re: can't access certain websites
Post by: Broni on June 07, 2008, 02:56:03 PM
See, if Malwarebytes will run now.