help with a virus

[blu_smiley]

my virus scanner(nod 32) keep detecting these viruses every so often but its not going away..
it affects my internet i.e...i can go on the internet for like 30 mins but then it suddenly stops working....
th only way to get the internet working is to restart...
when the internet stops working, it also affects the other computers in the house....
i know it has nothing to do with my internet connection and isp because it only happens to my computer (thats affected with the virus) because i can go on the internet all day on the other computers.
Also sometimes my applications dont close properly when i shut down....and when i shut down i get this thing saying "run time error 53-file not found ".
i think thats about it...sorry if i sound confusing
 
Ive attached the 1)SUPERantispyware log
                            2) eset online scanner log
                            3) hijackthis log

I'd appreciate anyone that can help me!
thanks in advance

[saving space - attachment deleted by admin]

[Broni]

I can't see any firewall running, unless you have Windows firewall up???

1. Print this post out, since you won't have an access to it, at some point.

2. Close all windows, except for HijackThis.

3. Put a checkmark next to the following HijackThis entries:

- R3 - URLSearchHook: (no name) - {B3FD786C-9985-B876-F5DC-96CB2B9E59E6} - C:\WINDOWS\system32\ukqg.dll (file missing)

- F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\lsass.exe

- F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xpjava.exe

- O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

- O4 - HKLM\..\Run: [Microsoft Config 32] msconfigx32.exe

- O4 - HKLM\..\Run: [DRam prosessor] winupdate.exe

- O4 - HKLM\..\Run: [system] tskmgr.exe

- O4 - HKLM\..\Run: [MSUpdater] System32i.exe

- O4 - HKLM\..\RunServices: [Microsoft Config 32] msconfigx32.exe

- O4 - HKLM\..\RunServices: [system] tskmgr.exe

- O4 - HKLM\..\RunServices: [MSUpdater] System32i.exe

- O4 - HKCU\..\Run: [Microsoft Config 32] msconfigx32.exe

- O4 - HKCU\..\Policies\Explorer\Run: [digoun] C:\WINDOWS\System32\digoun.exe

- O4 - HKCU\..\Policies\Explorer\Run: [kbdsld] C:\WINDOWS\System32\kbdsld.exe

- O4 - HKCU\..\Policies\Explorer\Run: [regign] C:\WINDOWS\System32\regign.exe

- O4 - HKCU\..\Policies\Explorer\Run: [commv2] C:\WINDOWS\System32\commv2.exe

- O4 - HKCU\..\Policies\Explorer\Run: [mshuie] C:\WINDOWS\System32\mshuie.exe

- O4 - HKUS\S-1-5-18\..\Run: [Microsoft Config 32] msconfigx32.exe (User 'SYSTEM')

- O20 - Winlogon Notify: wintuh32 - wintuh32.dll (file missing)

- O23 - Service: winauthm (spdauth) - Unknown owner - C:\WINDOWS\spdauth.exe (file missing)

- O23 - Service: tsecure - Unknown owner - C:\WINDOWS\tsecure.exe (file missing)

4. Click on "Fix checked" button.

5. Restart your computer in Safe Mode (keep tapping F8 key, when your computer starts)

6. Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to "Show hidden files, and folders".

7. Delete following files/folders (if present):

- from C:\WINDOWS\system32, files: digoun.exe, kbdsld.exe, regign.exe, commv2.exe, mshuie.exe

8. Turn off System Restore:

- Windows XP:
   1. Click Start.
   2. Right-click the My Computer icon, and then click Properties.
   3. Click the System Restore tab.
   4. Check "Turn off System Restore".
   5. Click Apply.   
   6.  When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
   7. Click OK.
- Windows Vista:
   1. Click Start.
   2. Right-click the Computer icon, and then click Properties.
   3. Click on System Protection under the Tasks column on the left side
   4. Click on Continue on the "User Account Control" window that pops up
   5. Under the System Protection tab, find Available Disks
   6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
   7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
   8. Click OK

9. Restart in Normal Mode.

10. Turn System Restore on.

11. Run HijackThis again, and post back its log back here.

[blu_smiley]

^ thanks for helping =D

but where am i suppose to begin step 3??.....ive opened hjt but i dont know what to do next as you described in step 3)

[Broni]

Oh, click on Scan.

[blu_smiley]

im on internet explorer (ver7) but i cant find "folder options" under tools

[Deerpark]

It's not Internet Explorer blu_smiley, it's Windows Explorer. This is the name of the program that lets you browser you folders and such.
Just double click "My Computer" and you'll launch it.

[blu_smiley]

Deerpark: thanks for that!!
------------------------

hjt log attached

[saving space - attachment deleted by admin]

[evilfantasy]

Please download Combofix by sUBs from either here or here

Save Combofix.exe to your your Desktop.

Double click combofix.exe & follow the prompts. (from the keyboard select 1 and press enter)
When finished, it will produce a log for you.
Attach that log in your next reply.

Do not mouseclick combofix's window while it's running. That may cause your computer to stall

[blu_smiley]

combofix log attached

[saving space - attachment deleted by admin]

[evilfantasy]

Delete these files/folders, as follows:

* Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):

File::
C:\WINDOWS\imsins.BAK
C:\WINDOWS\system32\temp.dat
C:\WINDOWS\system32\System32i.exe

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ceb43567-9b98-11db-a316-000f3d300101}]
\Shell\AutoRun\command - ~tmp0.1st.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ceb43568-9b98-11db-a316-000f3d300101}]
\Shell\AutoRun\command - ~tmp0.1st.exe

* Save this as CFScript on the desktop.
* Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



* ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang

==========

Please run the F-Secure Online Scanner

Note: This Scanner works with Internet Explorer Only!

• Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
• Allow the Active X control to be installed on your computer, then click the Accept button
• Click Full System Scan and allow the components to download and the scan to complete.
  
• If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  
• When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
• Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
If Automatic cleaning with Submit samples hangs, click

Cancel, then New Scan[/list]

• When the cleaning option is presented, Uncheck Submit samples to F-Secure
  
• Click Automatic cleaning
  
• When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  
• Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

• This scan will only work with Internet Explore
• You must have administrator rights to run this scan
• This scan can take several hours, so please be patient

[/list]

==========

Next post please attach
combofix log
f-secure online scan log

[blu_smiley]

combofix & fsecure logs attached

[saving space - attachment deleted by admin]

[evilfantasy]

Looking better. Still more to do though.


Please download ATF Cleaner by Atribune. ATF Cleaner.exe

Make sure that all browser windows are closed.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All and UNCHECK Cookies.
  
• Click the Empty Selected button.
  

If you use Firefox browser

• Click Firefox at the top and choose: Select All and UNCHECK Cookies.
  
• Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

If you use Opera browser

• Click Opera at the top and choose: Select All and UNCHECK Cookies.
  
• Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

Click Exit on the Main ATF Cleaner menu to close the program.

Restart the computer.

----------

Please download DrWeb CureIt & save it to your desktop.

Scan with DrWeb-CureIt as follows:

• Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
  
• Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
  
• Once the short scan has finished, Click Options > Change settings
  
• Choose the "Scan tab" and UNcheck "Heuristic analysis"
  
• Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
  
• Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
  
• When done, a message will be displayed at the bottom advising if any viruses were found.
• Click "Yes to all" if it asks if you want to cure/move the file.
  
• When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
  (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  
• Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  
• Save the DrWeb.csv report to your desktop.
  
• Exit Dr.Web Cureit when done.
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  
• After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
  

----------

Run a new hijackthis scan and post that log along with the DR.Web log please.

[blu_smiley]

the linke you gave me to dl DrWeb-CureIt .exe doesnt work

[evilfantasy]

Sorry about that, it is fixed now.

[blu_smiley]

I downloaded drweb cure it but the express scan doesn't finish scanning

This happens:


and then this shows up: