Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: can't access certain websites  (Read 18628 times)

0 Members and 1 Guest are viewing this topic.

DANKK

    Topic Starter


    Rookie

    can't access certain websites
    « on: May 22, 2008, 11:52:03 PM »
    Hello:
    I had a spyware attack last week and since then I can't access certain websites from IE or Firefox. I can ping these sites and view from another machine. With three different programs I got rid of all the spyware (I hope). If I type the URL in the address box, it changes to google.com/search/URL and show the results. When I click the link on the results, it says "no page found". I found the hosts file has a bunch of addresses with 127.0.0.1 as IP addresses. I changed the name of the hosts file, still no luck.

    I cleared the cache, cookies etc.

    Any help on this would be highly appreciated.

    Thanks a lot

    DanK

    evilfantasy

    • Malware Removal Specialist
    • Moderator


    • Genius
    • Calm like a bomb
    • Thanked: 493
    • Experience: Experienced
    • OS: Windows 11
    Re: can't access certain websites
    « Reply #1 on: May 23, 2008, 12:26:25 AM »
    Try this.

    Download HostsXpert
    • Unzip HostXpert to your desktop
    • Open up the HostXpert program.
    • Make sure that the "Make Hosts Writable?" button in the upper right corner is enabled. 
    • Click Create Back Up
    • Then click on Restore Microsoft's Host Files
    • Close the HostXpert program
    .
    Note: if you use SpywareBlaster, Spybot and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and select Enable all protection. For Spybot run the program and select Immunize. For IE-SPYAD, run the batch file and reinstall the protection.

    NOT ADMIN :P



      Intermediate

      Re: can't access certain websites
      « Reply #2 on: May 23, 2008, 12:27:25 AM »
      what firewall are you using?

      What leaniancy is it set to?

      Broni


        Mastermind
      • Kraków my love :)
      • Thanked: 614
        • Computer Help Forum
      • Computer: Specs
      • Experience: Experienced
      • OS: Windows 8
      Re: can't access certain websites
      « Reply #3 on: May 23, 2008, 07:36:58 PM »
      What is " leaniancy"?

      DANKK

        Topic Starter


        Rookie

        Re: can't access certain websites
        « Reply #4 on: May 23, 2008, 09:27:39 PM »
        Try this.

        Hostsexpert is downloaded and Host file is replaced. Still can't access the sites

        DANKK

          Topic Starter


          Rookie

          Re: can't access certain websites
          « Reply #5 on: May 23, 2008, 09:30:34 PM »
          what firewall are you using?

          What leaniancy is it set to?

          Firewall comes with XP.

          Leniancy: exceptions to certain sites

          Broni


            Mastermind
          • Kraków my love :)
          • Thanked: 614
            • Computer Help Forum
          • Computer: Specs
          • Experience: Experienced
          • OS: Windows 8
          Re: can't access certain websites
          « Reply #6 on: May 23, 2008, 09:32:45 PM »
          Quote
          Leniancy
          Never heard of such a word...

          evilfantasy

          • Malware Removal Specialist
          • Moderator


          • Genius
          • Calm like a bomb
          • Thanked: 493
          • Experience: Experienced
          • OS: Windows 11
          Re: can't access certain websites
          « Reply #7 on: May 23, 2008, 09:49:34 PM »
          Click Start > Run and copy and paste the following line into the run box:
          regsvr32 urlmon.dll
          Press OK
          Once it is completed you will get this message DllRegisterServer in urlmon.dll succeeded, repeat the above steps, but replace regsvr32 urlmon.dll with the following: (enter each line one at a time selecting OK after each)

          • regsvr32 actxprxy.dll
          • regsvr32 shdocvw.dll
          • regsvr32 mshtml.dll
          • regsvr32 browseui.dll
          • regsvr32 jscript.dll
          • regsvr32 vbscript.dll
          • regsvr32 oleaut32.dll
          When finished restart your computer.

          How about now?

          Broni


            Mastermind
          • Kraków my love :)
          • Thanked: 614
            • Computer Help Forum
          • Computer: Specs
          • Experience: Experienced
          • OS: Windows 8
          Re: can't access certain websites
          « Reply #8 on: May 23, 2008, 10:13:48 PM »
           Can you post links to some sites, you can't access?

          DANKK

            Topic Starter


            Rookie

            Re: can't access certain websites
            « Reply #9 on: May 23, 2008, 10:52:42 PM »
            Click Start > Run and copy and paste the following line into the run box:
            regsvr32 urlmon.dll
            Press OK
            Once it is completed you will get this message DllRegisterServer in urlmon.dll succeeded, repeat the above steps, but replace regsvr32 urlmon.dll with the following: (enter each line one at a time selecting OK after each)

            • regsvr32 actxprxy.dll
            • regsvr32 shdocvw.dll
            • regsvr32 mshtml.dll
            • regsvr32 browseui.dll
            • regsvr32 jscript.dll
            • regsvr32 vbscript.dll
            • regsvr32 oleaut32.dll
            When finished restart your computer.

            How about now?

            Ran everything except regsvr32 mshtml.dll, which I got "mshtml.dll was loaded, but DllregisterServer entry point was not found. not registered" message.  Still can't access.

            DANKK

              Topic Starter


              Rookie

              Re: can't access certain websites
              « Reply #10 on: May 23, 2008, 10:54:41 PM »
              Can you post links to some sites, you can't access?

              didn't uderstand the question. I can visit some sites, some I can't.

              evilfantasy

              • Malware Removal Specialist
              • Moderator


              • Genius
              • Calm like a bomb
              • Thanked: 493
              • Experience: Experienced
              • OS: Windows 11
              Re: can't access certain websites
              « Reply #11 on: May 23, 2008, 10:59:22 PM »
              I've got one more idea then.....don't know.

              Reset settings for Internet Explorer 6
              Reset Explorer Settings IE 6

              Reset Settings in Internet Explorer 7
              Reset Explorer Settings IE 7

              Clear cache in Firefox - Go to Tools > Clear Private Data...

              DANKK

                Topic Starter


                Rookie

                Re: can't access certain websites
                « Reply #12 on: May 23, 2008, 11:23:46 PM »
                I've got one more idea then.....don't know.

                Reset settings for Internet Explorer 6
                Reset Explorer Settings IE 6

                Reset Settings in Internet Explorer 7
                Reset Explorer Settings IE 7

                Clear cache in Firefox - Go to Tools > Clear Private Data...

                no luck

                Broni


                  Mastermind
                • Kraków my love :)
                • Thanked: 614
                  • Computer Help Forum
                • Computer: Specs
                • Experience: Experienced
                • OS: Windows 8
                Re: can't access certain websites
                « Reply #13 on: May 24, 2008, 09:11:36 AM »
                I asked, if there is particular TYPE of web sites, you can't access.
                Also, do you use Norton?

                DANKK

                  Topic Starter


                  Rookie

                  Re: can't access certain websites
                  « Reply #14 on: May 24, 2008, 11:00:35 AM »
                  I asked, if there is particular TYPE of web sites, you can't access.
                  Also, do you use Norton?
                  I can't access norton.com. mcafee.com. bankofamerica.com etc.
                  I can access computerhope.com, ebay.com, msn.com etc
                  some sites take me to wrong sites, eg, norton.com take me findcheapairlines.com

                  I use spyware doctor, Adware, CA

                  Broni


                    Mastermind
                  • Kraków my love :)
                  • Thanked: 614
                    • Computer Help Forum
                  • Computer: Specs
                  • Experience: Experienced
                  • OS: Windows 8
                  Re: can't access certain websites
                  « Reply #15 on: May 24, 2008, 07:08:26 PM »
                  Quote
                  some sites take me to wrong sites, eg, norton.com take me findcheapairlines.com

                  Print these instructions out.

                  1. Download SUPERAntiSpyware Free for Home Users:
                  http://www.superantispyware.com/

                      * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
                      * An icon will be created on your desktop. Double-click that icon to launch the program.
                      * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
                      * Close SUPERAntiSpyware.

                  Restart computer in Safe Mode.
                  To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

                      * Open SUPERAntiSpyware.
                      * Under "Configuration and Preferences", click the Preferences button.
                      * Click the Scanning Control tab.
                      * Under Scanner Options make sure the following are checked (leave all others unchecked):
                            o Close browsers before scanning.
                            o Scan for tracking cookies.
                            o Terminate memory threats before quarantining.
                      * Click the "Close" button to leave the control center screen.
                      * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
                      * On the left, make sure you check C:\Fixed Drive.
                      * On the right, under "Complete Scan", choose Perform Complete Scan.
                      * Click "Next" to start the scan. Please be patient while it scans your computer.
                      * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
                      * Make sure everything has a checkmark next to it and click "Next".
                      * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
                      * If asked if you want to reboot, click "Yes".
                      * To retrieve the removal information after reboot, launch SUPERAntispyware again.
                            o Click Preferences, then click the Statistics/Logs tab.
                            o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
                            o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
                            o Please copy and paste the Scan Log results in your next reply.
                      * Click Close to exit the program.
                  Post SUPERAntiSpyware log.

                  RESTART COMPUTER!

                  2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop.

                      * Double-click mbam-setup.exe and follow the prompts to install the program.
                      * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
                      * If an update is found, it will download and install the latest version.
                      * Once the program has loaded, select Perform full scan, then click Scan.
                      * When the scan is complete, click OK, then Show Results to view the results.
                      * Be sure that everything is checked, and click Remove Selected.
                      * When completed, a log will open in Notepad.
                      * Post the log back here.

                  The log can also be found here:
                  C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
                  Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

                  RESTART COMPUTER!

                  3. Download HijackThis:
                  http://www.snapfiles.com/get/hijackthis.html
                  Post HijackThis log.

                  DANKK

                    Topic Starter


                    Rookie

                    Re: can't access certain websites
                    « Reply #16 on: May 25, 2008, 02:02:46 AM »
                    Quote
                    some sites take me to wrong sites, eg, norton.com take me findcheapairlines.com

                    Print these instructions out.

                    1. Download SUPERAntiSpyware Free for Home Users:
                    http://www.superantispyware.com/

                        * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
                        * An icon will be created on your desktop. Double-click that icon to launch the program.
                        * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
                        * Close SUPERAntiSpyware.

                    Restart computer in Safe Mode.
                    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

                        * Open SUPERAntiSpyware.
                        * Under "Configuration and Preferences", click the Preferences button.
                        * Click the Scanning Control tab.
                        * Under Scanner Options make sure the following are checked (leave all others unchecked):
                              o Close browsers before scanning.
                              o Scan for tracking cookies.
                              o Terminate memory threats before quarantining.
                        * Click the "Close" button to leave the control center screen.
                        * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
                        * On the left, make sure you check C:\Fixed Drive.
                        * On the right, under "Complete Scan", choose Perform Complete Scan.
                        * Click "Next" to start the scan. Please be patient while it scans your computer.
                        * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
                        * Make sure everything has a checkmark next to it and click "Next".
                        * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
                        * If asked if you want to reboot, click "Yes".
                        * To retrieve the removal information after reboot, launch SUPERAntispyware again.
                              o Click Preferences, then click the Statistics/Logs tab.
                              o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
                              o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
                              o Please copy and paste the Scan Log results in your next reply.
                        * Click Close to exit the program.
                    Post SUPERAntiSpyware log.

                    RESTART COMPUTER!

                    2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop.

                        * Double-click mbam-setup.exe and follow the prompts to install the program.
                        * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
                        * If an update is found, it will download and install the latest version.
                        * Once the program has loaded, select Perform full scan, then click Scan.
                        * When the scan is complete, click OK, then Show Results to view the results.
                        * Be sure that everything is checked, and click Remove Selected.
                        * When completed, a log will open in Notepad.
                        * Post the log back here.

                    The log can also be found here:
                    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
                    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

                    RESTART COMPUTER!

                    3. Download HijackThis:
                    http://www.snapfiles.com/get/hijackthis.html
                    Post HijackThis log.

                    It is not  letting me access any of these these sites.

                    Broni


                      Mastermind
                    • Kraków my love :)
                    • Thanked: 614
                      • Computer Help Forum
                    • Computer: Specs
                    • Experience: Experienced
                    • OS: Windows 8
                    Re: can't access certain websites
                    « Reply #17 on: May 25, 2008, 09:17:47 AM »
                    Download those programs on other computer, and move them to yours by CD, USB stick, or so.

                    DANKK

                      Topic Starter


                      Rookie

                      Re: can't access certain websites
                      « Reply #18 on: May 28, 2008, 12:03:35 AM »
                      Quote
                      some sites take me to wrong sites, eg, norton.com take me findcheapairlines.com

                      Print these instructions out.

                      1. Download SUPERAntiSpyware Free for Home Users:
                      http://www.superantispyware.com/

                          * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
                          * An icon will be created on your desktop. Double-click that icon to launch the program.
                          * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
                          * Close SUPERAntiSpyware.

                      Restart computer in Safe Mode.
                      To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

                          * Open SUPERAntiSpyware.
                          * Under "Configuration and Preferences", click the Preferences button.
                          * Click the Scanning Control tab.
                          * Under Scanner Options make sure the following are checked (leave all others unchecked):
                                o Close browsers before scanning.
                                o Scan for tracking cookies.
                                o Terminate memory threats before quarantining.
                          * Click the "Close" button to leave the control center screen.
                          * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
                          * On the left, make sure you check C:\Fixed Drive.
                          * On the right, under "Complete Scan", choose Perform Complete Scan.
                          * Click "Next" to start the scan. Please be patient while it scans your computer.
                          * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
                          * Make sure everything has a checkmark next to it and click "Next".
                          * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
                          * If asked if you want to reboot, click "Yes".
                          * To retrieve the removal information after reboot, launch SUPERAntispyware again.
                                o Click Preferences, then click the Statistics/Logs tab.
                                o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
                                o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
                                o Please copy and paste the Scan Log results in your next reply.
                          * Click Close to exit the program.
                      Post SUPERAntiSpyware log.

                      RESTART COMPUTER!

                      2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop.

                          * Double-click mbam-setup.exe and follow the prompts to install the program.
                          * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
                          * If an update is found, it will download and install the latest version.
                          * Once the program has loaded, select Perform full scan, then click Scan.
                          * When the scan is complete, click OK, then Show Results to view the results.
                          * Be sure that everything is checked, and click Remove Selected.
                          * When completed, a log will open in Notepad.
                          * Post the log back here.

                      The log can also be found here:
                      C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
                      Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

                      RESTART COMPUTER!

                      3. Download HijackThis:
                      http://www.snapfiles.com/get/hijackthis.html
                      Post HijackThis log.

                      It is not  letting me access any of these these sites.
                      SUPERAntiSpyware Scan Log
                      http://www.superantispyware.com

                      Generated 05/25/2008 at 04:00 PM

                      Application Version : 4.1.1046

                      Core Rules Database Version : 3459
                      Trace Rules Database Version: 1450

                      Scan type       : Complete Scan
                      Total Scan Time : 02:33:11

                      Memory items scanned      : 245
                      Memory threats detected   : 0
                      Registry items scanned    : 6076
                      Registry threats detected : 0
                      File items scanned        : 102684
                      File threats detected     : 61

                      Adware.Tracking Cookie
                         C:\Documents and Settings\DAN\Cookies\[email protected][1].txt
                         C:\Documents and Settings\DAN\Cookies\[email protected][1].txt
                         C:\Documents and Settings\DAN\Cookies\[email protected][1].txt
                         C:\Documents and Settings\DAN\Cookies\dan@overture[1].txt
                         C:\Documents and Settings\DAN\Cookies\[email protected][2].txt
                         C:\Documents and Settings\DAN\Cookies\[email protected][1].txt
                         C:\Documents and Settings\DAN\Cookies\dan@questionmarket[2].txt
                         C:\Documents and Settings\DAN\Cookies\dan@revsci[1].txt
                         C:\Documents and Settings\DAN\Cookies\dan@insightexpressai[1].txt
                         C:\Documents and Settings\DAN\Cookies\[email protected][1].txt
                         C:\Documents and Settings\DAN\Cookies\dan@dealtime[1].txt
                         C:\Documents and Settings\DAN\Cookies\dan@tacoda[1].txt
                         C:\Documents and Settings\DAN\Cookies\[email protected][1].txt
                         C:\Documents and Settings\DAN\Cookies\dan@doubleclick[1].txt
                         C:\Documents and Settings\DAN\Cookies\dan@apmebf[1].txt
                         C:\Documents and Settings\DAN\Cookies\dan@tribalfusion[1].txt
                         C:\Documents and Settings\DAN\Cookies\dan@atdmt[1].txt
                         C:\Documents and Settings\DAN\Cookies\dan@atwola[1].txt
                         C:\Documents and Settings\DAN\Cookies\dan@advertising[2].txt
                         C:\Documents and Settings\DAN\Cookies\dan@mediaplex[1].txt
                         C:\Documents and Settings\DAN\Cookies\dan@revenue[1].txt
                         C:\Documents and Settings\DAN\Cookies\[email protected][1].txt
                         C:\Documents and Settings\DAN\Cookies\dan@fastclick[1].txt
                         C:\Documents and Settings\DAN\Cookies\dan@adrevolver[2].txt
                         C:\Documents and Settings\DAN\Cookies\[email protected][2].txt
                         C:\Documents and Settings\DAN\Cookies\dan@enhance[2].txt
                         C:\Documents and Settings\DAN\Cookies\[email protected][1].txt

                      Trojan.Downloader-Gen/JLove
                         C:\DOCUMENTS AND SETTINGS\DAN\MY DOCUMENTS\SCURIT~1\RUNDLL.EXE

                      Adware.ClickSpring
                         C:\PROGRAM FILES\COMMON FILES\STEM32~1\WOWEXEC.EXE

                      Trojan.Fake-Drop/Gen
                         C:\WINDOWS\ACCESSS.EXE
                         C:\WINDOWS\CLRSSN.EXE
                         C:\WINDOWS\CPAN.DLL
                         C:\WINDOWS\CTFMON32.EXE
                         C:\WINDOWS\DIRECTX32.EXE
                         C:\WINDOWS\DNSRELAY.DLL
                         C:\WINDOWS\EXPLORER32.EXE
                         C:\WINDOWS\FUNNIEST.EXE
                         C:\WINDOWS\FUNNY.EXE
                         C:\WINDOWS\GFMNAAA.DLL
                         C:\WINDOWS\HELPCVS.EXE
                         C:\WINDOWS\INETINF.EXE
                         C:\WINDOWS\MSSPI.DLL
                         C:\WINDOWS\MSWSC10.DLL
                         C:\WINDOWS\MSWSC20.DLL
                         C:\WINDOWS\MTWIRL32.DLL
                         C:\WINDOWS\SEARCHWORD.DLL
                         C:\WINDOWS\SVCINIT.EXE
                         C:\WINDOWS\TIME.EXE
                         C:\WINDOWS\USERS32.EXE
                         C:\WINDOWS\WIN32E.EXE
                         C:\WINDOWS\WIN64.EXE
                         C:\WINDOWS\WINAJBM.DLL
                         C:\WINDOWS\WINMGNT.EXE
                         C:\WINDOWS\X.EXE
                         C:\WINDOWS\XPLUGIN.DLL
                         C:\WINDOWS\Y.EXE

                      Trojan.Downloader-Systeem
                         C:\WINDOWS\SYSTEEM.EXE

                      Trojan.Unknown Origin
                         C:\WINDOWS\SYSTEM32\CFCWROUV.EXE
                         C:\WINDOWS\SYSTEM32\MSKLMUDP.EXE
                         C:\WINDOWS\SYSTEM32\UURDJLKH.EXE

                      Trojan.Downloader-SystemCritcial/Fake Alert
                         C:\WINDOWS\SYSTEMCRITICAL.EXE


                      Logfile of Trend Micro HijackThis v2.0.2
                      Scan saved at 10:56:26 PM, on 5/27/2008
                      Platform: Windows XP SP2 (WinNT 5.01.2600)
                      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                      Boot mode: Normal

                      Running processes:
                      C:\WINDOWS\System32\smss.exe
                      C:\WINDOWS\system32\csrss.exe
                      C:\WINDOWS\system32\winlogon.exe
                      C:\WINDOWS\system32\services.exe
                      C:\WINDOWS\system32\lsass.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                      C:\WINDOWS\system32\spoolsv.exe
                      C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
                      C:\WINDOWS\Explorer.EXE
                      C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
                      C:\Program Files\Spyware Doctor\pctsTray.exe
                      C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
                      C:\Documents and Settings\DAN\Application Data\Microsoft\dtsc\26074.exe
                      C:\WINDOWS\system32\ctfmon.exe
                      C:\Program Files\AIM6\aim6.exe
                      C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                      C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
                      C:\Program Files\uTorrent\uTorrent.exe
                      C:\PROGRA~1\APC\POWERC~1\server\PBESER~1.EXE
                      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                      C:\Program Files\Bonjour\mDNSResponder.exe
                      C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
                      C:\Program Files\Maxtor\Sync\SyncServices.exe
                      c:\program files\mcafee.com\agent\mcdetect.exe
                      c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
                      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                      C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
                      C:\Program Files\Spyware Doctor\pctsAuxs.exe
                      C:\Program Files\Spyware Doctor\pctsSvc.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\system32\wdfmgr.exe
                      C:\WINDOWS\wanmpsvc.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\System32\alg.exe
                      C:\Program Files\AIM6\aolsoftware.exe
                      C:\Program Files\Internet Explorer\iexplore.exe
                      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
                      C:\WINDOWS\system32\wbem\wmiprvse.exe

                      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
                      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
                      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
                      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
                      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                      O2 - BHO: (no name) - {C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8} - (no file)
                      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
                      O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
                      O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
                      O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
                      O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
                      O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\DAN\Application Data\Microsoft\dtsc\26074.exe
                      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                      O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
                      O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
                      O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
                      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://goldenram.com/upgradedetect/upgradedetect.cab?9218
                      O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab
                      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
                      O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) - http://www.investors.com/member/ocx/plotwon.ocx
                      O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
                      O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
                      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
                      O20 - Winlogon Notify: nnnljkLe - nnnljkLe.dll (file missing)
                      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
                      O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
                      O23 - Service: APC PBE Server (APCPBEServer) - APC - C:\PROGRA~1\APC\POWERC~1\server\PBESER~1.EXE
                      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                      O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                      O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
                      O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
                      O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
                      O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
                      O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
                      O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
                      O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
                      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
                      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
                      O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
                      O23 - Service: Windows Action Script - Unknown owner - C:\WINDOWS\system32\scvhost.exe (file missing)
                      O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
                      O24 - Desktop Component 0: (no name) - http://www.luxurytoursofindia.com/images/kerala2.jpg

                      --
                      End of file - 8279 bytes



                      It is not letting me  install the second program " mbam-setup.exe". I have it on the desktop. It doesn't open.


                      Broni


                        Mastermind
                      • Kraków my love :)
                      • Thanked: 614
                        • Computer Help Forum
                      • Computer: Specs
                      • Experience: Experienced
                      • OS: Windows 8
                      Re: can't access certain websites
                      « Reply #19 on: May 28, 2008, 05:54:19 PM »
                      Malwarebytes log is missing...

                      DANKK

                        Topic Starter


                        Rookie

                        Re: can't access certain websites
                        « Reply #20 on: May 28, 2008, 09:03:59 PM »
                        Malwarebytes log is missing...
                        It is not running. When I double click on the setup icon nothing happens. I try to run different way, but no luck.

                        Broni


                          Mastermind
                        • Kraków my love :)
                        • Thanked: 614
                          • Computer Help Forum
                        • Computer: Specs
                        • Experience: Experienced
                        • OS: Windows 8
                        Re: can't access certain websites
                        « Reply #21 on: May 28, 2008, 09:46:56 PM »
                        Maybe bad download. Try to download it again.

                        DANKK

                          Topic Starter


                          Rookie

                          Re: can't access certain websites
                          « Reply #22 on: May 28, 2008, 10:35:08 PM »
                          Maybe bad download. Try to download it again.

                          I  did from two different computers. It works fine where it was copied. I copied to this machine from that, but it is not letting
                          me run on this. And I cannot download straight to this machine, because I can't access that site.
                          Any suggestions?

                          Broni


                            Mastermind
                          • Kraków my love :)
                          • Thanked: 614
                            • Computer Help Forum
                          • Computer: Specs
                          • Experience: Experienced
                          • OS: Windows 8
                          Re: can't access certain websites
                          « Reply #23 on: May 28, 2008, 10:38:18 PM »
                          Let me check your HJT log....

                          Broni


                            Mastermind
                          • Kraków my love :)
                          • Thanked: 614
                            • Computer Help Forum
                          • Computer: Specs
                          • Experience: Experienced
                          • OS: Windows 8
                          Re: can't access certain websites
                          « Reply #24 on: May 28, 2008, 10:41:44 PM »
                          I see some services of McAfee running. What do you have there from McAfee? Is it antivirus, and firewall?

                          Broni


                            Mastermind
                          • Kraków my love :)
                          • Thanked: 614
                            • Computer Help Forum
                          • Computer: Specs
                          • Experience: Experienced
                          • OS: Windows 8
                          Re: can't access certain websites
                          « Reply #25 on: May 28, 2008, 10:42:29 PM »
                          I'm off to bed, so we'll have to continue tomorrow...

                          DANKK

                            Topic Starter


                            Rookie

                            Re: can't access certain websites
                            « Reply #26 on: May 29, 2008, 07:49:55 AM »
                            I see some services of McAfee running. What do you have there from McAfee? Is it antivirus, and firewall?

                            It is antivirus. I doesn't run anymore.  Something is blocking all these from running.

                            Broni


                              Mastermind
                            • Kraków my love :)
                            • Thanked: 614
                              • Computer Help Forum
                            • Computer: Specs
                            • Experience: Experienced
                            • OS: Windows 8
                            Re: can't access certain websites
                            « Reply #27 on: May 29, 2008, 06:14:24 PM »
                            Quote
                            It is antivirus. I doesn't run anymore.  Something is blocking all these from running.
                            That explains your HJT log listings. Is Windows firewall on?
                            I'll check HJT log.

                            Broni


                              Mastermind
                            • Kraków my love :)
                            • Thanked: 614
                              • Computer Help Forum
                            • Computer: Specs
                            • Experience: Experienced
                            • OS: Windows 8
                            Re: can't access certain websites
                            « Reply #28 on: May 29, 2008, 06:17:39 PM »
                            I want you to run one more program (if it'll run)...

                            Download SDFix (http://downloads.andymanchesta.com/removaltools/sdfix.exe) and save it to your Desktop.

                                * Run the SDFix.exe by double clicking on it.
                                * Allow it to install into the default location which is c:\SDFix
                                * Now please reboot your computer into Safe Mode:
                                  # After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
                                  # Instead of Windows loading as normal, the Advanced Options Menu should appear;
                                  # Select the first option, to run Windows in Safe Mode, then press Enter.
                                * When you have booted into safe mode, open the C:\SDFix folder and double click RunThis.bat to start the script.
                                * Type Y to begin the cleanup process.
                                * It will remove any Trojan Services or Registry entries found and then prompt you to press any key to Reboot.
                                * Press any Key and it will restart the PC.
                                * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
                                * Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
                                * Attach the Report.txt file to your next message.

                            DANKK

                              Topic Starter


                              Rookie

                              Re: can't access certain websites
                              « Reply #29 on: May 29, 2008, 11:11:36 PM »
                              I want you to run one more program (if it'll run)...

                              Download SDFix (http://downloads.andymanchesta.com/removaltools/sdfix.exe) and save it to your Desktop.

                                  * Run the SDFix.exe by double clicking on it.
                                  * Allow it to install into the default location which is c:\SDFix
                                  * Now please reboot your computer into Safe Mode:
                                    # After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
                                    # Instead of Windows loading as normal, the Advanced Options Menu should appear;
                                    # Select the first option, to run Windows in Safe Mode, then press Enter.
                                  * When you have booted into safe mode, open the C:\SDFix folder and double click RunThis.bat to start the script.
                                  * Type Y to begin the cleanup process.
                                  * It will remove any Trojan Services or Registry entries found and then prompt you to press any key to Reboot.
                                  * Press any Key and it will restart the PC.
                                  * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
                                  * Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
                                  * Attach the Report.txt file to your next message.

                              SDFix: Version 1.186
                              Run by DAN on Thu 05/29/2008 at 06:40 PM

                              Microsoft Windows XP [Version 5.1.2600]
                              Running From: C:\SDFix

                              Checking Services :


                              Restoring Windows Registry Values
                              Restoring Windows Default Hosts File
                              Restoring Default Desktop Wallpaper

                              Rebooting


                              Checking Files :

                              Trojan Files Found:

                              C:\WINDOWS\system32\000060.exe - Deleted
                              C:\WINDOWS\system32\000090.exe - Deleted
                              C:\WINDOWS\astctl32.ocx  - Deleted
                              C:\WINDOWS\default.htm  - Deleted
                              C:\WINDOWS\hosts  - Deleted
                              C:\WINDOWS\rundll32.vbe  - Deleted
                              C:\WINDOWS\system32\drivers\hosts  - Deleted
                              C:\WINDOWS\system32\hljwugsf.bin  - Deleted
                              C:\WINDOWS\xxxvideo.hta  - Deleted





                              Removing Temp Files

                              ADS Check :
                               


                                                               Final Check :

                              catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware

                              detector by Gmer, http://www.gmer.net
                              Rootkit scan 2008-05-29 21:48:00
                              Windows 5.1.2600 Service Pack 2 NTFS

                              scanning hidden processes ...

                              scanning hidden services & system hive ...

                              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUIL

                              anguages\RCV2\clb.dll]
                              "0"=hex:00,00,28,0a,01,00,05,00
                              "1"=hex:b6,00,b6,eb,2f,6b,03,cb,5a,e8,c3,ac,b9,40,38,e1
                              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUIL

                              anguages\RCV2\clbcatex.dll]
                              "0"=hex:2a,00,3e,11,0c,00,d1,07
                              "1"=hex:cf,24,2a,85,a4,d7,fe,3c,03,76,96,fe,18,b6,ec,d3
                              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUIL

                              anguages\RCV2\clbcatq.dll]
                              "0"=hex:2a,00,3e,11,0c,00,d1,07
                              "1"=hex:6a,b7,9d,1d,7d,d8,1d,46,23,79,12,2a,da,6a,19,42
                              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot

                              \Minimal\vmdesched.sys]
                              @="driver"
                              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot

                              \Network\vmdesched.sys]
                              @="driver"
                              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\clbdriv

                              er]
                              "start"=dword:00000001
                              "type"=dword:00000001
                              "imagepath"=str(2):"\??\globalroot\systemroot\system32\driver

                              s\vmdesched.sys"
                              [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILangu

                              ages\RCV2\clb.dll]
                              "0"=hex:00,00,28,0a,01,00,05,00
                              "1"=hex:b6,00,b6,eb,2f,6b,03,cb,5a,e8,c3,ac,b9,40,38,e1
                              [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILangu

                              ages\RCV2\clbcatex.dll]
                              "0"=hex:2a,00,3e,11,0c,00,d1,07
                              "1"=hex:cf,24,2a,85,a4,d7,fe,3c,03,76,96,fe,18,b6,ec,d3
                              [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILangu

                              ages\RCV2\clbcatq.dll]
                              "0"=hex:2a,00,3e,11,0c,00,d1,07
                              "1"=hex:6a,b7,9d,1d,7d,d8,1d,46,23,79,12,2a,da,6a,19,42
                              [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Min

                              imal\vmdesched.sys]
                              @="driver"
                              [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Net

                              work\vmdesched.sys]
                              @="driver"
                              [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\clbdriver]
                              "start"=dword:00000001
                              "type"=dword:00000001
                              "imagepath"=str(2):"\??\globalroot\systemroot\system32\driver

                              s\vmdesched.sys"

                              scanning hidden registry entries ...

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

                              NT\CurrentVersion\clbImageData]
                              "affid"="7"
                              "subid"="run04"
                              "control"=hex:1a,00,15,13,07,11,18,1f,14,0a,49,09,4b,1a,09,50

                              ,11,e5,f5
                              "prov"="10010"
                              "googleadserver"="pagead2.googlesyndication.com"
                              "flagged"=dword:00000001
                              [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\

                              Shell

                              Extensions\Approved\{443EA021-5049-9583-E2C5-EC68521FB889}]
                              "famgilbokocb"=hex:68,61,6f,62,6b,61,69,6d,68,61,64,62,6f,6c,

                              62,6b,00,02
                              "famgilbokopa"=hex:68,61,6f,62,6b,61,69,6d,68,61,64,62,6f,6c,

                              62,6b,00,02
                              "faaghhcjldie"=hex:61,61,00,00

                              scanning hidden files ...

                              C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll 110080 bytes

                              executable
                              C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll 498688 bytes

                              executable
                              C:\WINDOWS\system32\drivers\vmdesched.sys 6656 bytes

                              executable
                              C:\WINDOWS\system32\clb.dll 10752 bytes executable
                              C:\WINDOWS\system32\clbcatex.dll 110080 bytes executable
                              C:\WINDOWS\system32\clbcatq.dll 498688 bytes executable
                              C:\WINDOWS\system32\cdosys.dll 31560 bytes executable
                              C:\WINDOWS\system32\clbinit.dll 1695 bytes
                              C:\WINDOWS\system32\dllcache\clb.dll 10752 bytes executable
                              C:\WINDOWS\system32\dllcache\clbcatex.dll 110080 bytes

                              executable
                              C:\WINDOWS\system32\dllcache\clbcatq.dll 498688 bytes

                              executable
                              C:\WINDOWS\$NtUninstallKB902400$\clbcatex.dll 110080 bytes

                              executable
                              C:\WINDOWS\$NtUninstallKB902400$\clbcatq.dll 501248 bytes

                              executable

                              scan completed successfully
                              hidden processes: 0
                              hidden services: 1
                              hidden files: 13


                              Remaining Services :




                              Authorized Application Key Export:

                              [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shareda

                              ccess\parameters\firewallpolicy\standardprofile\authorizedapp

                              lications\list]
                              "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmg

                              r.exe:*:enabled:@xpsp2res.dll,-22019"
                              "C:\\Program Files\\America Online

                              9.0\\waol.exe"="C:\\Program Files\\America Online

                              9.0\\waol.exe:*:Enabled:America Online 9.0"
                              "C:\\Program

                              Files\\Symantec\\pcAnywhere\\AWHOST32.EXE"="C:\\Program

                              Files\\Symantec\\pcAnywhere\\AWHOST32.EXE:*:Disabled:pcAnywhe

                              re Host Service"
                              "C:\\Program

                              Files\\Symantec\\pcAnywhere\\awrem32.exe"="C:\\Program

                              Files\\Symantec\\pcAnywhere\\awrem32.exe:*:Disabled:pcAnywher

                              e Remote Service"
                              "C:\\Program Files\\Common

                              Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common

                              Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
                              "C:\\Program Files\\Common

                              Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common

                              Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
                              "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program

                              Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
                              "%windir%\\Network

                              Diagnostic\\xpnetdiag.exe"="%windir%\\Network

                              Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
                              "C:\\Program Files\\APC\\PowerChute Business

                              Edition\\server\\pbeserver.exe"="C:\\Program

                              Files\\APC\\PowerChute Business

                              Edition\\server\\pbeserver.exe:*:Disabled:PowerChute Business

                              Edition Server"
                              "C:\\Program Files\\Common

                              Files\\AOL\\1170644168\\ee\\aolsoftware.exe"="C:\\Program

                              Files\\Common

                              Files\\AOL\\1170644168\\ee\\aolsoftware.exe:*:Enabled:AOL

                              Shared Components"
                              "C:\\Program Files\\Common

                              Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common

                              Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
                              "C:\\Program Files\\Google\\Google

                              Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google

                              Talk\\googletalk.exe:*:Enabled:Google Talk"
                              "C:\\Program

                              Files\\Symantec\\pcAnywhere\\WINAW32.EXE"="C:\\Program

                              Files\\Symantec\\pcAnywhere\\WINAW32.EXE:*:Disabled:pcAnywher

                              e Main Program"
                              "C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program

                              Files\\AIM6\\aim6.exe:*:Enabled:AIM"
                              "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program

                              Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
                              "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program

                              Files\\Bonjour\\mDNSResponder.exe:*:Disabled:Bonjour"
                              "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program

                              Files\\Skype\\Phone\\Skype.exe:*:Disabled:Skype"
                              "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program

                              Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent"

                              [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shareda

                              ccess\parameters\firewallpolicy\domainprofile\authorizedappli

                              cations\list]
                              "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmg

                              r.exe:*:enabled:@xpsp2res.dll,-22019"
                              "C:\\Program Files\\America Online

                              9.0\\waol.exe"="C:\\Program Files\\America Online

                              9.0\\waol.exe:*:Enabled:America Online 9.0"
                              "C:\\Program Files\\Common

                              Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common

                              Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
                              "C:\\Program Files\\Common

                              Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common

                              Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
                              "%windir%\\Network

                              Diagnostic\\xpnetdiag.exe"="%windir%\\Network

                              Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

                              Remaining Files :


                              File Backups: - C:\SDFix\backups\backups.zip

                              Files with Hidden Attributes :

                              Wed  1 Sep 2004        54,384 A..H. --- "C:\Program

                              Files\America Online 9.0\aolphx.exe"
                              Wed  1 Sep 2004       156,784 A..H. --- "C:\Program

                              Files\America Online 9.0\aoltray.exe"
                              Wed  1 Sep 2004        31,344 A..H. --- "C:\Program

                              Files\America Online 9.0\RBM.exe"
                              Tue 20 May 2008           377 A..H. --- "C:\Program

                              Files\InterActual\InterActual Player\iti705.tmp"
                              Tue 20 May 2008           114 A..H. --- "C:\Program

                              Files\InterActual\InterActual Player\itiAF.tmp"
                              Wed 19 Apr 2006        95,892 A..H. --- "C:\Program

                              Files\Walgreens\Walgreens PhotoShow 4\data\Walgreens

                              PhotoShow Express.exe"
                              Thu  8 May 2008             0 A..H. ---

                              "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8

                              c0d990dc65796\BIT5.tmp"
                              Wed 25 May 2005             8 A..H. --- "C:\Documents and

                              Settings\All Users\Application

                              Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
                              Wed 25 May 2005             8 A..H. --- "C:\Documents and

                              Settings\All Users\Application

                              Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
                              Fri 10 Jun 2005             8 A..H. --- "C:\Documents and

                              Settings\All Users\Application

                              Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp"
                              Fri 10 Jun 2005             8 A..H. --- "C:\Documents and

                              Settings\All Users\Application

                              Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"

                              Finished!



                              DANKK

                                Topic Starter


                                Rookie

                                Re: can't access certain websites
                                « Reply #30 on: June 04, 2008, 11:21:01 PM »
                                I want you to run one more program (if it'll run)...

                                Download SDFix (http://downloads.andymanchesta.com/removaltools/sdfix.exe) and save it to your Desktop.

                                    * Run the SDFix.exe by double clicking on it.
                                    * Allow it to install into the default location which is c:\SDFix
                                    * Now please reboot your computer into Safe Mode:
                                      # After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
                                      # Instead of Windows loading as normal, the Advanced Options Menu should appear;
                                      # Select the first option, to run Windows in Safe Mode, then press Enter.
                                    * When you have booted into safe mode, open the C:\SDFix folder and double click RunThis.bat to start the script.
                                    * Type Y to begin the cleanup process.
                                    * It will remove any Trojan Services or Registry entries found and then prompt you to press any key to Reboot.
                                    * Press any Key and it will restart the PC.
                                    * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
                                    * Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
                                    * Attach the Report.txt file to your next message.

                                SDFix: Version 1.186
                                Run by DAN on Thu 05/29/2008 at 06:40 PM

                                Microsoft Windows XP [Version 5.1.2600]
                                Running From: C:\SDFix

                                Checking Services :


                                Restoring Windows Registry Values
                                Restoring Windows Default Hosts File
                                Restoring Default Desktop Wallpaper

                                Rebooting


                                Checking Files :

                                Trojan Files Found:

                                C:\WINDOWS\system32\000060.exe - Deleted
                                C:\WINDOWS\system32\000090.exe - Deleted
                                C:\WINDOWS\astctl32.ocx  - Deleted
                                C:\WINDOWS\default.htm  - Deleted
                                C:\WINDOWS\hosts  - Deleted
                                C:\WINDOWS\rundll32.vbe  - Deleted
                                C:\WINDOWS\system32\drivers\hosts  - Deleted
                                C:\WINDOWS\system32\hljwugsf.bin  - Deleted
                                C:\WINDOWS\xxxvideo.hta  - Deleted





                                Removing Temp Files

                                ADS Check :
                                 


                                                                 Final Check :

                                catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware

                                detector by Gmer, http://www.gmer.net
                                Rootkit scan 2008-05-29 21:48:00
                                Windows 5.1.2600 Service Pack 2 NTFS

                                scanning hidden processes ...

                                scanning hidden services & system hive ...

                                [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUIL

                                anguages\RCV2\clb.dll]
                                "0"=hex:00,00,28,0a,01,00,05,00
                                "1"=hex:b6,00,b6,eb,2f,6b,03,cb,5a,e8,c3,ac,b9,40,38,e1
                                [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUIL

                                anguages\RCV2\clbcatex.dll]
                                "0"=hex:2a,00,3e,11,0c,00,d1,07
                                "1"=hex:cf,24,2a,85,a4,d7,fe,3c,03,76,96,fe,18,b6,ec,d3
                                [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUIL

                                anguages\RCV2\clbcatq.dll]
                                "0"=hex:2a,00,3e,11,0c,00,d1,07
                                "1"=hex:6a,b7,9d,1d,7d,d8,1d,46,23,79,12,2a,da,6a,19,42
                                [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot

                                \Minimal\vmdesched.sys]
                                @="driver"
                                [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot

                                \Network\vmdesched.sys]
                                @="driver"
                                [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\clbdriv

                                er]
                                "start"=dword:00000001
                                "type"=dword:00000001
                                "imagepath"=str(2):"\??\globalroot\systemroot\system32\driver

                                s\vmdesched.sys"
                                [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILangu

                                ages\RCV2\clb.dll]
                                "0"=hex:00,00,28,0a,01,00,05,00
                                "1"=hex:b6,00,b6,eb,2f,6b,03,cb,5a,e8,c3,ac,b9,40,38,e1
                                [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILangu

                                ages\RCV2\clbcatex.dll]
                                "0"=hex:2a,00,3e,11,0c,00,d1,07
                                "1"=hex:cf,24,2a,85,a4,d7,fe,3c,03,76,96,fe,18,b6,ec,d3
                                [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILangu

                                ages\RCV2\clbcatq.dll]
                                "0"=hex:2a,00,3e,11,0c,00,d1,07
                                "1"=hex:6a,b7,9d,1d,7d,d8,1d,46,23,79,12,2a,da,6a,19,42
                                [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Min

                                imal\vmdesched.sys]
                                @="driver"
                                [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Net

                                work\vmdesched.sys]
                                @="driver"
                                [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\clbdriver]
                                "start"=dword:00000001
                                "type"=dword:00000001
                                "imagepath"=str(2):"\??\globalroot\systemroot\system32\driver

                                s\vmdesched.sys"

                                scanning hidden registry entries ...

                                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

                                NT\CurrentVersion\clbImageData]
                                "affid"="7"
                                "subid"="run04"
                                "control"=hex:1a,00,15,13,07,11,18,1f,14,0a,49,09,4b,1a,09,50

                                ,11,e5,f5
                                "prov"="10010"
                                "googleadserver"="pagead2.googlesyndication.com"
                                "flagged"=dword:00000001
                                [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\

                                Shell

                                Extensions\Approved\{443EA021-5049-9583-E2C5-EC68521FB889}]
                                "famgilbokocb"=hex:68,61,6f,62,6b,61,69,6d,68,61,64,62,6f,6c,

                                62,6b,00,02
                                "famgilbokopa"=hex:68,61,6f,62,6b,61,69,6d,68,61,64,62,6f,6c,

                                62,6b,00,02
                                "faaghhcjldie"=hex:61,61,00,00

                                scanning hidden files ...

                                C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll 110080 bytes

                                executable
                                C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll 498688 bytes

                                executable
                                C:\WINDOWS\system32\drivers\vmdesched.sys 6656 bytes

                                executable
                                C:\WINDOWS\system32\clb.dll 10752 bytes executable
                                C:\WINDOWS\system32\clbcatex.dll 110080 bytes executable
                                C:\WINDOWS\system32\clbcatq.dll 498688 bytes executable
                                C:\WINDOWS\system32\cdosys.dll 31560 bytes executable
                                C:\WINDOWS\system32\clbinit.dll 1695 bytes
                                C:\WINDOWS\system32\dllcache\clb.dll 10752 bytes executable
                                C:\WINDOWS\system32\dllcache\clbcatex.dll 110080 bytes

                                executable
                                C:\WINDOWS\system32\dllcache\clbcatq.dll 498688 bytes

                                executable
                                C:\WINDOWS\$NtUninstallKB902400$\clbcatex.dll 110080 bytes

                                executable
                                C:\WINDOWS\$NtUninstallKB902400$\clbcatq.dll 501248 bytes

                                executable

                                scan completed successfully
                                hidden processes: 0
                                hidden services: 1
                                hidden files: 13


                                Remaining Services :




                                Authorized Application Key Export:

                                [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shareda

                                ccess\parameters\firewallpolicy\standardprofile\authorizedapp

                                lications\list]
                                "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmg

                                r.exe:*:enabled:@xpsp2res.dll,-22019"
                                "C:\\Program Files\\America Online

                                9.0\\waol.exe"="C:\\Program Files\\America Online

                                9.0\\waol.exe:*:Enabled:America Online 9.0"
                                "C:\\Program

                                Files\\Symantec\\pcAnywhere\\AWHOST32.EXE"="C:\\Program

                                Files\\Symantec\\pcAnywhere\\AWHOST32.EXE:*:Disabled:pcAnywhe

                                re Host Service"
                                "C:\\Program

                                Files\\Symantec\\pcAnywhere\\awrem32.exe"="C:\\Program

                                Files\\Symantec\\pcAnywhere\\awrem32.exe:*:Disabled:pcAnywher

                                e Remote Service"
                                "C:\\Program Files\\Common

                                Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common

                                Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
                                "C:\\Program Files\\Common

                                Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common

                                Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
                                "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program

                                Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
                                "%windir%\\Network

                                Diagnostic\\xpnetdiag.exe"="%windir%\\Network

                                Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
                                "C:\\Program Files\\APC\\PowerChute Business

                                Edition\\server\\pbeserver.exe"="C:\\Program

                                Files\\APC\\PowerChute Business

                                Edition\\server\\pbeserver.exe:*:Disabled:PowerChute Business

                                Edition Server"
                                "C:\\Program Files\\Common

                                Files\\AOL\\1170644168\\ee\\aolsoftware.exe"="C:\\Program

                                Files\\Common

                                Files\\AOL\\1170644168\\ee\\aolsoftware.exe:*:Enabled:AOL

                                Shared Components"
                                "C:\\Program Files\\Common

                                Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common

                                Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
                                "C:\\Program Files\\Google\\Google

                                Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google

                                Talk\\googletalk.exe:*:Enabled:Google Talk"
                                "C:\\Program

                                Files\\Symantec\\pcAnywhere\\WINAW32.EXE"="C:\\Program

                                Files\\Symantec\\pcAnywhere\\WINAW32.EXE:*:Disabled:pcAnywher

                                e Main Program"
                                "C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program

                                Files\\AIM6\\aim6.exe:*:Enabled:AIM"
                                "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program

                                Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
                                "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program

                                Files\\Bonjour\\mDNSResponder.exe:*:Disabled:Bonjour"
                                "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program

                                Files\\Skype\\Phone\\Skype.exe:*:Disabled:Skype"
                                "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program

                                Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent"

                                [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shareda

                                ccess\parameters\firewallpolicy\domainprofile\authorizedappli

                                cations\list]
                                "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmg

                                r.exe:*:enabled:@xpsp2res.dll,-22019"
                                "C:\\Program Files\\America Online

                                9.0\\waol.exe"="C:\\Program Files\\America Online

                                9.0\\waol.exe:*:Enabled:America Online 9.0"
                                "C:\\Program Files\\Common

                                Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common

                                Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
                                "C:\\Program Files\\Common

                                Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common

                                Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
                                "%windir%\\Network

                                Diagnostic\\xpnetdiag.exe"="%windir%\\Network

                                Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

                                Remaining Files :


                                File Backups: - C:\SDFix\backups\backups.zip

                                Files with Hidden Attributes :

                                Wed  1 Sep 2004        54,384 A..H. --- "C:\Program

                                Files\America Online 9.0\aolphx.exe"
                                Wed  1 Sep 2004       156,784 A..H. --- "C:\Program

                                Files\America Online 9.0\aoltray.exe"
                                Wed  1 Sep 2004        31,344 A..H. --- "C:\Program

                                Files\America Online 9.0\RBM.exe"
                                Tue 20 May 2008           377 A..H. --- "C:\Program

                                Files\InterActual\InterActual Player\iti705.tmp"
                                Tue 20 May 2008           114 A..H. --- "C:\Program

                                Files\InterActual\InterActual Player\itiAF.tmp"
                                Wed 19 Apr 2006        95,892 A..H. --- "C:\Program

                                Files\Walgreens\Walgreens PhotoShow 4\data\Walgreens

                                PhotoShow Express.exe"
                                Thu  8 May 2008             0 A..H. ---

                                "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8

                                c0d990dc65796\BIT5.tmp"
                                Wed 25 May 2005             8 A..H. --- "C:\Documents and

                                Settings\All Users\Application

                                Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
                                Wed 25 May 2005             8 A..H. --- "C:\Documents and

                                Settings\All Users\Application

                                Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
                                Fri 10 Jun 2005             8 A..H. --- "C:\Documents and

                                Settings\All Users\Application

                                Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp"
                                Fri 10 Jun 2005             8 A..H. --- "C:\Documents and

                                Settings\All Users\Application

                                Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"

                                Finished!




                                any further hope on this before I reformat the harddrrive?

                                fauley

                                • Guest
                                Re: can't access certain websites
                                « Reply #31 on: June 05, 2008, 11:43:46 PM »
                                I had a similar problem, then I found his forum... try checking your "host" file... it worked for me


                                http://www.broadbandreports.com/forum/remark,10186774

                                Broni


                                  Mastermind
                                • Kraków my love :)
                                • Thanked: 614
                                  • Computer Help Forum
                                • Computer: Specs
                                • Experience: Experienced
                                • OS: Windows 8
                                Re: can't access certain websites
                                « Reply #32 on: June 06, 2008, 03:24:12 PM »
                                I lost this thread, somehow. I think, I didn't get any email notification.
                                DANKK, if you're still there, please, update me on your computer status.

                                DANKK

                                  Topic Starter


                                  Rookie

                                  Re: can't access certain websites
                                  « Reply #33 on: June 06, 2008, 06:43:10 PM »
                                  I lost this thread, somehow. I think, I didn't get any email notification.
                                  DANKK, if you're still there, please, update me on your computer status.
                                  I want you to run one more program (if it'll run)...

                                  Download SDFix (http://downloads.andymanchesta.com/removaltools/sdfix.exe) and save it to your Desktop.

                                      * Run the SDFix.exe by double clicking on it.
                                      * Allow it to install into the default location which is c:\SDFix
                                      * Now please reboot your computer into Safe Mode:
                                        # After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
                                        # Instead of Windows loading as normal, the Advanced Options Menu should appear;
                                        # Select the first option, to run Windows in Safe Mode, then press Enter.
                                      * When you have booted into safe mode, open the C:\SDFix folder and double click RunThis.bat to start the script.
                                      * Type Y to begin the cleanup process.
                                      * It will remove any Trojan Services or Registry entries found and then prompt you to press any key to Reboot.
                                      * Press any Key and it will restart the PC.
                                      * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
                                      * Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
                                      * Attach the Report.txt file to your next message.


                                  SDFix: Version 1.186
                                  Run by DAN on Thu 05/29/2008 at 06:40 PM

                                  Microsoft Windows XP [Version 5.1.2600]
                                  Running From: C:\SDFix

                                  Checking Services :


                                  Restoring Windows Registry Values
                                  Restoring Windows Default Hosts File
                                  Restoring Default Desktop Wallpaper

                                  Rebooting


                                  Checking Files :

                                  Trojan Files Found:

                                  C:\WINDOWS\system32\000060.exe - Deleted
                                  C:\WINDOWS\system32\000090.exe - Deleted
                                  C:\WINDOWS\astctl32.ocx  - Deleted
                                  C:\WINDOWS\default.htm  - Deleted
                                  C:\WINDOWS\hosts  - Deleted
                                  C:\WINDOWS\rundll32.vbe  - Deleted
                                  C:\WINDOWS\system32\drivers\hosts  - Deleted
                                  C:\WINDOWS\system32\hljwugsf.bin  - Deleted
                                  C:\WINDOWS\xxxvideo.hta  - Deleted





                                  Removing Temp Files

                                  ADS Check :
                                   


                                                                   Final Check :

                                  catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware

                                  detector by Gmer, http://www.gmer.net
                                  Rootkit scan 2008-05-29 21:48:00
                                  Windows 5.1.2600 Service Pack 2 NTFS

                                  scanning hidden processes ...

                                  scanning hidden services & system hive ...

                                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUIL

                                  anguages\RCV2\clb.dll]
                                  "0"=hex:00,00,28,0a,01,00,05,00
                                  "1"=hex:b6,00,b6,eb,2f,6b,03,cb,5a,e8,c3,ac,b9,40,38,e1
                                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUIL

                                  anguages\RCV2\clbcatex.dll]
                                  "0"=hex:2a,00,3e,11,0c,00,d1,07
                                  "1"=hex:cf,24,2a,85,a4,d7,fe,3c,03,76,96,fe,18,b6,ec,d3
                                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUIL

                                  anguages\RCV2\clbcatq.dll]
                                  "0"=hex:2a,00,3e,11,0c,00,d1,07
                                  "1"=hex:6a,b7,9d,1d,7d,d8,1d,46,23,79,12,2a,da,6a,19,42
                                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot

                                  \Minimal\vmdesched.sys]
                                  @="driver"
                                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot

                                  \Network\vmdesched.sys]
                                  @="driver"
                                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\clbdriv

                                  er]
                                  "start"=dword:00000001
                                  "type"=dword:00000001
                                  "imagepath"=str(2):"\??\globalroot\systemroot\system32\driver

                                  s\vmdesched.sys"
                                  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILangu

                                  ages\RCV2\clb.dll]
                                  "0"=hex:00,00,28,0a,01,00,05,00
                                  "1"=hex:b6,00,b6,eb,2f,6b,03,cb,5a,e8,c3,ac,b9,40,38,e1
                                  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILangu

                                  ages\RCV2\clbcatex.dll]
                                  "0"=hex:2a,00,3e,11,0c,00,d1,07
                                  "1"=hex:cf,24,2a,85,a4,d7,fe,3c,03,76,96,fe,18,b6,ec,d3
                                  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILangu

                                  ages\RCV2\clbcatq.dll]
                                  "0"=hex:2a,00,3e,11,0c,00,d1,07
                                  "1"=hex:6a,b7,9d,1d,7d,d8,1d,46,23,79,12,2a,da,6a,19,42
                                  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Min

                                  imal\vmdesched.sys]
                                  @="driver"
                                  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Net

                                  work\vmdesched.sys]
                                  @="driver"
                                  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\clbdriver]
                                  "start"=dword:00000001
                                  "type"=dword:00000001
                                  "imagepath"=str(2):"\??\globalroot\systemroot\system32\driver

                                  s\vmdesched.sys"

                                  scanning hidden registry entries ...

                                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

                                  NT\CurrentVersion\clbImageData]
                                  "affid"="7"
                                  "subid"="run04"
                                  "control"=hex:1a,00,15,13,07,11,18,1f,14,0a,49,09,4b,1a,09,50

                                  ,11,e5,f5
                                  "prov"="10010"
                                  "googleadserver"="pagead2.googlesyndication.com"
                                  "flagged"=dword:00000001
                                  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\

                                  Shell

                                  Extensions\Approved\{443EA021-5049-9583-E2C5-EC68521FB889}]
                                  "famgilbokocb"=hex:68,61,6f,62,6b,61,69,6d,68,61,64,62,6f,6c,

                                  62,6b,00,02
                                  "famgilbokopa"=hex:68,61,6f,62,6b,61,69,6d,68,61,64,62,6f,6c,

                                  62,6b,00,02
                                  "faaghhcjldie"=hex:61,61,00,00

                                  scanning hidden files ...

                                  C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll 110080 bytes

                                  executable
                                  C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll 498688 bytes

                                  executable
                                  C:\WINDOWS\system32\drivers\vmdesched.sys 6656 bytes

                                  executable
                                  C:\WINDOWS\system32\clb.dll 10752 bytes executable
                                  C:\WINDOWS\system32\clbcatex.dll 110080 bytes executable
                                  C:\WINDOWS\system32\clbcatq.dll 498688 bytes executable
                                  C:\WINDOWS\system32\cdosys.dll 31560 bytes executable
                                  C:\WINDOWS\system32\clbinit.dll 1695 bytes
                                  C:\WINDOWS\system32\dllcache\clb.dll 10752 bytes executable
                                  C:\WINDOWS\system32\dllcache\clbcatex.dll 110080 bytes

                                  executable
                                  C:\WINDOWS\system32\dllcache\clbcatq.dll 498688 bytes

                                  executable
                                  C:\WINDOWS\$NtUninstallKB902400$\clbcatex.dll 110080 bytes

                                  executable
                                  C:\WINDOWS\$NtUninstallKB902400$\clbcatq.dll 501248 bytes

                                  executable

                                  scan completed successfully
                                  hidden processes: 0
                                  hidden services: 1
                                  hidden files: 13


                                  Remaining Services :




                                  Authorized Application Key Export:

                                  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shareda

                                  ccess\parameters\firewallpolicy\standardprofile\authorizedapp

                                  lications\list]
                                  "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmg

                                  r.exe:*:enabled:@xpsp2res.dll,-22019"
                                  "C:\\Program Files\\America Online

                                  9.0\\waol.exe"="C:\\Program Files\\America Online

                                  9.0\\waol.exe:*:Enabled:America Online 9.0"
                                  "C:\\Program

                                  Files\\Symantec\\pcAnywhere\\AWHOST32.EXE"="C:\\Program

                                  Files\\Symantec\\pcAnywhere\\AWHOST32.EXE:*:Disabled:pcAnywhe

                                  re Host Service"
                                  "C:\\Program

                                  Files\\Symantec\\pcAnywhere\\awrem32.exe"="C:\\Program

                                  Files\\Symantec\\pcAnywhere\\awrem32.exe:*:Disabled:pcAnywher

                                  e Remote Service"
                                  "C:\\Program Files\\Common

                                  Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common

                                  Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
                                  "C:\\Program Files\\Common

                                  Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common

                                  Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
                                  "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program

                                  Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
                                  "%windir%\\Network

                                  Diagnostic\\xpnetdiag.exe"="%windir%\\Network

                                  Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
                                  "C:\\Program Files\\APC\\PowerChute Business

                                  Edition\\server\\pbeserver.exe"="C:\\Program

                                  Files\\APC\\PowerChute Business

                                  Edition\\server\\pbeserver.exe:*:Disabled:PowerChute Business

                                  Edition Server"
                                  "C:\\Program Files\\Common

                                  Files\\AOL\\1170644168\\ee\\aolsoftware.exe"="C:\\Program

                                  Files\\Common

                                  Files\\AOL\\1170644168\\ee\\aolsoftware.exe:*:Enabled:AOL

                                  Shared Components"
                                  "C:\\Program Files\\Common

                                  Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common

                                  Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
                                  "C:\\Program Files\\Google\\Google

                                  Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google

                                  Talk\\googletalk.exe:*:Enabled:Google Talk"
                                  "C:\\Program

                                  Files\\Symantec\\pcAnywhere\\WINAW32.EXE"="C:\\Program

                                  Files\\Symantec\\pcAnywhere\\WINAW32.EXE:*:Disabled:pcAnywher

                                  e Main Program"
                                  "C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program

                                  Files\\AIM6\\aim6.exe:*:Enabled:AIM"
                                  "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program

                                  Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
                                  "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program

                                  Files\\Bonjour\\mDNSResponder.exe:*:Disabled:Bonjour"
                                  "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program

                                  Files\\Skype\\Phone\\Skype.exe:*:Disabled:Skype"
                                  "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program

                                  Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent"

                                  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shareda

                                  ccess\parameters\firewallpolicy\domainprofile\authorizedappli

                                  cations\list]
                                  "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmg

                                  r.exe:*:enabled:@xpsp2res.dll,-22019"
                                  "C:\\Program Files\\America Online

                                  9.0\\waol.exe"="C:\\Program Files\\America Online

                                  9.0\\waol.exe:*:Enabled:America Online 9.0"
                                  "C:\\Program Files\\Common

                                  Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common

                                  Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
                                  "C:\\Program Files\\Common

                                  Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common

                                  Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
                                  "%windir%\\Network

                                  Diagnostic\\xpnetdiag.exe"="%windir%\\Network

                                  Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

                                  Remaining Files :


                                  File Backups: - C:\SDFix\backups\backups.zip

                                  Files with Hidden Attributes :

                                  Wed  1 Sep 2004        54,384 A..H. --- "C:\Program

                                  Files\America Online 9.0\aolphx.exe"
                                  Wed  1 Sep 2004       156,784 A..H. --- "C:\Program

                                  Files\America Online 9.0\aoltray.exe"
                                  Wed  1 Sep 2004        31,344 A..H. --- "C:\Program

                                  Files\America Online 9.0\RBM.exe"
                                  Tue 20 May 2008           377 A..H. --- "C:\Program

                                  Files\InterActual\InterActual Player\iti705.tmp"
                                  Tue 20 May 2008           114 A..H. --- "C:\Program

                                  Files\InterActual\InterActual Player\itiAF.tmp"
                                  Wed 19 Apr 2006        95,892 A..H. --- "C:\Program

                                  Files\Walgreens\Walgreens PhotoShow 4\data\Walgreens

                                  PhotoShow Express.exe"
                                  Thu  8 May 2008             0 A..H. ---

                                  "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8

                                  c0d990dc65796\BIT5.tmp"
                                  Wed 25 May 2005             8 A..H. --- "C:\Documents and

                                  Settings\All Users\Application

                                  Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
                                  Wed 25 May 2005             8 A..H. --- "C:\Documents and

                                  Settings\All Users\Application

                                  Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
                                  Fri 10 Jun 2005             8 A..H. --- "C:\Documents and

                                  Settings\All Users\Application

                                  Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp"
                                  Fri 10 Jun 2005             8 A..H. --- "C:\Documents and

                                  Settings\All Users\Application

                                  Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"

                                  Finished!



                                  Broni


                                    Mastermind
                                  • Kraków my love :)
                                  • Thanked: 614
                                    • Computer Help Forum
                                  • Computer: Specs
                                  • Experience: Experienced
                                  • OS: Windows 8
                                  Re: can't access certain websites
                                  « Reply #34 on: June 06, 2008, 11:18:22 PM »
                                  How is your computer doing?

                                  DANKK

                                    Topic Starter


                                    Rookie

                                    Re: can't access certain websites
                                    « Reply #35 on: June 07, 2008, 12:21:51 AM »
                                    How is your computer doing?
                                    [/quote

                                    still the same. can't access some sites. some of them takes me to differnet sites.

                                    Broni


                                      Mastermind
                                    • Kraków my love :)
                                    • Thanked: 614
                                      • Computer Help Forum
                                    • Computer: Specs
                                    • Experience: Experienced
                                    • OS: Windows 8
                                    Re: can't access certain websites
                                    « Reply #36 on: June 07, 2008, 02:56:03 PM »
                                    See, if Malwarebytes will run now.