can't access certain websites

[Broni]

some sites take me to wrong sites, eg, norton.com take me findcheapairlines.com

Print these instructions out.

1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Under "Configuration and Preferences", click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
          o Close browsers before scanning.
          o Scan for tracking cookies.
          o Terminate memory threats before quarantining.
    * Click the "Close" button to leave the control center screen.
    * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under "Complete Scan", choose Perform Complete Scan.
    * Click "Next" to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    * Make sure everything has a checkmark next to it and click "Next".
    * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    * If asked if you want to reboot, click "Yes".
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
          o Click Preferences, then click the Statistics/Logs tab.
          o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
          o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
          o Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
Post SUPERAntiSpyware log.

RESTART COMPUTER!

2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

3. Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html
Post HijackThis log.

[DANKK]

some sites take me to wrong sites, eg, norton.com take me findcheapairlines.com

Print these instructions out.

1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Under "Configuration and Preferences", click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
          o Close browsers before scanning.
          o Scan for tracking cookies.
          o Terminate memory threats before quarantining.
    * Click the "Close" button to leave the control center screen.
    * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under "Complete Scan", choose Perform Complete Scan.
    * Click "Next" to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    * Make sure everything has a checkmark next to it and click "Next".
    * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    * If asked if you want to reboot, click "Yes".
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
          o Click Preferences, then click the Statistics/Logs tab.
          o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
          o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
          o Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
Post SUPERAntiSpyware log.

RESTART COMPUTER!

2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

3. Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html
Post HijackThis log.

It is not  letting me access any of these these sites.

[Broni]

Download those programs on other computer, and move them to yours by CD, USB stick, or so.

[DANKK]

some sites take me to wrong sites, eg, norton.com take me findcheapairlines.com

Print these instructions out.

1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Under "Configuration and Preferences", click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
          o Close browsers before scanning.
          o Scan for tracking cookies.
          o Terminate memory threats before quarantining.
    * Click the "Close" button to leave the control center screen.
    * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under "Complete Scan", choose Perform Complete Scan.
    * Click "Next" to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    * Make sure everything has a checkmark next to it and click "Next".
    * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    * If asked if you want to reboot, click "Yes".
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
          o Click Preferences, then click the Statistics/Logs tab.
          o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
          o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
          o Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
Post SUPERAntiSpyware log.

RESTART COMPUTER!

2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

3. Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html
Post HijackThis log.

It is not  letting me access any of these these sites.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/25/2008 at 04:00 PM

Application Version : 4.1.1046

Core Rules Database Version : 3459
Trace Rules Database Version: 1450

Scan type       : Complete Scan
Total Scan Time : 02:33:11

Memory items scanned      : 245
Memory threats detected   : 0
Registry items scanned    : 6076
Registry threats detected : 0
File items scanned        : 102684
File threats detected     : 61

Adware.Tracking Cookie
   C:\Documents and Settings\DAN\Cookies\[email protected][1].txt
   C:\Documents and Settings\DAN\Cookies\[email protected][1].txt
   C:\Documents and Settings\DAN\Cookies\[email protected][1].txt
   C:\Documents and Settings\DAN\Cookies\dan@overture[1].txt
   C:\Documents and Settings\DAN\Cookies\[email protected][2].txt
   C:\Documents and Settings\DAN\Cookies\[email protected][1].txt
   C:\Documents and Settings\DAN\Cookies\dan@questionmarket[2].txt
   C:\Documents and Settings\DAN\Cookies\dan@revsci[1].txt
   C:\Documents and Settings\DAN\Cookies\dan@insightexpressai[1].txt
   C:\Documents and Settings\DAN\Cookies\[email protected][1].txt
   C:\Documents and Settings\DAN\Cookies\dan@dealtime[1].txt
   C:\Documents and Settings\DAN\Cookies\dan@tacoda[1].txt
   C:\Documents and Settings\DAN\Cookies\[email protected][1].txt
   C:\Documents and Settings\DAN\Cookies\dan@doubleclick[1].txt
   C:\Documents and Settings\DAN\Cookies\dan@apmebf[1].txt
   C:\Documents and Settings\DAN\Cookies\dan@tribalfusion[1].txt
   C:\Documents and Settings\DAN\Cookies\dan@atdmt[1].txt
   C:\Documents and Settings\DAN\Cookies\dan@atwola[1].txt
   C:\Documents and Settings\DAN\Cookies\dan@advertising[2].txt
   C:\Documents and Settings\DAN\Cookies\dan@mediaplex[1].txt
   C:\Documents and Settings\DAN\Cookies\dan@revenue[1].txt
   C:\Documents and Settings\DAN\Cookies\[email protected][1].txt
   C:\Documents and Settings\DAN\Cookies\dan@fastclick[1].txt
   C:\Documents and Settings\DAN\Cookies\dan@adrevolver[2].txt
   C:\Documents and Settings\DAN\Cookies\[email protected][2].txt
   C:\Documents and Settings\DAN\Cookies\dan@enhance[2].txt
   C:\Documents and Settings\DAN\Cookies\[email protected][1].txt

Trojan.Downloader-Gen/JLove
   C:\DOCUMENTS AND SETTINGS\DAN\MY DOCUMENTS\SCURIT~1\RUNDLL.EXE

Adware.ClickSpring
   C:\PROGRAM FILES\COMMON FILES\STEM32~1\WOWEXEC.EXE

Trojan.Fake-Drop/Gen
   C:\WINDOWS\ACCESSS.EXE
   C:\WINDOWS\CLRSSN.EXE
   C:\WINDOWS\CPAN.DLL
   C:\WINDOWS\CTFMON32.EXE
   C:\WINDOWS\DIRECTX32.EXE
   C:\WINDOWS\DNSRELAY.DLL
   C:\WINDOWS\EXPLORER32.EXE
   C:\WINDOWS\FUNNIEST.EXE
   C:\WINDOWS\FUNNY.EXE
   C:\WINDOWS\GFMNAAA.DLL
   C:\WINDOWS\HELPCVS.EXE
   C:\WINDOWS\INETINF.EXE
   C:\WINDOWS\MSSPI.DLL
   C:\WINDOWS\MSWSC10.DLL
   C:\WINDOWS\MSWSC20.DLL
   C:\WINDOWS\MTWIRL32.DLL
   C:\WINDOWS\SEARCHWORD.DLL
   C:\WINDOWS\SVCINIT.EXE
   C:\WINDOWS\TIME.EXE
   C:\WINDOWS\USERS32.EXE
   C:\WINDOWS\WIN32E.EXE
   C:\WINDOWS\WIN64.EXE
   C:\WINDOWS\WINAJBM.DLL
   C:\WINDOWS\WINMGNT.EXE
   C:\WINDOWS\X.EXE
   C:\WINDOWS\XPLUGIN.DLL
   C:\WINDOWS\Y.EXE

Trojan.Downloader-Systeem
   C:\WINDOWS\SYSTEEM.EXE

Trojan.Unknown Origin
   C:\WINDOWS\SYSTEM32\CFCWROUV.EXE
   C:\WINDOWS\SYSTEM32\MSKLMUDP.EXE
   C:\WINDOWS\SYSTEM32\UURDJLKH.EXE

Trojan.Downloader-SystemCritcial/Fake Alert
   C:\WINDOWS\SYSTEMCRITICAL.EXE


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:26 PM, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Documents and Settings\DAN\Application Data\Microsoft\dtsc\26074.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\PROGRA~1\APC\POWERC~1\server\PBESER~1.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\DAN\Application Data\Microsoft\dtsc\26074.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://goldenram.com/upgradedetect/upgradedetect.cab?9218
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) - http://www.investors.com/member/ocx/plotwon.ocx
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: nnnljkLe - nnnljkLe.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: APC PBE Server (APCPBEServer) - APC - C:\PROGRA~1\APC\POWERC~1\server\PBESER~1.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Action Script - Unknown owner - C:\WINDOWS\system32\scvhost.exe (file missing)
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: (no name) - http://www.luxurytoursofindia.com/images/kerala2.jpg

--
End of file - 8279 bytes



It is not letting me  install the second program " mbam-setup.exe". I have it on the desktop. It doesn't open.

[Broni]

Malwarebytes log is missing...

[DANKK]

Malwarebytes log is missing...

It is not running. When I double click on the setup icon nothing happens. I try to run different way, but no luck.

[Broni]

Maybe bad download. Try to download it again.

[DANKK]

Maybe bad download. Try to download it again.

I  did from two different computers. It works fine where it was copied. I copied to this machine from that, but it is not letting
me run on this. And I cannot download straight to this machine, because I can't access that site.
Any suggestions?

[Broni]

Let me check your HJT log....

[Broni]

I see some services of McAfee running. What do you have there from McAfee? Is it antivirus, and firewall?

[Broni]

I'm off to bed, so we'll have to continue tomorrow...

[DANKK]

I see some services of McAfee running. What do you have there from McAfee? Is it antivirus, and firewall?

It is antivirus. I doesn't run anymore.  Something is blocking all these from running.

[Broni]

It is antivirus. I doesn't run anymore.  Something is blocking all these from running.

That explains your HJT log listings. Is Windows firewall on?
I'll check HJT log.

[Broni]

I want you to run one more program (if it'll run)...

Download SDFix (http://downloads.andymanchesta.com/removaltools/sdfix.exe) and save it to your Desktop.

    * Run the SDFix.exe by double clicking on it.
    * Allow it to install into the default location which is c:\SDFix
    * Now please reboot your computer into Safe Mode:
      # After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
      # Instead of Windows loading as normal, the Advanced Options Menu should appear;
      # Select the first option, to run Windows in Safe Mode, then press Enter.
    * When you have booted into safe mode, open the C:\SDFix folder and double click RunThis.bat to start the script.
    * Type Y to begin the cleanup process.
    * It will remove any Trojan Services or Registry entries found and then prompt you to press any key to Reboot.
    * Press any Key and it will restart the PC.
    * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    * Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
    * Attach the Report.txt file to your next message.

[DANKK]

I want you to run one more program (if it'll run)...

Download SDFix (http://downloads.andymanchesta.com/removaltools/sdfix.exe) and save it to your Desktop.

    * Run the SDFix.exe by double clicking on it.
    * Allow it to install into the default location which is c:\SDFix
    * Now please reboot your computer into Safe Mode:
      # After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
      # Instead of Windows loading as normal, the Advanced Options Menu should appear;
      # Select the first option, to run Windows in Safe Mode, then press Enter.
    * When you have booted into safe mode, open the C:\SDFix folder and double click RunThis.bat to start the script.
    * Type Y to begin the cleanup process.
    * It will remove any Trojan Services or Registry entries found and then prompt you to press any key to Reboot.
    * Press any Key and it will restart the PC.
    * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    * Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
    * Attach the Report.txt file to your next message.

SDFix: Version 1.186
Run by DAN on Thu 05/29/2008 at 06:40 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Desktop Wallpaper

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\000060.exe - Deleted
C:\WINDOWS\system32\000090.exe - Deleted
C:\WINDOWS\astctl32.ocx  - Deleted
C:\WINDOWS\default.htm  - Deleted
C:\WINDOWS\hosts  - Deleted
C:\WINDOWS\rundll32.vbe  - Deleted
C:\WINDOWS\system32\drivers\hosts  - Deleted
C:\WINDOWS\system32\hljwugsf.bin  - Deleted
C:\WINDOWS\xxxvideo.hta  - Deleted





Removing Temp Files

ADS Check :
 


                                 Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware

detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 21:48:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUIL

anguages\RCV2\clb.dll]
"0"=hex:00,00,28,0a,01,00,05,00
"1"=hex:b6,00,b6,eb,2f,6b,03,cb,5a,e8,c3,ac,b9,40,38,e1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUIL

anguages\RCV2\clbcatex.dll]
"0"=hex:2a,00,3e,11,0c,00,d1,07
"1"=hex:cf,24,2a,85,a4,d7,fe,3c,03,76,96,fe,18,b6,ec,d3
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUIL

anguages\RCV2\clbcatq.dll]
"0"=hex:2a,00,3e,11,0c,00,d1,07
"1"=hex:6a,b7,9d,1d,7d,d8,1d,46,23,79,12,2a,da,6a,19,42
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot

\Minimal\vmdesched.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot

\Network\vmdesched.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\clbdriv

er]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\??\globalroot\systemroot\system32\driver

s\vmdesched.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILangu

ages\RCV2\clb.dll]
"0"=hex:00,00,28,0a,01,00,05,00
"1"=hex:b6,00,b6,eb,2f,6b,03,cb,5a,e8,c3,ac,b9,40,38,e1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILangu

ages\RCV2\clbcatex.dll]
"0"=hex:2a,00,3e,11,0c,00,d1,07
"1"=hex:cf,24,2a,85,a4,d7,fe,3c,03,76,96,fe,18,b6,ec,d3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILangu

ages\RCV2\clbcatq.dll]
"0"=hex:2a,00,3e,11,0c,00,d1,07
"1"=hex:6a,b7,9d,1d,7d,d8,1d,46,23,79,12,2a,da,6a,19,42
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Min

imal\vmdesched.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Net

work\vmdesched.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\clbdriver]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\??\globalroot\systemroot\system32\driver

s\vmdesched.sys"

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\clbImageData]
"affid"="7"
"subid"="run04"
"control"=hex:1a,00,15,13,07,11,18,1f,14,0a,49,09,4b,1a,09,50

,11,e5,f5
"prov"="10010"
"googleadserver"="pagead2.googlesyndication.com"
"flagged"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\

Shell

Extensions\Approved\{443EA021-5049-9583-E2C5-EC68521FB889}]
"famgilbokocb"=hex:68,61,6f,62,6b,61,69,6d,68,61,64,62,6f,6c,

62,6b,00,02
"famgilbokopa"=hex:68,61,6f,62,6b,61,69,6d,68,61,64,62,6f,6c,

62,6b,00,02
"faaghhcjldie"=hex:61,61,00,00

scanning hidden files ...

C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll 110080 bytes

executable
C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll 498688 bytes

executable
C:\WINDOWS\system32\drivers\vmdesched.sys 6656 bytes

executable
C:\WINDOWS\system32\clb.dll 10752 bytes executable
C:\WINDOWS\system32\clbcatex.dll 110080 bytes executable
C:\WINDOWS\system32\clbcatq.dll 498688 bytes executable
C:\WINDOWS\system32\cdosys.dll 31560 bytes executable
C:\WINDOWS\system32\clbinit.dll 1695 bytes
C:\WINDOWS\system32\dllcache\clb.dll 10752 bytes executable
C:\WINDOWS\system32\dllcache\clbcatex.dll 110080 bytes

executable
C:\WINDOWS\system32\dllcache\clbcatq.dll 498688 bytes

executable
C:\WINDOWS\$NtUninstallKB902400$\clbcatex.dll 110080 bytes

executable
C:\WINDOWS\$NtUninstallKB902400$\clbcatq.dll 501248 bytes

executable

scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 13


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shareda

ccess\parameters\firewallpolicy\standardprofile\authorizedapp

lications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmg

r.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online

9.0\\waol.exe"="C:\\Program Files\\America Online

9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program

Files\\Symantec\\pcAnywhere\\AWHOST32.EXE"="C:\\Program

Files\\Symantec\\pcAnywhere\\AWHOST32.EXE:*:Disabled:pcAnywhe

re Host Service"
"C:\\Program

Files\\Symantec\\pcAnywhere\\awrem32.exe"="C:\\Program

Files\\Symantec\\pcAnywhere\\awrem32.exe:*:Disabled:pcAnywher

e Remote Service"
"C:\\Program Files\\Common

Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common

Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common

Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common

Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program

Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network

Diagnostic\\xpnetdiag.exe"="%windir%\\Network

Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\APC\\PowerChute Business

Edition\\server\\pbeserver.exe"="C:\\Program

Files\\APC\\PowerChute Business

Edition\\server\\pbeserver.exe:*:Disabled:PowerChute Business

Edition Server"
"C:\\Program Files\\Common

Files\\AOL\\1170644168\\ee\\aolsoftware.exe"="C:\\Program

Files\\Common

Files\\AOL\\1170644168\\ee\\aolsoftware.exe:*:Enabled:AOL

Shared Components"
"C:\\Program Files\\Common

Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common

Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Google\\Google

Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google

Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program

Files\\Symantec\\pcAnywhere\\WINAW32.EXE"="C:\\Program

Files\\Symantec\\pcAnywhere\\WINAW32.EXE:*:Disabled:pcAnywher

e Main Program"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program

Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program

Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program

Files\\Bonjour\\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program

Files\\Skype\\Phone\\Skype.exe:*:Disabled:Skype"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program

Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shareda

ccess\parameters\firewallpolicy\domainprofile\authorizedappli

cations\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmg

r.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online

9.0\\waol.exe"="C:\\Program Files\\America Online

9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Common

Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common

Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common

Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common

Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"%windir%\\Network

Diagnostic\\xpnetdiag.exe"="%windir%\\Network

Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed  1 Sep 2004        54,384 A..H. --- "C:\Program

Files\America Online 9.0\aolphx.exe"
Wed  1 Sep 2004       156,784 A..H. --- "C:\Program

Files\America Online 9.0\aoltray.exe"
Wed  1 Sep 2004        31,344 A..H. --- "C:\Program

Files\America Online 9.0\RBM.exe"
Tue 20 May 2008           377 A..H. --- "C:\Program

Files\InterActual\InterActual Player\iti705.tmp"
Tue 20 May 2008           114 A..H. --- "C:\Program

Files\InterActual\InterActual Player\itiAF.tmp"
Wed 19 Apr 2006        95,892 A..H. --- "C:\Program

Files\Walgreens\Walgreens PhotoShow 4\data\Walgreens

PhotoShow Express.exe"
Thu  8 May 2008             0 A..H. ---

"C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8

c0d990dc65796\BIT5.tmp"
Wed 25 May 2005             8 A..H. --- "C:\Documents and

Settings\All Users\Application

Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Wed 25 May 2005             8 A..H. --- "C:\Documents and

Settings\All Users\Application

Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Fri 10 Jun 2005             8 A..H. --- "C:\Documents and

Settings\All Users\Application

Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp"
Fri 10 Jun 2005             8 A..H. --- "C:\Documents and

Settings\All Users\Application

Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"

Finished!