Posts by kylethedarkn

The Nav Bar at the top seems a little messed up in Firefox. When you hover over one of the links all of the links to the left of it change to underneath it and blink. Very annoying, unless of course its for the feel of the website. :)

is

<table align="center">

Not standard anymore? Because thats always worked in both browsers for me. Assuming all the content is inside one main table.

Glad to hear it. If everythings back to normal then you can mark this thread as solved.(Theres a link under this post)

Please make sure you've done this and look again.

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

If you've done that and they still aren't there then HJT deleted them. Also are you still getting pop-ups?

You have a few infection on your computer so lets get rid of em.

First of all open task manager(alt+ctrl+del), click the processes tab and end the following processes.

QdrModule9.exe
QdrPack9.exe
w?wexec.exe
tracert.exe

After you've done that run HiJackThis again and this time place a check mark in the boxes next to the following.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - C:\Program Files\QdrDrive\QdrDrive8.dll (file missing)
O2 - BHO: (no name) - {948DA530-61AC-422C-D25F-31E676835F9B} - C:\WINDOWS\system32\npbjnrk.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKCU\..\Run: [Cpni] "C:\WINDOWS\system32\CROSOF~1\tracert.exe" -vt yazb
O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKCU\..\Run: [QdrPack9] "C:\Program Files\QdrPack\QdrPack9.exe"
O4 - HKCU\..\Run: [Aggnesk] C:\WINDOWS\W?nSxS\w?wexec.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Santana\Application Data\WinTouch\WinTouch.exe
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab

Now click "fix checked"

Now open control panel and then add/remove programs and remove the following.

WinTouch

Now use My Computer to delete the following files/folders.

C:\Program Files\QdrModule\
C:\Program Files\QdrPack\
C:\Documents and Settings\Santana\Application Data\WinTouch\
C:\WINDOWS\system32\CROSOF~1\
C:\WINDOWS\system32\npbjnrk.dll

Now run Hjt again and post a new log, so I can make sure all that worked.

Please look at the stickies and download the lastest version of HiJackThis and run a scan. Save the log and then copy and paste it here.

Your infected with Virtumondo. Please do the folloiwng.

Please download VundoFix.exe to your desktop.

* Double-click VundoFix.exe to run it.
* Click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will shutdown your computer, click OK.
* Turn your computer back on.
* Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Get rid of Norton, it is by far the worst virus protection availible. Here is a link to a page with the removal tool.(Because you can't uninstall norton without it, weird huh?)

I recommend you get either Mcafee(Which costs some money, unless you have comcast) or AVG(Which has a free version that is just as good as the money version it just doesn't have some of the extra perks), though there are many other choices out there.

Also that dll doesn't appear to be a legit windows dll or any other legit source. So I would recommend doing this.

Run HiJackThis and place a checkmark in the box next to the following.

O4 - HKLM\..\Run: [b4bda793] rundll32.exe "C:\WINDOWS\system32\mknmhunf.dll",b

Now click "fix checked"

Now using my computer delete the following file.

C:\WINDOWS\system32\mknmhunf.dll

That should fix everything up. :)

Nice Find! Now Combofix is working again so I'd like you to run it just to make sure everything is gone. Just to let you know it restarts your computer so don't freak out.

Please download Combofix.exe from here to your desktop. Double click it to run and and when prompted type 1 and enter. Now DO NOT touch the mouse or keyboard until the scan is done completely. It should finish shortly after it restarts the computer. After its done it will open up notepad, copy and paste the contents here in your next post.

Combofix and Deckards system scanner are similar, but combofix deletes problem files automatically and dss does not. It also has the abitlity to delete files.

Also you have entries in your hosts file that were created by this trojan, so you should use hjt this to fix that. To do this run hjt and select "open misc tools section" and then click on "Open hosts file manager"
Now select the bogus entries by click on them and then click delete line. (The ones you should delete will be pretty obvious...if youve never seen the site thats listed delete the line)

Not a good thing. Hmm, I really wish combofix was working...oh well. the only thing that the scan found before it was interrupted was what appears to be a crack.

If you didn't download this on purpose then delete it immediately.

Heres the file in question.

C:\Documents and Settings\dis0003\My Documents\WPA\aircrack-ng-0.6.2-win\bin\airodump-ng.exe

If you didn't put that there delete it.

Since Combofix is down lets try this.

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your thread in your next post
5. Please attach extra.txt to your next post do not copy and paste it.
*To attach click the icon above this text box that looks like a paperclip. Then click browse and navigate to extra.txt and select it, then hit upload. You can then close the pop up window.

What DSS will do:

* create a new System Restore point in Windows XP and Vista.
* clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all …

Ah, now I see what that was. You need to restart your computer for SpywareBot to be removed completely so do that now.

When your done with that I would like you to run a scan with PandaActiveScan.

After its done scanning, which may take awhile, save the log and post it here.

Ok so somehow since your last log you've goten infected with Adware.Win32.SpywareBot.

So heres what I'm gonna have you do. You might want to write down the following directions as the internet will be unavailible during safe mode.

Boot into safe by restarting your computer and tapping F8. Then use the arrow keys to select safe mode and hit enter.

Now once in safe mode delete the following folder.

C:\Program Files\SpywareBot

Reboot back to normal mode and run HJT again. Post the new log here. Also is explorer.exe still messed up after doing this?

I would love to have you download combo fix and use that to give me a more in depth scan to work with, but unfortunetly its not working right now, so lets do something a little bold and just have you run some programs for what you might have.

First, Please download VundoFix.exe to your desktop.

* Double-click VundoFix.exe to run it.
* Put a check next to Run VundoFix as a task.
* You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
* When VundoFix re-opens, click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will shutdown your computer, click OK.
* Turn your computer back on.
* Please post the contents of C:\vundofix.txt

And the code if you want it.

Second, Download SmitfraudFix (by S!Ri)
- Extract the content (a folder named SmitfraudFix) to your Desktop.
- Run Smitfraud fix and when prompted select option 1. This should pop up a notepad document at the end, save that and post it in you next post.

Finally, rename HJT to something random …

Ok lemme take a crack at this one. Bare with me its been awhile since my last hjt log.

Ok first run hjt and place a checkmark in the box next to the following.

O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

Now close all other windows and hit fix checked.

Ok now open task manager(hit alt+ctrl+del at the same time) and end the process flashget.exe

Now go to control panel>add/remove programs and look for flashget or anything similar and uninstall them.

Now open My Computer and navagate to C:\Program Files\ and delete the flashget folder.

Now scan with HJT again and post the new log here. Also tell me if your still having problems.

Hmm. Well on my comp the back up CD works like the windows CD for repairing and such. Have you tried to use the backup CD for the repair,if not then try it. One option would be to get a floppy drive and attach it to your computer but that would cost some cash so that wouldn't be the best. Also have you tried booting into safe mode? If you haven't try and see if it will work.

lol my bad. I never use IE so i forgot the exact process name. That could of been bad though, so thx jbennet.

iexplorer.exe is Internet Explorer, which is the web browser your using right now. You shouldn't get rid of because you need it.

Glad to see its working. About the geedb.dll. Check if it is actually still in the windows folder still. If it is youll will probably be able to delete it normally or with killbox now that the main infection is gone. You can mark this thread as solved now.(Theres a link under this post)

Ok lets get started.

First run HJT and place a checkmark next to the following.

O4 - HKLM\..\Run: [ftutil2] "rundll32.exe" ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [0g640iv8.dll] "RUNDLL32.EXE" 0g640iv8.dll,b 287968

Now click fix checked.

Now you have to delete a couple files. Use the search option in Windows Explorer and search for the following and delete them.

ftutil2.dll
0g640iv8.dll

They are most likely in the C:\Windows\ folder or the C:\Windows\System32\ folder.

Tell me if this works in your next post.

Woah the AVG log shows that you have alot more on you computer then i thought. Ok i'm gonna have you run two programs to make sure two of the infections are completely gone.

First Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to run it.
• When VundoFix re-opens, click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the
Scan for Vundo button." when VundoFix appears at reboot.

After that Please download Look2Me-Destroyer.exe to your desktop.

• Close all windows before continuing.
• Double-click Look2Me-Destroyer.exe to run it.
• Put a check next to Run this program as a task.
• You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
• When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
• Once it's done scanning, click the Remove L2M button.
• You will receive a Done Scanning message, click OK.
• When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will …

Ok my bad. I forget to tell you to also check the 020 infected entries in HJT along with the BHO entries. (only the ones with qomlljk.dll and geedb.dll) First i want you to run task manager and then click file new task and type "explorer.exe" (without the quotes). If that works then do the following.

Please download and install ewido anti-spyware tool(Now AVG Anti-spyware)

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site: HERE

  You MUST manage to get into Safe Mode …

Your log is a little jumbled. I think you have wordwrap on in notepad. Since you cant get in safe mode well have to do this a little diferently.

First run HJT and check the two BHO that were still there.

Now downlaod Pocket Killbox from here.

1. Install and Run it.
2. Now check the box that says delete on reboot.
3. Now click on the folder icon and select all of the files i told u to delete in safe mode in my last post.
4. Now click on all files which is right next to single file.
5. Click the kill button(Red circle with white X) and let it restart your computer.

Now scan again and post a new HJT log. Be sure to uncheck wordwrap in notepad and just copy and paste the text.

Ok lets get started. First of all run HJT and place a checkmark next to the following.

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - C:\WINDOWS\system32\qomlljk.dll
O2 - BHO: (no name) - {27692646-4D6A-4D33-96D9-163C09D77466} - C:\WINDOWS\system32\ddcyv.dll
O2 - BHO: (no name) - {2FBCC941-5176-4C96-8EF1-CAD8BF678C33} - C:\WINDOWS\system32\mljgh.dll
O2 - BHO: (no name) - {567FAD27-92A2-43A3-87F2-34310F55C9EF} - C:\WINDOWS\system32\ssttt.dll
O2 - BHO: (no name) - {D549F7B8-C806-4059-A34A-66C2720FADB9} - C:\WINDOWS\system32\qlrvsbnw.dll (file missing)
O2 - BHO: (no name) - {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} - C:\WINDOWS\system32\karkmtyv.dll
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\xmoesxvh.dll",realset
O4 - Global Startup: Trust 730S LCD PowerC@M ZOOM Monitor.lnk = ?
O20 - Winlogon Notify: geedb - C:\WINDOWS\system32\geedb.dll
O20 - Winlogon Notify: qomlljk - C:\WINDOWS\SYSTEM32\qomlljk.dll

Now click fix chekced.

You might want to print out the next section as you will not be able to connect to the internet for the most of it.

Restart your computer and while its restarted keep tapping F8 during startup. A menu should pop up. Use the arrow keys and enter to select Safe Mode.

Now use My Computer to navagate to the following files/folders and delete them.

C:\WINDOWS\system32\qomlljk.dll
C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\qlrvsbnw.dll
C:\WINDOWS\system32\karkmtyv.dll
C:\Program Files\Trust\

Restart your computer normally. Now Run HJT this again and post a new log here along with any problems that your still expiriencing.

Wow man ur comp is a mess. Well lets get started then. First of all this isn't a complete log there should be 023 entries at the end of the log and urs ends with 016, please get the other part of the log. We cant get rid of anything till i have that other part, or it will just keep coming back. Thx.

Your log looks clean and AVG cleaned everything it found. Could you be more specific and tell me exactly what the problem is in detail. Thx.

First of all move HJT to a permanent folder such as C:\HJT\ or something similar.
Okay a couple things are left on your computer.
First run HJT and place a checkmark next to the following.
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
O1 - Hosts: "http://www.w3.org/TR/html4/loose.dtd">
O1 - Hosts: <html>
O1 - Hosts: <head>
O1 - Hosts: <script LANGUAGE="JavaScript">
O1 - Hosts: <!--
O1 - Hosts: if (window != top)
O1 - Hosts: top.location.href = location.href;
O1 - Hosts: // -->
O1 - Hosts: </script>
O1 - Hosts: <title>Site Unavailable</title>
O1 - Hosts: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
O1 - Hosts: <style type="text/css">
O1 - Hosts: body{text-align:center;}
O1 - Hosts: .geohead {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;width:750px;margin:10px 0 10px 0;height:35px;}
O1 - Hosts: .geohead #geologo {width:270px;display:block; float:left; }
O1 - Hosts: .geohead #rightside {width:480px;display:block; float:right;border-bottom:1px solid #999999; height:27px;}
O1 - Hosts: .geohead #rightside #welcome {width:50%;display:block; float:left; text-align:left;}
O1 - Hosts: .geohead #rightside #wlinks {width:50%;display:block; float:right; text-align:right;}
O1 - Hosts: .ftr { margin:0px; color:#404040; font:x-small Arial,sans-serif; text-align:center; width:750px;}
O1 - Hosts: .bodywrap{display:block;height:470px;}
O1 - Hosts: .bodycnt{width:510px; display:block; float:left; background-color:#EEE9F5; height:auto; text-align:left; font-family:Arial, Helvetica, sans-serif;font-size:13px; color:#000000; padding:20px 20px 35px 20px;}
O1 - Hosts: .title { font-family:Arial, Helvetica, sans-serif; font-weight:bold; font-size:24px; color:#7C56A9}
O1 - Hosts: .adcnt{width:172px; display:block; float:right; text-align:left;cursor:pointer;cursor:hand;}
O1 - Hosts: .adcnt td {text-align:left;}
O1 - Hosts: .adsubt{font-size:10px; font-family:verdana; font-weight:bold; color:#b4b4b4; …

Please download and install ewido anti-spyware tool(Now called AVG)

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site: HERE

  You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!

• Open Ewido
• Click on scanner top of Ewido sceen
• Click on Settings
• Under How to Act click on Recommended Action choose Quarantine
• Under How to scan all boxes should be selected
• Under Possibly unwanted software all boxes should be …

Thanks.

Looks good. You can mark this thread as solved then.(theres a link in the top left corner above your name)

Look at my last post agian i edited it.

Now run it again except this time use the 2 option and enter.

Still having problems after that?

After doing some research i believe you might have a smitfraud infection.(or some variant) please do the following.

First download Smitfraudfix from here.

Extract it to its own folder. Double click on smitfraudfix.cmd

When it opens up the command prompt press any key to continue and then press 1 and enter to scan.

When its done it should open up a txt file. Save that and then post the contents here.

Well well well. We strike down one thing and another pops up. Ok i want you to do two things. One is to go to controll panel and go to add/remove programs and then remove the following.

Viewpoint

Now in safe mode delete the C:\Program Files\Viewpoint\ folder.

First download Smitfraudfix from here.

Extract it to its own folder. Double click on smitfraudfix.cmd

When it opens up the command prompt press any key to continue and then press 1 and enter to scan.

When its done it should open up a txt file. Save that and then post the contents here.

Your log looks clean but im gonna have you run a scan anyways just to make sure. A few questions also. Have you recently installed any new software that might of caused this?

Please download and install ewido anti-spyware tool

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site: HERE

  You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!

• Open Ewido
• Click on scanner top of Ewido …

Sorry to hear that. We could of got you through it. Oh well though.

The log is still clean so lets check for rootkits.

Go here and download Rootkit analizer. Install and run it then click analyze. Then check the box that says only show hooked processes. Then click export and save the txt file.

Post the contents of that text file here.

One of the items i told u to delete is still there so lets see if i can get rid of it.
First run HJT and check the following.
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
Click fix checked.

Now boot into safe mode again and delete the following folder.
C:\Program Files\Gigabyte\

Reboot back to normal.

That should fix it.

Well your log is completely clean which is weird becase it souns like you are infected with malware. Ok lets scan your computer with a scanner that we suppport on this site.

Please download and install ewido anti-spyware tool(Now called AVG)

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site: HERE

  You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!

• Open Ewido
• Click on scanner top of Ewido sceen
• Click …

Ok a couple traces of malware.
First run HJT and put a checkmark next to the following.
O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - C:\Program Files\Video ActiveX Object\iesplugin.dll
O20 - AppInit_DLLs: pushow92.dll

Do you know what C:\Program Files\TRIXX\TRIXX.exe is? If you dont place a checkmark next to the following.

O4 - HKLM\..\Run: [TRIXX] "C:\Program Files\TRIXX\TRIXX.exe" -s

You might want to print out the following instructions, because you wont be able to access the internet.

Restart to safe mode by tapping F8 during start up and selecting safe mode.

Now using My Computer and the delete key delete the following filles and folders.(if they exist)
C:\Program Files\Gigabyte\
C:\Program Files\Video ActiveX Object\
C:\Windows\System32\pushow92.dll

If you dont know what the trixx thing is then delete the following also.
C:\Program Files\TRIXX\

Now Reboot back to normal mode.

Post a new HJT log along with any problems you are still having.

Please post a HJt log.(there are instructions in the stickys).

Also i never use the safely remove hardware thing and my removable drive is fine.

This doesn't look like a complete log. Are you sure you didn't delete anyting from it?

If you did then please post the full log we need to see that info so that we can fix your computer.

If you didn't please change the name of hijackthis.exe to something else like hello.exe.

You got alot of nasties on your computer. Lets get rid of those.
First run HJT and put a checkmark next to the following.
O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - C:\Program Files\TrueCodec\isaddon.dll (file missing)
O3 - Toolbar: Protection Bar - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - C:\Program Files\TrueCodec\iesplugin.dll (file missing)
O3 - Toolbar: Seekmo Toolbar - {53E0B6E8-A51D-448B-B692-40B67B285543} - C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll (file missing)
O4 - HKLM\..\Run: [SDR6_Check] "C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe"
O4 - HKLM\..\Run: [PAS_Check] "C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe"
O21 - SSODL: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - C:\WINDOWS\system32\dpfwu.dll
O21 - SSODL: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - C:\WINDOWS\system32\tazth.dll

Click fix checked.

You might want to print out the following instructions because you cannot acces the internet in safe mode.

Now reboot to safe mode by tapping F8 during start up and selecting safe mode.

Now using My Computer and the delete key delete the following files and folders.
C:\Program Files\TrueCodec\
C:\Program Files\Seekmo Programs\
C:\Program Files\Common Files\DriveCleaner 2006 Free\
C:\WINDOWS\system32\tazth.dll
C:\WINDOWS\system32\dpfwu.dll

Reboot back to normal mode.

Please post a new HJT log and tell me if you are still getting that message.

Well you can do two things. One try reinstalling the AT&T thing(motivesb.exe) or you can run HJT and check the following.
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
Then click fixed check. This will make it not try to start up and therefore no error.

Well your logs clean still and it looks like AVG cleaned out a few things you got from bearshear. Are you still having problems? If not you can mark this thread as solved by clicking the link at the top of the page. And i got no rep so that would be nice.

Most likely not but you can do an online virus scan here. There are alot of viruses that use the same name but they are usually located in different directories then the real ones. Yours is in the correct directory so i wouldn't worry.

Hmm the log is clean the only suspicious thing is that there are like 12 yahoo widget processes running. Well lets do an AVG scan then.

Please download and install ewido anti-spyware tool(Now called AVG)

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site: HERE

  You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!

• Open Ewido
• Click on scanner top of Ewido sceen
• Click on Settings
• Under How …

Yeah i know why you couldn't get rid of that 02 entry so do the following.

Open Task Manager(alt+crtl+delete)and go to the processes tab. End teatimer.exe and then do the 02 fix using HJT. That should get rid of it. To get teatimer.exe back on just go to the program files folder and click on it or just reboot.

If that fixes everything up you can mark this thread as solved using the link at the top of the page.

Good fix lets see if we can get this in the stickys.:)

First of all you could do a system restore if you have a restore point from before the infection.

The above post probably wont do anything but take up space on your computer. Your suspicions were right your are infected with the WORM_SPYBOT.GP.

Lets see what we can do. First go to Control Panel and ADD\Remove Programs and remove the following.
MyWay, My Websearch Bar, or something similar.

Now run HJT and check the followng.
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\system32\ntsystem.exe
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
Click fix checked and then close HJT.

Now Please download and install ewido anti-spyware tool

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows …