Re: Window Xp IE 6 (DNS ERROR) page not found!
 

[Moderator's edit: Post split from this thread]

DMR,
I did as you suggested with AdAware and SpyBot. All AdAware found were tracking cookies and SpyBot said I was clean. But I still have the same prob. So, as you suggested, here's my HijackThis Logfile...


Logfile of HijackThis v1.99.1
Scan saved at 2:42:23 PM, on 6/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Advanced Registry Doctor\RegManServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Andy\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - Disabled:AutorunsDisabled - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\saIE.dll
O2 - BHO: (no name) - {483027ad-454d-4880-a809-f0021223886c} - C:\WINDOWS\system32\ds3m32.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\saIE.dll
O3 - Toolbar: (no name) - {11359F4A-B191-42D7-905A-594F8CF0387B} - (no file)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: MiniMinder.lnk = C:\Program Files\MiniMind\MiniMind.exe
O4 - Startup: ScreenHunter.exe.lnk = C:\Program Files\Wisdom-soft ScreenHunter Free\ScreenHunter.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {8A29A683-DF4A-4C79-8356-E9FB08ADEAC6} - C:\Program Files\IEGuard\IEGuardManager.exe
O9 - Extra 'Tools' menuitem: IEGuard - {8A29A683-DF4A-4C79-8356-E9FB08ADEAC6} - C:\Program Files\IEGuard\IEGuardManager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O15 - Trusted Zone: *..softpedia.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/insta...SSWebAgent.CAB
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Cu...ataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edg...ex-2.0.4.4.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pcpitstop.com/pestscan/pestscan.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource...scbase7617.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1151316691968
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1143565502468
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://63.241.168.238/ae/ecwplugins/ncs1.cab
O16 - DPF: {90F7E144-984F-4FA6-83A7-C9C8DCB9974C} (RSActiveXObj Control) - http://www.radarsync.com/RSActiveX.ocx
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/sh...,2/mcmysec.cab
O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} (CamRegCleanControl Object) - http://www.amustsoft.com/onlineregis...RegCleaner.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - https://www.contentwatch.com/audit/i...ditControl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) -
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...69/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O18 - Protocol: bw+0 - {29D6636E-7930-496D-A0F3-BB4FADD61C84} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
[DMR: Additional Logitech entries snipped for ease of viewing]
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {29D6636E-7930-496D-A0F3-BB4FADD61C84} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: ds3m32 - C:\WINDOWS\SYSTEM32\ds3m32.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Re: For idontno: Window Xp IE 6 (DNS ERROR) page not found!
 

1. Please describe the exact symptoms you are experiencing in as much detail as possible.

2. I'm suspicious of the C:\WINDOWS\SYSTEM32\ds3m32.dll file listed in your HijackThis log, but I can't find any information on the file at all (one of the reasons for my suspicion). Please go to this site and submit the file for analysis.
To submit the file, click on the "Browse..." button at the top of page I linked to above; a "File Upload" window will open. In that window, browse to your C:\WINDOWS\SYSTEM32 folder, hilight the ds3m32.dll file, and then click the "OK" button.
Post the results of the filescan in your next post here.

Re: Window Xp IE 6 (DNS ERROR) page not found!
 

Sorry. I thought I was in the right thread cause it was about the same problem that I was having, and when you said...
"- Open the log file in Windows notepad, and cut-n-paste the entire contents of the log into a reply in this thread." I thought you were talking to everyone in that thread. Just a misunderstanding and I'm still pretty new to forums. I go to a lot of em but I've got a lot to learn about how they work.

Sorry again,
Andy

Re: For idontno: Window Xp IE 6 (DNS ERROR) page not found!
 

No problem; it's a very common mistake.
Most tech support forums, including ours, have a "one member's problem per thread" posting guideline, because it just gets too confusing to follow a thread when mulitple people are trying to solve multiple problems within it.

If you can follow up on my request regarding the ds3m32.dll file, we can continue with a fix.

Re: For idontno: Window Xp IE 6 (DNS ERROR) page not found!
 

I can't remember which link I followed to get the DNS Page Not Found error. But I did find a link (http://www.justrealmail.com/affiliat...=4&productid=2) that gave me a HTTP 404 - file not found...

http://img230.imageshack.us/img230/9...otfound9nr.png
And here are the results on the ds3m32.dll scan...


http://img79.imageshack.us/img79/518...arescan4da.png

Re: For idontno: Window Xp IE 6 (DNS ERROR) page not found!
 

* How often are you getting the 404 errors?
* Do they happen only at certain sites, or do they happen at random times on sites which usually work for you?

Keep in mind that unless you're getting consistent page errors on sites that you know should be functioning, it's likely that the problems are not with your computer but with the servers on which the web pages you are trying to reach reside.
_________________________________________________________________________________

The file you scanned is part of a known family of infections; please perform the removal procedures below:

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.


* Use Norton's Live Update feature to install the latest virus definitions for the antivirus program. Don't actually run a scan with Norton yet; just close the program once it has updated.

* Please download Ewido Anti-Malware it is a free version of the program.

1. Install Ewido Anti-Malware
2. When installing, under "Additional Options" uncheck..
   • Install background guard
   • Install scan via context menu
3. Launch Ewido, there should be an icon on your desktop, double-click it.
4. The program will now open to the main screen.
5. You will need to update ewido to the latest definition files.
   • On the left hand side of the main screen click update.
   • Then click on Start Update.
6. The update will start and a progress bar will show the updates being installed.
   (the status bar at the bottom will display ("Update successful")

Don't actually run a scan with ewido yet, just close it for now.


* Please download ATF Cleaner by Atribune. Save the file to your desktop or any other convenient locaiton. Again- don't run the program yet.


* Run another HijackThis scan, put a check in the boxes to the left of the following entries, and then click the "Fix Checked" button. Close HijackThis once the fixes complete:

O2 - BHO: (no name) - {483027ad-454d-4880-a809-f0021223886c} - C:\WINDOWS\system32\ds3m32.dll
O20 - Winlogon Notify: ds3m32 - C:\WINDOWS\SYSTEM32\ds3m32.dll


* Next, please reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

* Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser : Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser: Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


* Run a full system scan with Norton Antivirus. Have it clean all infecitons it finds.

* Launch Ewido from your Desktop :

• Click on scanner
• Click on Complete System Scan and the scan will begin.
• You will be prompted to clean the first infection.
• Select "Perform action on all infections", then proceed.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or a location where you can find it easily.

Close Ewido Anti-Malware.

* Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

Search for the following file and delete it if it still exists:
C:\WINDOWS\SYSTEM32\ds3m32.dll

* Empty your Recycle Bin and reboot normally.

* Run another HijackThis scan ad post the log. Also post the log that ewido generated.


-

Re: For idontno: Window Xp IE 6 (DNS ERROR) page not found!
 

I get the 404 errors as well as DNS and others at random sites. I can't remember if they are sites that I frequent cause I do a LOT of surfing, and when I do encounter a site that has links to these Not Found pages I usually don't go back to them. The only I can remember going back to several times with the same results is a link from this site...

http://www.spywareremove.com/products.shtml

and this the link...

http://www.justrealmail.com/affiliat...=4&productid=2

I did everything as you suggested, except Norton Antivirus won't run in safe mode. Maybe it's because its part of NIS???

Anyway here are the logs you requested...

Ewido ( it's not called Anti Malware anymore, it's Anti Spyware and it's not free anymore...30 day trial. Just thought I'd let you know. Who cares, right. As long as it works)...

If you would rather read them without them being all scrunched up I'm sending them as attachments also, so you can open them up in notepad with out them being word wrapped.

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 2:59:02 AM 7/1/2006
+ Scan result:

C:\Program Files\180search assistant -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\180searchassistant -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\instafink -> Adware.404Search : Cleaned with backup (quarantined).
C:\Program Files\altnet -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\aprps -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\autoupdate -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\cxtpls -> Adware.Apropos : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ZToolbar.ParamWr -> Adware.Azsearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ZToolbar.ParamWr.1 -> Adware.Azsearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ZToolbar.ParamWr\CLSID -> Adware.Azsearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ZToolbar.ParamWr\CurVer -> Adware.Azsearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ZToolbar.StockBar -> Adware.Azsearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ZToolbar.StockBar.1 -> Adware.Azsearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ZToolbar.StockBar\CLSID -> Adware.Azsearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ZToolbar.StockBar\CurVer -> Adware.Azsearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ZToolbar.activator -> Adware.Azsearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ZToolbar.activator.1 -> Adware.Azsearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ZToolbar.activator\CLSID -> Adware.Azsearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ZToolbar.activator\CurVer -> Adware.Azsearch : Cleaned with backup (quarantined).
C:\Program Files\bullseye network -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\navisearch -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\tbonbin -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\nail.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\nail.exe\Readme.txt -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\svcproc.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\svcproc.exe\Readme.txt -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Program Files\cashback -> Adware.CashBack : Cleaned with backup (quarantined).
C:\WINDOWS\system32\adcache -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\Program Files\hotbar -> Adware.HotBar : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\YazzleActiveX.ocx -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\WINDOWS\YAXUninst.exe -> Adware.MediaTickets : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{a19ef336-01d4-48e6-926a-fe7e1c747aed} -> Adware.MWSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} -> Adware.MWSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{a19ef336-01d4-48e6-926a-fe7e1c747aed} -> Adware.MWSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} -> Adware.MWSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-1078081533-796845957-682003330-1003\Software\Microsoft\Windows\
CurrentVersion\Ext\Stats\{A19EF336-01D4-48E6-926A-FE7E1C747AED} -> Adware.MWSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-1078081533-796845957-682003330-1003\Software\Microsoft\Windows\
CurrentVersion\Ext\Stats\{DA7FF3F8-08BE-4CAC-BC00-94D91C6AE7F4} -> Adware.MWSearch : Cleaned with backup (quarantined).
C:\Program Files\newdotnet -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\psguard -> Adware.PSGuard : Cleaned with backup (quarantined).
C:\Program Files\rxtoolbar -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\save -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\whenusearch -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\sidefind -> Adware.SideFind : Cleaned with backup (quarantined).
C:\Program Files\spyfalcon -> Adware.SpyFalcon : Cleaned with backup (quarantined).
C:\Program Files\starware -> Adware.Starware : Cleaned with backup (quarantined).
C:\Program Files\surfaccuracy -> Adware.SurfAccuracy : Cleaned with backup (quarantined).
C:\Program Files\surfsidekick 3 -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Program Files\winfixer 2005 -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\Program Files\adstatus service -> Adware.WinTaskAd : Cleaned with backup (quarantined).
C:\Documents and Settings\WONDERFULME888\Local Settings\Temporary Internet Files\Content.IE5\8V1BIIND\w[1].php -> Downloader.Agent.anm : Cleaned with backup (quarantined).
C:\WINDOWS\system32\awvtssp.dll -> Downloader.Agent.anm : Cleaned with backup (quarantined).
C:\Andy\HijackThis\backups\backup-20060701-013802-185.dll -> Downloader.ConHook.aa : Cleaned with backup (quarantined).
C:\Andy\HijackThis\backups\backup-20060701-013915-804.dll -> Downloader.ConHook.aa : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mlljj.exe -> Dropper.Agent.amr : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq19.tmp\ld2E4E.tmp -> Not-A-Virus.Hoax.Win32.Renos.dv : Ignored.
C:\Documents and Settings\Kids\Cookies\kids@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kids\Cookies\kids@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\WONDERFULME888\Cookies\wonderfulme888@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Privacy Crusader Full\quarantine\andy@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kids\Cookies\kids@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Kids\Cookies\kids@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Kids\Cookies\kids@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\WONDERFULME888\Cookies\wonderfulme888@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\WONDERFULME888\Cookies\wonderfulme888@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\WONDERFULME888\Cookies\wonderfulme888@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Program Files\Privacy Crusader Full\quarantine\andy@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Kids\Cookies\kids@as.casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Kids\Cookies\kids@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Kids\Cookies\kids@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Program Files\Privacy Crusader Full\quarantine\andy@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Program Files\Privacy Crusader Full\quarantine\andy@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Kids\Cookies\kids@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Kids\Cookies\kids@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Kids\Cookies\kids@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\Privacy Crusader Full\quarantine\andy@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Kids\Cookies\kids@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\WONDERFULME888\Cookies\wonderfulme888@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Kids\Cookies\kids@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Kids\Cookies\kids@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2B.tmp -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Kids\Cookies\kids@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C.tmp -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2D.tmp -> TrackingCookie.Spylog : Cleaned.
C:\Documents and Settings\Kids\Cookies\kids@h.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2E.tmp -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Kids\Cookies\kids@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\WONDERFULME888\Cookies\wonderfulme888@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Kids\Cookies\kids@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\WONDERFULME888\Cookies\wonderfulme888@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\Kids\Cookies\kids@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Kids\Cookies\kids@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Kids\Cookies\kids@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2F.tmp -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Privacy Crusader Full\quarantine\andy@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Program Files\Privacy Crusader Full\quarantine\andy@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\WONDERFULME888\Cookies\wonderfulme888@free.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned.
C:\Documents and Settings\Kids\Cookies\kids@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\system32\dxmpp.dll -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dxmpp.dll\Readme.txt -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ginuerep.dll -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ginuerep.dll\Readme.txt -> Trojan.Small : Cleaned with backup (quarantined).

::Report end

*******************************************************

And the HijackThis log...

Logfile of HijackThis v1.99.1
Scan saved at 5:57:35 AM, on 7/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\CDBurnerXP\NMSAccess.exe
C:\Program Files\Advanced Registry Doctor\RegManServ.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Wisdom-soft ScreenHunter Free\ScreenHunter.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Andy\HijackThis\HijackThis.exe
C:\WINDOWS\system32\svchost.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - Disabled:AutorunsDisabled - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\saIE.dll
O2 - BHO: (no name) - {11359F4A-B191-42d7-905A-594F8CF0387B} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: MiniMinder.lnk = C:\Program Files\MiniMind\MiniMind.exe
O4 - Startup: ScreenHunter.exe.lnk = C:\Program Files\Wisdom-soft ScreenHunter Free\ScreenHunter.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {8A29A683-DF4A-4C79-8356-E9FB08ADEAC6} - C:\Program Files\IEGuard\IEGuardManager.exe
O9 - Extra 'Tools' menuitem: IEGuard - {8A29A683-DF4A-4C79-8356-E9FB08ADEAC6} - C:\Program Files\IEGuard\IEGuardManager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O15 - Trusted Zone: *..reg.imageshack.us
O15 - Trusted Zone: *..toolbar.imageshack.us
O15 - Trusted Zone: http://toolbar.imageshack.us
O15 - Trusted Zone: *.imageshack.us
O15 - Trusted Zone: *..softpedia.com
O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.trasferimento.biz/l/9e8f...73ae4c8_35.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/insta...SSWebAgent.CAB
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Cu...ataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edg...ex-2.0.4.4.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pcpitstop.com/pestscan/pestscan.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource...scbase7617.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar...ackToolbar.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1143565502468
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://63.241.168.238/ae/ecwplugins/ncs1.cab
O16 - DPF: {90F7E144-984F-4FA6-83A7-C9C8DCB9974C} (RSActiveXObj Control) - http://www.radarsync.com/RSActiveX.ocx
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/sh...,2/mcmysec.cab
O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} (CamRegCleanControl Object) - http://www.amustsoft.com/onlineregis...RegCleaner.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - https://www.contentwatch.com/audit/i...ditControl.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.globosoft.info/globobar.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) -
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...69/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O18 - Protocol: bw+0 - {B451C6F2-8605-476C-820B-C2E0F22AB754} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
[DMR: Additional Logitech 018 entries snipped for ease of viewing]
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {B451C6F2-8605-476C-820B-C2E0F22AB754} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrge32 - C:\WINDOWS\SYSTEM32\winrge32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccess.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

*******************************************************

Oh, after all this, I opened Manage Addons and ds3m32.dll was still there as a browser helper. I disabled it and after I closed and reopened IE it was gone. :)

Re: For idontno: Window Xp IE 6 (DNS ERROR) page not found!
 

Now after going thru all that I went to this site:
http://www.imageshack.us/v_images.php

and clicked on this link:
http://img2.imageshack.us/click_trac...images_txt_lnk

I tried several times and hit refresh several times, and got this (DNS this time)...
All the other links work though


http://img176.imageshack.us/img176/1020/dnserror9zv.png

Re: For idontno: Window Xp IE 6 (DNS ERROR) page not found!
 

Yes, that is a dead link. The problem is on the webserver, not your computer. That's probably the case with most of the sites where you encounter the error; expired or "orphaned" links are pretty common.

Right- some verisons of Norton AV don't run in Safe Mode, but I thought it was worth a try.

Yeah, thanks- I cut-n-pasted those instructions from an outdated file. My bad.

Cool... but unfortunately, your log still shows signs of infections. That's not surprising, given the number of Nasties that ewido found on your system.

That link isn't available to me, probably because I'm not a registered member of that site.

Re: For idontno: Window Xp IE 6 (DNS ERROR) page not found!
 

An infection is still present, as indicated by this entry in your latest log:
O20 - Winlogon Notify: winrge32 - C:\WINDOWS\SYSTEM32\winrge32.dll

ewido should have flagged the winrge32.dll file; let's try again, this time with the correct, updated ewido instructions:

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

* Open ewido, click on the Update menu icon, and then click on the "Start Updates" button. Close ewido once the latest updates are installed.


* Run another HijackThis scan, put a check in the boxes to the left of the following entries, and then click the "Fix Checked" button. Close HijackThis once the fixes complete:
O2 - BHO: (no name) - {11359F4A-B191-42d7-905A-594F8CF0387B} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.globosoft.info/globobar.cab
O20 - Winlogon Notify: winrge32 - C:\WINDOWS\SYSTEM32\winrge32.dll


* Reboot your computer in Safe Mode by doing the following:

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site: HERE
  
  You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!

• Open Ewido
• Click on scanner top of Ewido sceen
• Click on Settings
• Under How to Act click on Recommended Action choose Quarantine
• Under How to scan all boxes should be selected
• Under Possibly unwanted software all boxes should be selected
• On right side under Reports: click on Automatically generate report after every scan.
• Under What to scan select scan every file
• Click On scan Tab
• Click on Complete system scan
• Let the program scan the machine It can take awhile give it time.
• When scan has finished At bottom of screen click Apply all Actions
• Click Save report
• Click Save Report as (Save as window's screen should pop up.)
• Click desktop
• Click Save
• Exit ewido

* Reboot normally.

* Run another HijackThis scan ad post the log. Also post the log that ewido generated.


-