0

I can't currently access my internet. I have scanned for viruses and spyware with avg and spybot search & destroy, but it can't come up with anything. It does say I'm connected and the internet is running, but anytime I try to open Internet Explorer, it says cannot find server. I know it's not the modem because I can access the internet in safe mode with networking, as I am doing it right now. So at this moment, I'm close to just doing system recovery and I have no other clue in what to do.

4
Contributors
27
Replies
28
Views
9 Years
Discussion Span
Last Post by crunchie
0

Try to Run previous successful window when you restart the computer.
Or else you might have dial-up connection.
Go to Tools> Internet option> Never Dial a Connection

0

i have no dial-up, i'm tryin to run my at&t dsl, sry if i didn't mention that before

0

Try to Run previous successful window when you restart the computer.

Yeah, i really have no idea what you mean by this, so if you could explain what you mean exactly and/or how to do it, that would be fantastic.

0

i just did a hijackthis scan and here it is


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:03 PM, on 6/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Documents and Settings\Owner\My Documents\My Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {F9E535F6-FE6E-D9BC-19F6-F35A6C3012E4} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O2 - BHO: (no name) - {0048B696-3B49-4EB4-8EAA-12E4B73A8B47} - (no file)
O2 - BHO: (no name) - {008740B0-F635-425B-8F83-C9833F5CCD70} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {034DACD2-674B-464C-81CB-5D82E884BCE2} - (no file)
O2 - BHO: (no name) - {057b73b0-ae36-494b-a5ce-9e6398e703dd} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {184D8FB3-591B-4EBF-A059-91E1999E7205} - (no file)
O2 - BHO: (no name) - {22350094-E0E8-4FF0-AD18-6E232EAE080F} - (no file)
O2 - BHO: (no name) - {24FCFBD3-1F8E-44B8-B715-04A3BB4A689C} - (no file)
O2 - BHO: (no name) - {27CBE6B6-D9A6-4DDD-B113-14736ECA405C} - (no file)
O2 - BHO: (no name) - {32C0C82D-D173-4F92-880A-EF4DD3632204} - (no file)
O2 - BHO: (no name) - {3379E611-AD9F-4A6F-9623-233F52D16970} - (no file)
O2 - BHO: (no name) - {3BA2C4B4-06E4-4D62-AE98-D6D66EE0505C} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {3DD5AE84-FC67-43F9-BE06-40506A6BE072} - (no file)
O2 - BHO: (no name) - {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} - C:\WINDOWS\system32\fccdbxx.dll (file missing)
O2 - BHO: (no name) - {4263C7F9-8517-4814-B9E7-AB23A6808F6B} - (no file)
O2 - BHO: (no name) - {478f8b95-df4a-49df-a4e9-332fa8ee4aac} - (no file)
O2 - BHO: (no name) - {50405B6D-DD0E-49C3-80D1-24392AB2D366} - C:\WINDOWS\system32\vtuts.dll (file missing)
O2 - BHO: (no name) - {507C73B0-D5D4-4CBF-86AD-690FAE5104E5} - (no file)
O2 - BHO: (no name) - {5B438ACB-69BF-4EB0-BBCC-A19BD8EB7BEE} - (no file)
O2 - BHO: (no name) - {60764275-78C7-4847-82C3-9531AB4921A7} - (no file)
O2 - BHO: (no name) - {6C987574-5D3A-435F-87A6-C449AB8528F9} - (no file)
O2 - BHO: (no name) - {704BFE2B-0830-4A7D-B9AC-DB0E25E9B67A} - (no file)
O2 - BHO: (no name) - {71bf372e-7171-4b39-8ae1-da86020e00d6} - (no file)
O2 - BHO: (no name) - {72235AA7-C750-4F62-90BB-4323F488D295} - (no file)
O2 - BHO: (no name) - {74CF0B2A-E1A9-47A9-BC3B-36A245EC1CD2} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {775782F8-1F4E-4183-B35C-B5599FC1F275} - (no file)
O2 - BHO: (no name) - {77C3CABA-021C-432C-B248-E97C40416BAA} - (no file)
O2 - BHO: (no name) - {77D6BB8E-EFF7-4D93-8D68-2ED95AE7E5FD} - (no file)
O2 - BHO: (no name) - {7A152772-EA44-49DE-963D-F927FB4F161C} - (no file)
O2 - BHO: (no name) - {82115ADC-7440-47EC-A7C2-90C33B2D224E} - (no file)
O2 - BHO: (no name) - {8AA409CA-8AB0-4366-AE32-3CE2CEBF700E} - (no file)
O2 - BHO: (no name) - {937E0F91-F744-45C1-91C8-6D396F67B975} - (no file)
O2 - BHO: (no name) - {93958BE2-4677-450A-A3A2-8F0CC40D1A97} - C:\WINDOWS\system32\pmnll.dll (file missing)
O2 - BHO: (no name) - {950BD455-4B1E-4D65-BE5E-4B4B8D09C8BB} - (no file)
O2 - BHO: (no name) - {96EBA088-5039-4E0F-AF3C-B67A386446DB} - C:\WINDOWS\system32\jkklm.dll (file missing)
O2 - BHO: (no name) - {98B25900-39C0-49CA-8A3D-DA20D39D3B65} - (no file)
O2 - BHO: (no name) - {9AE447FC-78DA-49F2-BEA2-988EDD0B172E} - (no file)
O2 - BHO: (no name) - {9E6BB767-9152-42DD-BF3C-EBEB36EA1B92} - (no file)
O2 - BHO: (no name) - {A1D934F0-06EC-4CA5-9092-56CA77B5EE51} - (no file)
O2 - BHO: (no name) - {A1E53EFA-5380-4127-8EC2-10208DD12D95} - (no file)
O2 - BHO: (no name) - {A59F00E2-AE32-42EB-9073-5CE9CDF9B8B0} - (no file)
O2 - BHO: (no name) - {A7B1B32E-1898-49DA-980E-ED6834290C6A} - (no file)
O2 - BHO: (no name) - {ACC540BB-9032-4927-8778-E20C828FFFC0} - (no file)
O2 - BHO: (no name) - {B8B80292-49E6-458E-B1EE-5F2A3703AC0E} - (no file)
O2 - BHO: (no name) - {C6F6A65E-4FA7-4FEF-B8D7-A99529208DE8} - (no file)
O2 - BHO: (no name) - {CA8A7E0C-9D9D-4336-8C69-CF6038E7AD5B} - (no file)
O2 - BHO: (no name) - {CB1F9D21-04C1-4170-8CD2-E1104AF785AE} - (no file)
O2 - BHO: (no name) - {D880219A-1252-407D-9D60-B7023F203E62} - (no file)
O2 - BHO: (no name) - {E3146938-E3DA-4C0C-A384-E35EF593B0A6} - (no file)
O2 - BHO: (no name) - {E7DF5D59-D4C1-457E-BF23-D424C62C0EE0} - (no file)
O2 - BHO: (no name) - {EBC3E190-6156-45B2-AB51-062DAF48C808} - (no file)
O2 - BHO: (no name) - {ED675B33-D867-4781-86B2-52FDB4C5CECD} - (no file)
O2 - BHO: (no name) - {F903D0C5-48C7-40B9-8FA5-6D3FD045B8BC} - (no file)
O2 - BHO: (no name) - {fd81f7ab-dbbd-41c5-9649-c9bff131c96d} - (no file)
O2 - BHO: (no name) - {FDE27ACD-58F1-434E-BCEE-0C3BBA073E2A} - (no file)
O2 - BHO: (no name) - {FE98573C-648D-4A87-BFF4-DB7AEE0E6C8F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [SetDefaultMIDI] MIDIDef.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [SetDefaultMIDI] MIDIDef.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Startup: Greetings Workshop Reminders.lnk.disabled
O4 - Startup: TA_Start.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} - http://scanner2.malware-scan.com/setup/webinst.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{293BE57A-2433-4323-9468-2CC774303307}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{293BE57A-2433-4323-9468-2CC774303307}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{293BE57A-2433-4323-9468-2CC774303307}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: c:\windows\system32\pmnllli.dll,avgrsstx.dll
O20 - Winlogon Notify: anshlx - anshlx.dll (file missing)
O20 - Winlogon Notify: byxvwts - byxvwts.dll (file missing)
O20 - Winlogon Notify: fccdbxx - fccdbxx.dll (file missing)
O20 - Winlogon Notify: kbdmgr - kbdmgr.dll (file missing)
O20 - Winlogon Notify: vtuts - C:\WINDOWS\system32\vtuts.dll (file missing)
O20 - Winlogon Notify: vtutu - C:\WINDOWS\System32\vtutu.dll (file missing)
O20 - Winlogon Notify: wvuusqp - wvuusqp.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Remote Procedure Call (RPC) Helper ( 6QÔõ'ª´ÆÐ8) - Unknown owner - C:\WINDOWS\system32\appyh32.exe (file missing)

--
End of file - 10644 bytes


if someone could help me out, i would be deeply grateful

0

Please go to Jotti's or to virustotal and have this file scanned. Post the results back here.

c:\windows\system32\pmnllli.dll

===============

Scan with HijackThis and then place a check next to all the following, if present:


R3 - URLSearchHook: (no name) - {F9E535F6-FE6E-D9BC-19F6-F35A6C3012E4} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {0048B696-3B49-4EB4-8EAA-12E4B73A8B47} - (no file)
O2 - BHO: (no name) - {008740B0-F635-425B-8F83-C9833F5CCD70} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {034DACD2-674B-464C-81CB-5D82E884BCE2} - (no file)
O2 - BHO: (no name) - {057b73b0-ae36-494b-a5ce-9e6398e703dd} - (no file)
O2 - BHO: (no name) - {184D8FB3-591B-4EBF-A059-91E1999E7205} - (no file)
O2 - BHO: (no name) - {22350094-E0E8-4FF0-AD18-6E232EAE080F} - (no file)
O2 - BHO: (no name) - {24FCFBD3-1F8E-44B8-B715-04A3BB4A689C} - (no file)
O2 - BHO: (no name) - {27CBE6B6-D9A6-4DDD-B113-14736ECA405C} - (no file)
O2 - BHO: (no name) - {32C0C82D-D173-4F92-880A-EF4DD3632204} - (no file)
O2 - BHO: (no name) - {3379E611-AD9F-4A6F-9623-233F52D16970} - (no file)
O2 - BHO: (no name) - {3BA2C4B4-06E4-4D62-AE98-D6D66EE0505C} - (no file)
O2 - BHO: (no name) - {3DD5AE84-FC67-43F9-BE06-40506A6BE072} - (no file)
O2 - BHO: (no name) - {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} - C:\WINDOWS\system32\fccdbxx.dll (file missing)
O2 - BHO: (no name) - {4263C7F9-8517-4814-B9E7-AB23A6808F6B} - (no file)
O2 - BHO: (no name) - {478f8b95-df4a-49df-a4e9-332fa8ee4aac} - (no file)
O2 - BHO: (no name) - {50405B6D-DD0E-49C3-80D1-24392AB2D366} - C:\WINDOWS\system32\vtuts.dll (file missing)
O2 - BHO: (no name) - {507C73B0-D5D4-4CBF-86AD-690FAE5104E5} - (no file)
O2 - BHO: (no name) - {5B438ACB-69BF-4EB0-BBCC-A19BD8EB7BEE} - (no file)
O2 - BHO: (no name) - {60764275-78C7-4847-82C3-9531AB4921A7} - (no file)
O2 - BHO: (no name) - {6C987574-5D3A-435F-87A6-C449AB8528F9} - (no file)
O2 - BHO: (no name) - {704BFE2B-0830-4A7D-B9AC-DB0E25E9B67A} - (no file)
O2 - BHO: (no name) - {71bf372e-7171-4b39-8ae1-da86020e00d6} - (no file)
O2 - BHO: (no name) - {72235AA7-C750-4F62-90BB-4323F488D295} - (no file)
O2 - BHO: (no name) - {74CF0B2A-E1A9-47A9-BC3B-36A245EC1CD2} - (no file)
O2 - BHO: (no name) - {775782F8-1F4E-4183-B35C-B5599FC1F275} - (no file)
O2 - BHO: (no name) - {77C3CABA-021C-432C-B248-E97C40416BAA} - (no file)
O2 - BHO: (no name) - {77D6BB8E-EFF7-4D93-8D68-2ED95AE7E5FD} - (no file)
O2 - BHO: (no name) - {7A152772-EA44-49DE-963D-F927FB4F161C} - (no file)
O2 - BHO: (no name) - {82115ADC-7440-47EC-A7C2-90C33B2D224E} - (no file)
O2 - BHO: (no name) - {8AA409CA-8AB0-4366-AE32-3CE2CEBF700E} - (no file)
O2 - BHO: (no name) - {937E0F91-F744-45C1-91C8-6D396F67B975} - (no file)
O2 - BHO: (no name) - {93958BE2-4677-450A-A3A2-8F0CC40D1A97} - C:\WINDOWS\system32\pmnll.dll (file missing)
O2 - BHO: (no name) - {950BD455-4B1E-4D65-BE5E-4B4B8D09C8BB} - (no file)
O2 - BHO: (no name) - {96EBA088-5039-4E0F-AF3C-B67A386446DB} - C:\WINDOWS\system32\jkklm.dll (file missing)
O2 - BHO: (no name) - {98B25900-39C0-49CA-8A3D-DA20D39D3B65} - (no file)
O2 - BHO: (no name) - {9AE447FC-78DA-49F2-BEA2-988EDD0B172E} - (no file)
O2 - BHO: (no name) - {9E6BB767-9152-42DD-BF3C-EBEB36EA1B92} - (no file)
O2 - BHO: (no name) - {A1D934F0-06EC-4CA5-9092-56CA77B5EE51} - (no file)
O2 - BHO: (no name) - {A1E53EFA-5380-4127-8EC2-10208DD12D95} - (no file)
O2 - BHO: (no name) - {A59F00E2-AE32-42EB-9073-5CE9CDF9B8B0} - (no file)
O2 - BHO: (no name) - {A7B1B32E-1898-49DA-980E-ED6834290C6A} - (no file)
O2 - BHO: (no name) - {ACC540BB-9032-4927-8778-E20C828FFFC0} - (no file)
O2 - BHO: (no name) - {B8B80292-49E6-458E-B1EE-5F2A3703AC0E} - (no file)
O2 - BHO: (no name) - {C6F6A65E-4FA7-4FEF-B8D7-A99529208DE8} - (no file)
O2 - BHO: (no name) - {CA8A7E0C-9D9D-4336-8C69-CF6038E7AD5B} - (no file)
O2 - BHO: (no name) - {CB1F9D21-04C1-4170-8CD2-E1104AF785AE} - (no file)
O2 - BHO: (no name) - {D880219A-1252-407D-9D60-B7023F203E62} - (no file)
O2 - BHO: (no name) - {E3146938-E3DA-4C0C-A384-E35EF593B0A6} - (no file)
O2 - BHO: (no name) - {E7DF5D59-D4C1-457E-BF23-D424C62C0EE0} - (no file)
O2 - BHO: (no name) - {EBC3E190-6156-45B2-AB51-062DAF48C808} - (no file)
O2 - BHO: (no name) - {ED675B33-D867-4781-86B2-52FDB4C5CECD} - (no file)
O2 - BHO: (no name) - {F903D0C5-48C7-40B9-8FA5-6D3FD045B8BC} - (no file)
O2 - BHO: (no name) - {fd81f7ab-dbbd-41c5-9649-c9bff131c96d} - (no file)
O2 - BHO: (no name) - {FDE27ACD-58F1-434E-BCEE-0C3BBA073E2A} - (no file)
O2 - BHO: (no name) - {FE98573C-648D-4A87-BFF4-DB7AEE0E6C8F} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab

O20 - Winlogon Notify: anshlx - anshlx.dll (file missing)
O20 - Winlogon Notify: byxvwts - byxvwts.dll (file missing)
O20 - Winlogon Notify: fccdbxx - fccdbxx.dll (file missing)
O20 - Winlogon Notify: kbdmgr - kbdmgr.dll (file missing)
O20 - Winlogon Notify: vtuts - C:\WINDOWS\system32\vtuts.dll (file missing)
O20 - Winlogon Notify: vtutu - C:\WINDOWS\System32\vtutu.dll (file missing)
O20 - Winlogon Notify: wvuusqp - wvuusqp.dll (file missing)

O23 - Service: Remote Procedure Call (RPC) Helper (? 6QÔõ'ª´ÆÐ8) - Unknown owner - C:\WINDOWS\system32\appyh32.exe (file missing)


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

To help protect your system from hostile ActiveX content, or special 'downloadable' files:

Download, install and keep updated, SpywareBlaster. If you've installed it for the first time:

1) Check for any available updates; if present, they'll be automatically downloaded and installed.
2) Next, "Enable all protection".
3) Exit the program.

-

Note: Remember to regularly check for updates.

===============

Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Post new HJT log.

0

c:\windows\system32\pmnllli.dll

i dont see this file in my system32 folder

0

Make sure that hidden files are set to show in folder options. You can try doing it by pasting c:\windows\system32\pmnllli.dll in the line and hit Submit.

0

i did what you said and got this
The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

that's from jotti

0

Probably does not exist then. Did you unhide the files option?

Follow the rest of my instructions anyway.

0

have you made sure that your TCP/IP is all working? you should be using dynamic(automatic IP adressing) have you tried ipconfig in command prompt. it think what should happen is that when your connected to the internet and you try ipconfig you should get one automaitcally with a subnet mask and a gateway.

0

here is the log for the MalwareBytes

Malwarebytes' Anti-Malware 1.17
Database version: 863

11:11:35 AM 6/17/2008
mbam-log-6-17-2008 (11-11-35).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 172420
Time elapsed: 50 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\CAC (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3feca576-7ad2-4e11-a6ad-6b59d4fb5db9} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\f02WtR (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\WinTouch (Adware.WinPop) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\Temp\nswC2.tmp\System.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\WinTouch\wintouch.cfg (Adware.WinPop) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlkkj.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kernel32.exe (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\TA_Start.lnk.disabled (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\yazzlesnet.exe (Heuristics.Malware) -> Quarantined and deleted successfully.

0

sorry, didn't see that

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:18:56 PM, on 6/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\My Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [SetDefaultMIDI] MIDIDef.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [SetDefaultMIDI] MIDIDef.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Startup: Greetings Workshop Reminders.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{293BE57A-2433-4323-9468-2CC774303307}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{293BE57A-2433-4323-9468-2CC774303307}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{293BE57A-2433-4323-9468-2CC774303307}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: c:\windows\system32\pmnllli.dll,avgrsstx.dll,
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Remote Procedure Call (RPC) Helper ( 6QÔõ'ª´ÆÐ8) - Unknown owner - C:\WINDOWS\system32\appyh32.exe (file missing)

--
End of file - 5469 bytes

0

Scan with HijackThis and then place a check next to all the following, if present:


O20 - AppInit_DLLs: c:\windows\system32\pmnllli.dll,avgrsstx.dll,

O23 - Service: Remote Procedure Call (RPC) Helper ( 6QÔõ'ª´ÆÐ8) - Unknown owner - C:\WINDOWS\system32\appyh32.exe (file missing)


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

files...

c:\windows\system32\pmnllli.dll

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear.

Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

====

Download
SDFix
and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the
following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the
    Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract
    All
    ,
  • Open the extracted folder and double click RunThis.bat to
    start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the
    registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool
    will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and
    display Finished, then press any key to end the script and load
    your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the
    contents of the results file Report.txt back onto the forum with
    a new HijackThis log
0
The SDFix report

**SDFix: Version 1.194 **
Run by Owner on Wed 06/18/2008 at 10:23 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\Owner\Desktop\SDFix\SDFix

**Checking Services **:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


**Checking Files **: 

Trojan Files Found:

C:\WINDOWS\system32\tmp109.tmp.dll - Deleted
C:\WINDOWS\system32\tmp11B.tmp.dll - Deleted
C:\WINDOWS\system32\tmp36.tmp.dll - Deleted
C:\WINDOWS\system32\tmpD1.tmp.dll - Deleted
C:\WINDOWS\system32\TFTP1024 - Deleted
C:\WINDOWS\system32\TFTP1792 - Deleted
C:\WINDOWS\system32\TFTP2244 - Deleted
C:\WINDOWS\system32\TFTP2304 - Deleted
C:\WINDOWS\system32\TFTP3020 - Deleted
C:\WINDOWS\system32\TFTP3096 - Deleted
C:\WINDOWS\system32\TFTP3148 - Deleted
C:\WINDOWS\system32\TFTP3160 - Deleted
C:\WINDOWS\system32\TFTP3688 - Deleted
C:\WINDOWS\system32\TFTP3728 - Deleted
C:\WINDOWS\system32\TFTP4060 - Deleted





Removing Temp Files

**ADS Check **:



                                 **Final Check **:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2008-06-18 10:35:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\Documents and Settings\Owner\My Documents\Converted Videos\iPod\H264\Family Guy : Stewie Griffin The Untold Story.mp4 429654982 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


**Remaining Services **:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"="C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe:*:Disabled:BackWeb-137903"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\Owner\\My Documents\\download\\sportmasta957\\New Folder\\cs2d\\CounterStrike2D.exe"="C:\\Documents and Settings\\Owner\\My Documents\\download\\sportmasta957\\New Folder\\cs2d\\CounterStrike2D.exe:*:Enabled:CounterStrike2D"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Documents and Settings\\Owner\\My Documents\\download\\nicko9579\\cs2d\\CounterStrike2D.exe"="C:\\Documents and Settings\\Owner\\My Documents\\download\\nicko9579\\cs2d\\CounterStrike2D.exe:*:Enabled:CounterStrike2D"
"C:\\Documents and Settings\\Owner\\My Documents\\download\\nicko9579\\cs2d_0103\\CounterStrike2D.exe"="C:\\Documents and Settings\\Owner\\My Documents\\download\\nicko9579\\cs2d_0103\\CounterStrike2D.exe:*:Enabled:CounterStrike2D"
"C:\\Documents and Settings\\Owner\\My Documents\\download\\nicko9579\\cs2d_0104\\CounterStrike2D.exe"="C:\\Documents and Settings\\Owner\\My Documents\\download\\nicko9579\\cs2d_0104\\CounterStrike2D.exe:*:Enabled:CounterStrike2D"
"C:\\Documents and Settings\\Owner\\My Documents\\download\\nicko9579\\cs2d_0104\\CounterStrike 2D.exe"="C:\\Documents and Settings\\Owner\\My Documents\\download\\nicko9579\\cs2d_0104\\CounterStrike 2D.exe:*:Enabled:CounterStrike 2D"
"C:\\Program Files\\Steam\\SteamApps\\scop3r957\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\scop3r957\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Documents and Settings\\Owner\\Application Data\\tmp14.tmp.exe"="C:\\Documents and Settings\\Owner\\Applic"
"C:\\Documents and Settings\\Owner\\Application Data\\tmp1B.tmp.exe"="C:\\Documents and Settings\\Owner\\Applic"
"C:\\Documents and Settings\\Owner\\Application Data\\tmp18.tmp.exe"="C:\\Documents and Settings\\Owner\\Applic"
"C:\\WINDOWS\\system32\\eulrlkwy.exe"="C:\\WINDOWS\\system32\\eul"
"C:\\Documents and Settings\\Owner\\Application Data\\tmp29.tmp.exe"="C:\\Documents and Settings\\Owner\\Applic"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Documents and Settings\\Owner\\Application Data\\tmp25.tmp.exe"="C:\\Documents and Settings\\Owner\\Applic"
"C:\\Documents and Settings\\Owner\\Application Data\\tmp2E.tmp.exe"="C:\\Documents and Settings\\Owner\\Applic"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Disabled:AOL Loader"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Disabled:BitTorrent"
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Disabled:BitTorrent DNA"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

**Remaining Files **:


File Backups: - C:\DOCUME~1\Owner\Desktop\SDFix\SDFix\backups\backups.zip

**Files with Hidden Attributes **:

Tue  3 Aug 2004           196 A.SHR --- "C:\BOOT.BAK"
Mon 28 Jan 2008     1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008     5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008     2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Tue  6 Nov 2007         6,473 A.SH. --- "C:\WINDOWS\system32\llnmp.bak1"
Tue 20 Nov 2007       438,368 A.SH. --- "C:\WINDOWS\system32\llnmp.bak2"
Wed 12 Sep 2007         6,448 A.SH. --- "C:\WINDOWS\system32\stutv.bak1"
Thu 20 Sep 2007     1,979,794 A.SH. --- "C:\WINDOWS\system32\stutv.bak2"
Thu 27 Jul 2006       209,639 A.SH. --- "C:\WINDOWS\system32\ututv.bak1"
Mon  7 Aug 2006       441,314 A.SH. --- "C:\WINDOWS\system32\ututv.bak2"
Mon  9 Aug 2004         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon  9 Aug 2004           782 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv13.bak"
Wed  2 Jun 2004         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.key.bak"

**Finished!**

---

The HJT report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:23 AM, on 6/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\My Documents\My Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://us8.hpwis.com/[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.yahoo.com[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com[/url]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\tmpD1.tmp.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [SetDefaultMIDI] MIDIDef.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [SetDefaultMIDI] MIDIDef.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Startup: Greetings Workshop Reminders.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - [url]http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab[/url]
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - [url]http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{293BE57A-2433-4323-9468-2CC774303307}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{293BE57A-2433-4323-9468-2CC774303307}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{293BE57A-2433-4323-9468-2CC774303307}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Remote Procedure Call (RPC) Helper (  6QÔõ'ª´ÆÐ8) - Unknown owner - C:\WINDOWS\system32\appyh32.exe (file missing)

--
End of file - 5426 bytes

Edited by Reverend Jim: Fixed formatting

0

Scan with HijackThis and then place a check next to all the following, if present:


O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\tmpD1.tmp.dll (file missing)

O23 - Service: Remote Procedure Call (RPC) Helper ( 6QÔõ'ª´ÆÐ8) - Unknown owner - C:\WINDOWS\system32\appyh32.exe (file missing)


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===========

Copy and paste the following bold blue text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.bat to your desktop.
Then double click on the fix.bat file on your desktop
You'll see a black screen flash,thats normal.

@echo off
sc stop RPC
sc delete RPC

Restart your PC.

===========

Download and run Winsockfix from here http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml

===========

How is the pc now?

0

The internet still wont work in the normal mode. When i first start-up the computer in the normal mode, I can access the internet for about 30 seconds. So I'll open it and it will show my homepage (google), then i will go to a random website (lets say yahoo), then after that, it just doesn't do anything if i try to do anything else. After about 5 minutes of not loading or doing anything, it just says Cannot Find Server.

I'm going to download that AVAST anti-virus even though I have AVG, because AVG can't update in safe mode w/ networking, or run for that matter.

0

Download LSPfix from here
On the opening screen, click the "I know what I'm doing" checkbox and then click Finish.

==========

Open up a command prompt and type in ipconfig /flushdns and hit enter.

Reboot and check again.

0

i mean i downloaded it, and it still didn't fix the computer

0

ok, i did hp recovery, and it fixed it. i had to re-install everything but now i can access the internet, updated to windows version sp3 or whatever it's called. now i have a different problem, the computer freezes every time i try to open up something. so i try to watch a video on youtube, it freezes after about 20 seconds, try to connect to steam (for games), it usually freezes, i have no clue, but the cpu temp is 55*C and sum1 said that isn't too bad, so i'm stuck... again.

0

Temp on the cpu is dependant on it's Make/Model. 55C is ok for Intel but maybe no so for some AMD.
Uninstall SP3 and see if the problem goes away.

0

Try removing all unnecessary peripherals including optical drives and use only one stick of RAM. If the freezing goes away, refit each removed component one at a time with a reboot in between and see how it goes.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.