can not browse using url's only ip's work

You've still got major problems. Before proceeding with HJT, download and run Ad Aware and SpyBot. Allow them to fix whatever they find and then post a fresh HJT log.

Links to the downloads are in my sig below. Also- follow the configuration instructions in the "Setting up Ad Aware and SpyBot" link before running the programs.

thanks for your quick reply, off to golf and then will do.

peace out!!

Cool- we'll be here.

And yeah- you'll definitely want to relax with some golfing before the shock of dealing with the 300+ pieces of malware that Ad Aware and SpyBot are going to find on your system...

:mrgreen:

thanks!! golf was good!!

here is the latest hijack.log after running ad aware and spybot.

Logfile of HijackThis v1.97.7
Scan saved at 9:47:06 PM, on 6/23/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\WINNT\System32\cpqalert.exe
C:\WINNT\CPQDIAG\CPQDFWAG.EXE
C:\Program Files\COMPAQ\CpqWebDMI\webdmi.EXE
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Compaq\LCRMS\LCRMS.EXE
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\wanmpsvc.exe
c:\dmi\win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
c:\winnt\system32\microsoft\temp\FireDaemon.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
c:\winnt\system32\microsoft\temp\sud.exe
C:\WINNT\System32\cpqdmi.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\system32\CHKADMIN.EXE
C:\WINNT\SYSTEM32\3cmlink.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINNT\SYSTEM32\3cshtdwn.exe
C:\WINNT\SYSTEM32\3cmlink.exe
C:\Program Files\Compaq\Easy Access Keyboard\MEDIACTR.EXE
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Compaq\Easy Access Keyboard\MMUSBKB2.EXE
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ole2nls.exe
C:\Program Files\Canon\ZoomBrowser EX\Program\ZoomBrowser.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcydsl/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcydsl/defaults/*http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcydsl/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/sbcydsl/defaults/*http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Easy Access Keyboard] C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CHKADMIN] CHKADMIN.EXE
O4 - HKLM\..\Run: [3c1807pd] C:\WINNT\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [W1N32.DLL] C:\WINNT\WINLOGON.exe
O4 - HKLM\..\Run: [NAV Live Update] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\lknqXXX.exe
O4 - HKLM\..\Run: [Windows Explorer] Explorer.exe
O4 - HKLM\..\Run: [Services] C:\WINNT\system32\cab\back32.exe C:\WINNT\system32\cab\service.exe
O4 - HKLM\..\Run: [Norton AntiVirus] C:\WINNT\SYSTEM32\fqqe.exe
O4 - HKLM\..\Run: [msupdate32] c:\winnt\system32\vga.exe
O4 - HKLM\..\Run: [Microsoft Netview] gesfm32.exe
O4 - HKLM\..\Run: [gqegbvqvc] C:\WINNT\SYSTEM32\fqecvs.exe
O4 - HKLM\..\Run: [realplayer] C:\WINNT\system32\msgsv32.exe
O4 - HKLM\..\Run: [vaxxa] C:\WINNT\SYSTEM32\vdars.exe
O4 - HKLM\..\Run: [davadqqec] C:\WINNT\SYSTEM32\fdfdq.exe
O4 - HKLM\..\Run: [Ssdqwa] bgdw.exe
O4 - HKLM\..\Run: [vdata] C:\WINNT\SYSTEM32\fqecs.exe
O4 - HKLM\..\Run: [sghvvnra] rFeaturePres
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [bsfqwa] ggwdw.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [gvrcub] C:\WINNT\mymw.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDDVK] C:\WINNT\system32\BDDVK.exe
O4 - HKLM\..\Run: [RecoverFromReboo] C:\WINNT\Temp\RECOVE~1.EXE
O4 - HKLM\..\RunServices: [Windows Explorer] Explorer.exe
O4 - HKLM\..\RunServices: [Microsoft Netview] gesfm32.exe
O4 - HKLM\..\RunServices: [Ssdqwa] bgdw.exe
O4 - HKLM\..\RunServices: [sghvvnra] rFeaturePres
O4 - HKLM\..\RunServices: [bsfqwa] ggwdw.exe
O4 - HKCU\..\Run: [LTM2] C:\WINNT\litmus\SVCHOSTÿ.exe
O4 - HKCU\..\Run: [ole2nls] C:\WINNT\system32\ole2nls.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC23-BC8000000000} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2742c8dcaeadd3bcfd22/netzip/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37877.4946412037
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/aolim/install.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{205A63B3-7D0B-4430-912A-5D8B85359CC7}: NameServer = 151.164.1.8,206.13.28.12

take care!!!

OK- just got back from my girlfriend's kid's birthday dinner, and I'm off to bed soon. If no one picks up on this before tomorrow morning I'll get back to you then. Your log shows some obvious "nasties" in it, but it also has some suspicious looking stuff in it that I'm not sure about and just don't have the time to research tonight.

thanks for your help so far!!

i am a high school teacher so i am just chillin for the summer.

Sorry for the delay- the rest of the week just got very crazy.

Ok- you have a handful of nasty trojan/backdoor infections as well as a couple of bits of spyware.

I see that you're running both AVG and Norton; you should only use one AV program at a time. I'd highly suggest making sure your virus definitions are up to date and running a full system scan with one of those utilities. Additionally, you should probably do one of the free online virus scans:

http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
http://www.ravantivirus.com/scan/

-------------------------------------------
In HJT, check and fix the following:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [W1N32.DLL] C:\WINNT\WINLOGON�*.exe
O4 - HKLM\..\Run: [NAV Live Update] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\lknqXXX.exe
O4 - HKLM\..\Run: [Windows Explorer] Explorer�*.exe
O4 - HKLM\..\Run: [Services] C:\WINNT\system32\cab\back32.exe C:\WINNT\system32\cab\service.exe
O4 - HKLM\..\Run: [Norton AntiVirus] C:\WINNT\SYSTEM32\fqqe.exe
O4 - HKLM\..\Run: [msupdate32] c:\winnt\system32\vga.exe
O4 - HKLM\..\Run: [Microsoft Netview] gesfm32.exe
O4 - HKLM\..\Run: [gqegbvqvc] C:\WINNT\SYSTEM32\fqecvs.exe
O4 - HKLM\..\Run: [vaxxa] C:\WINNT\SYSTEM32\vdars.exe
O4 - HKLM\..\Run: [davadqqec] C:\WINNT\SYSTEM32\fdfdq.exe
O4 - HKLM\..\Run: [Ssdqwa] bgdw.exe
O4 - HKLM\..\Run: [vdata] C:\WINNT\SYSTEM32\fqecs.exe
O4 - HKLM\..\Run: [sghvvnra] rFeaturePres
O4 - HKLM\..\Run: [bsfqwa] ggwdw.exe
O4 - HKLM\..\Run: [gvrcub] C:\WINNT\mymw.exe
O4 - HKLM\..\Run: [BDDVK] C:\WINNT\system32\BDDVK.exe
O4 - HKLM\..\Run: [RecoverFromReboo] C:\WINNT\Temp\RECOVE~1.EXE
O4 - HKLM\..\RunServices: [Windows Explorer] Explorer�*.exe
O4 - HKLM\..\RunServices: [Microsoft Netview] gesfm32.exe
O4 - HKLM\..\RunServices: [Ssdqwa] bgdw.exe
O4 - HKLM\..\RunServices: [sghvvnra] rFeaturePres
O4 - HKLM\..\RunServices: [bsfqwa] ggwdw.exe
O4 - HKCU\..\Run: [LTM2] C:\WINNT\litmus\SVCHOSTÿ.exe
O4 - HKCU\..\Run: [ole2nls] C:\WINNT\system32\ole2nls.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2742c8dcaeadd3...ip/RdxIE601.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/...lim/install.cab

You might also want to axe the "Viewpoint Manager" also.

Then:

Clear your cookies and browser cache, delete all Tempory Internet Files (enable the "delete ofline content" option when you do this)

Empty your trash

Reboot into safe mode

Set Windows Explorer to display all files (including hidden and system); find and delete every file referenced in the above "04" HJT entries

Find and delete the entire "wt" folder

Delete the "litmus" folder if it exists

Empty the trash and run the Anti-virus and anti-spyware programs again to see if the system comes up clean.

i did everything that you recommended. i ran avg and the system is clean. i ran spybot and i keep getting DSO Exploit after scanning. i try to fix them and run spybot again and they re-appear. is this a problem?

after this all the browser still will not let me browse using the url's.

the following is the latest hjt listing:

Logfile of HijackThis v1.97.7
Scan saved at 3:42:33 PM, on 6/28/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\WINNT\System32\cpqalert.exe
C:\WINNT\CPQDIAG\CPQDFWAG.EXE
C:\Program Files\COMPAQ\CpqWebDMI\webdmi.EXE
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Compaq\LCRMS\LCRMS.EXE
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\wanmpsvc.exe
c:\dmi\win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
c:\winnt\system32\microsoft\temp\FireDaemon.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
c:\winnt\system32\microsoft\temp\sud.exe
C:\WINNT\System32\cpqdmi.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\system32\CHKADMIN.EXE
C:\WINNT\SYSTEM32\3cmlink.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\WINNT\SYSTEM32\3cshtdwn.exe
C:\WINNT\SYSTEM32\3cmlink.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Compaq\Easy Access Keyboard\MEDIACTR.EXE
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Compaq\Easy Access Keyboard\MMUSBKB2.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\EnterNet.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcydsl/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcydsl/defaults/*http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcydsl/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/sbcydsl/defaults/*http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Easy Access Keyboard] C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CHKADMIN] CHKADMIN.EXE
O4 - HKLM\..\Run: [3c1807pd] C:\WINNT\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [realplayer] C:\WINNT\system32\msgsv32.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RecoverFromReboo] C:\WINNT\Temp\RECOVE~1.EXE
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC23-BC8000000000} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37877.4946412037
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{205A63B3-7D0B-4430-912A-5D8B85359CC7}: NameServer = 151.164.1.8,206.13.28.12

again thanks for your help.

Don't sweat the SpyBot DSO message- it's a known bug. You can read about it here:

http://forums.net-integration.net/index.php?showtopic=17159&st=0&#entry81148

The presence of FireDeamon.exe and sud.exe indicate a possible trojan infection. See if the following applies to you:

http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q294/7/28.ASP&NoWebContent=1

Is it possible that you simply have a DNS problem? The conditions you desrcibe are exactly what would happen if your system couldn't contact a DNS server in the process of resolving URLs to their IP addresses.

Try this:

- Open a DOS box

- Type:
ping 64.233.167.99

and then:
ping www.google.com

If the first works, but the second doesn't (both pings should reasch Google), check the DNS server IP entries in your TCP/IP properties and make sure the IPs are present and correct.

:D

the wombat is finally nestling in my underbrush thank you very much.

i thank you, my wife thanks you and my three i.m. starved daughters thank you.

if i could send you virtual home made chocolate chip cookies i would.

keep up the good work.

i called sbc and they walked me through the dns problem and i am back online.

good luck to all of you computer angels!!!

peace out!!

:D

the wombat is finally nestling in my underbrush thank you very much.

Glad I could help Kevin, but... don't tell the wife about the Wombat- she might have a problem with the fact that someone other than she was having anything to do with your underbrush.

:mrgreen:

if i could send you virtual home made chocolate chip cookies i would.

Mmm, Yummy- Monster love virtual chocolate chip cookie...

[img]http://www.stevewolfonline.com/Downloads/DMR/Visuals/CookieMonster.jpg[/img]

Again, glad to have been of help. Happily marking this one as solved...

me too had a similar problem, ran Hijackthis, Adaware etc.etc... and finally THIS WORKED FOR ME.

Stop the DNS Client Service in the windows Computer Management Console.

Then everything was back to normal!

Hope this works for you!

Cheerio!
vJ

i did everything that you recommended. i ran avg and the system is clean. i ran spybot and i keep getting DSO Exploit after scanning. i try to fix them and run spybot again and they re-appear. is this a problem?

after this all the browser still will not let me browse using the url's.

the following is the latest hjt listing:

Logfile of HijackThis v1.97.7
Scan saved at 3:42:33 PM, on 6/28/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\WINNT\System32\cpqalert.exe
C:\WINNT\CPQDIAG\CPQDFWAG.EXE
C:\Program Files\COMPAQ\CpqWebDMI\webdmi.EXE
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Compaq\LCRMS\LCRMS.EXE
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\wanmpsvc.exe
c:\dmi\win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
c:\winnt\system32\microsoft\temp\FireDaemon.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
c:\winnt\system32\microsoft\temp\sud.exe
C:\WINNT\System32\cpqdmi.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\system32\CHKADMIN.EXE
C:\WINNT\SYSTEM32\3cmlink.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\WINNT\SYSTEM32\3cshtdwn.exe
C:\WINNT\SYSTEM32\3cmlink.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Compaq\Easy Access Keyboard\MEDIACTR.EXE
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Compaq\Easy Access Keyboard\MMUSBKB2.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\EnterNet.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcydsl/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcydsl/defaults/*http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcydsl/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/sbcydsl/defaults/*http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Easy Access Keyboard] C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CHKADMIN] CHKADMIN.EXE
O4 - HKLM\..\Run: [3c1807pd] C:\WINNT\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [realplayer] C:\WINNT\system32\msgsv32.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RecoverFromReboo] C:\WINNT\Temp\RECOVE~1.EXE
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC23-BC8000000000} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37877.4946412037
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{205A63B3-7D0B-4430-912A-5D8B85359CC7}: NameServer = 151.164.1.8,206.13.28.12

again thanks for your help.