InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : can't access certain websites? |
|
Answer» Quote from: DANKK on May 29, 2008, 11:11:36 PM Quote from: Broni on May 29, 2008, 06:17:39 PMI want you to run one more program (if it'll run)... any further hope on this before I reformat the harddrrive?I had a similar problem, then I found his forum... try checking your "host" file... it worked for me http://www.broadbandreports.com/forum/remark,10186774 I lost this thread, somehow. I think, I didn't get any email notification. DANKK, if you're still there, please, update me on your computer status.Quote from: Broni on June 06, 2008, 03:24:12 PM I lost this thread, somehow. I think, I didn't get any email notification.I want you to run one more program (if it'll run)... Download SDFix (http://downloads.andymanchesta.com/removaltools/sdfix.exe) and save it to your Desktop. * Run the SDFix.exe by double clicking on it. * Allow it to install into the default location which is c:\SDFix * Now please reboot your computer into Safe Mode: # After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; # Instead of Windows loading as normal, the Advanced Options Menu should appear; # Select the first option, to run Windows in Safe Mode, then press Enter. * When you have booted into safe mode, open the C:\SDFix folder and double click RunThis.bat to start the script. * Type Y to begin the cleanup process. * It will remove any Trojan Services or Registry entries found and then prompt you to press any key to Reboot. * Press any Key and it will restart the PC. * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. * Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt. * Attach the Report.txt file to your next message. SDFix: Version 1.186 Run by DAN on Thu 05/29/2008 at 06:40 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Restoring Default Desktop Wallpaper Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\000060.exe - Deleted C:\WINDOWS\system32\000090.exe - Deleted C:\WINDOWS\astctl32.ocx - Deleted C:\WINDOWS\default.htm - Deleted C:\WINDOWS\hosts - Deleted C:\WINDOWS\rundll32.vbe - Deleted C:\WINDOWS\system32\drivers\hosts - Deleted C:\WINDOWS\system32\hljwugsf.bin - Deleted C:\WINDOWS\xxxvideo.hta - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-29 21:48:00 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUIL anguages\RCV2\clb.dll] "0"=hex:00,00,28,0a,01,00,05,00 "1"=hex:b6,00,b6,eb,2f,6b,03,cb,5a,e8,c3,ac,b9,40,38,e1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUIL anguages\RCV2\clbcatex.dll] "0"=hex:2a,00,3e,11,0c,00,d1,07 "1"=hex:cf,24,2a,85,a4,d7,fe,3c,03,76,96,fe,18,b6,ec,d3 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUIL anguages\RCV2\clbcatq.dll] "0"=hex:2a,00,3e,11,0c,00,d1,07 "1"=hex:6a,b7,9d,1d,7d,d8,1d,46,23,79,12,2a,da,6a,19,42 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\vmdesched.sys] @="driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Network\vmdesched.sys] @="driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\clbdriv er] "start"=dword:00000001 "type"=dword:00000001 "imagepath"=str(2):"\??\globalroot\systemroot\system32\driver s\vmdesched.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILangu ages\RCV2\clb.dll] "0"=hex:00,00,28,0a,01,00,05,00 "1"=hex:b6,00,b6,eb,2f,6b,03,cb,5a,e8,c3,ac,b9,40,38,e1 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILangu ages\RCV2\clbcatex.dll] "0"=hex:2a,00,3e,11,0c,00,d1,07 "1"=hex:cf,24,2a,85,a4,d7,fe,3c,03,76,96,fe,18,b6,ec,d3 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILangu ages\RCV2\clbcatq.dll] "0"=hex:2a,00,3e,11,0c,00,d1,07 "1"=hex:6a,b7,9d,1d,7d,d8,1d,46,23,79,12,2a,da,6a,19,42 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Min imal\vmdesched.sys] @="driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Net work\vmdesched.sys] @="driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\clbdriver] "start"=dword:00000001 "type"=dword:00000001 "imagepath"=str(2):"\??\globalroot\systemroot\system32\driver s\vmdesched.sys" scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\clbImageData] "affid"="7" "subid"="run04" "control"=hex:1a,00,15,13,07,11,18,1f,14,0a,49,09,4b,1a,09,50 ,11,e5,f5 "prov"="10010" "googleadserver"="pagead2.googlesyndication.com" "flagged"=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Shell Extensions\Approved\{443EA021-5049-9583-E2C5-EC68521FB889}] "famgilbokocb"=hex:68,61,6f,62,6b,61,69,6d,68,61,64,62,6f,6c, 62,6b,00,02 "famgilbokopa"=hex:68,61,6f,62,6b,61,69,6d,68,61,64,62,6f,6c, 62,6b,00,02 "faaghhcjldie"=hex:61,61,00,00 scanning hidden files ... C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll 110080 bytes executable C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll 498688 bytes executable C:\WINDOWS\system32\drivers\vmdesched.sys 6656 bytes executable C:\WINDOWS\system32\clb.dll 10752 bytes executable C:\WINDOWS\system32\clbcatex.dll 110080 bytes executable C:\WINDOWS\system32\clbcatq.dll 498688 bytes executable C:\WINDOWS\system32\cdosys.dll 31560 bytes executable C:\WINDOWS\system32\clbinit.dll 1695 bytes C:\WINDOWS\system32\dllcache\clb.dll 10752 bytes executable C:\WINDOWS\system32\dllcache\clbcatex.dll 110080 bytes executable C:\WINDOWS\system32\dllcache\clbcatq.dll 498688 bytes executable C:\WINDOWS\$NtUninstallKB902400$\clbcatex.dll 110080 bytes executable C:\WINDOWS\$NtUninstallKB902400$\clbcatq.dll 501248 bytes executable scan completed successfully hidden processes: 0 hidden services: 1 hidden files: 13 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shareda ccess\parameters\firewallpolicy\standardprofile\authorizedapp lications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmg r.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0" "C:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.EXE"="C:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.EXE:*:Disabled:pcAnywhe re Host Service" "C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"="C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe:*:Disabled:pcAnywher e Remote Service" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\APC\\PowerChute Business Edition\\server\\pbeserver.exe"="C:\\Program Files\\APC\\PowerChute Business Edition\\server\\pbeserver.exe:*:Disabled:PowerChute Business Edition Server" "C:\\Program Files\\Common Files\\AOL\\1170644168\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1170644168\\ee\\aolsoftware.exe:*:Enabled:AOL Shared Components" "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader" "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk" "C:\\Program Files\\Symantec\\pcAnywhere\\WINAW32.EXE"="C:\\Program Files\\Symantec\\pcAnywhere\\WINAW32.EXE:*:Disabled:pcAnywher e Main Program" "C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Disabled:Bonjour" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Disabled:Skype" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shareda ccess\parameters\firewallpolicy\domainprofile\authorizedappli cations\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmg r.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Wed 1 Sep 2004 54,384 A..H. --- "C:\Program Files\America Online 9.0\aolphx.exe" Wed 1 Sep 2004 156,784 A..H. --- "C:\Program Files\America Online 9.0\aoltray.exe" Wed 1 Sep 2004 31,344 A..H. --- "C:\Program Files\America Online 9.0\RBM.exe" Tue 20 May 2008 377 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti705.tmp" Tue 20 May 2008 114 A..H. --- "C:\Program Files\InterActual\InterActual Player\itiAF.tmp" Wed 19 Apr 2006 95,892 A..H. --- "C:\Program Files\Walgreens\Walgreens PhotoShow 4\data\Walgreens PhotoShow Express.exe" Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8 c0d990dc65796\BIT5.tmp" Wed 25 May 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp" Wed 25 May 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp" Fri 10 Jun 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp" Fri 10 Jun 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp" Finished! How is your computer doing?Quote from: Broni on June 06, 2008, 11:18:22 PM How is your computer doing?See, if Malwarebytes will run now. |
|