Hello,

As you can guess I have Malware issues, as do most who post here. My problem is that the programs and items that I read to download to do an Initial Cleaning I can't get to. Perhape the Malware is worst than I imagined but when I clicked the link for ATFCleaner or the Microsoft Tool, Firefox (My main browser) can't access the page, nor can IE or the new Opera I installed. Even when I try to google search it to download from a different source I get stopped again and force to a completly different site.

My question is should I post a HJT log seeing as I can't download anything else and work from there? If it helps I tried to do it myself with just HJT and deleting the problems with the Analyzer, in normal AND safe mode and they keep coming back, opening random windows when ever on online.

Any advice would be great,

Thank You

V.

DON'T use the HJT analyzer for info. That is way out of date. If you can run HJT do so and post a log.

Here you go.

Frankly have never seen a log like this one. The computer is obviously seriously infected. One reason being is you have no anti-virus program running at all.
Know you have tried Safe Mode, but have you tried downloading in Safe Mode with Networking?
Don't download and install just download to the desktop.
You are showing multiple instances of Spybot running, why?
Turn off Spybot TeaTimer it will interfere with any fixes.
I have to stress here HiJackThis is NOT a fixer program but a scanner program and using the Analyzer is just not recommended. If you have done fixes using that see if you can restore them.
Are you able to access ESET Online scanner or one of the other online scanners recommended in the Read Me Sticky at the top of the page?
Also please don't attach your logs, copy/paste them.

Well I'm in Safe Mode with Networking and I still can't get any sites to work or download any programs. I've tried clicking the links, typing the link, and going around through another downloading site. I managed to download AVG but its fails on every install. All of my normal sites work, just anything thats "downloading" or "anti malware" convienently "Can't connect" to...

Edit- Update! I managed to install AVG BUT it fails to update...still trying different things to get other programs to download.

Alright, I could only obtain a HJT log and Uninstall log. The other 2 scanners didn’t work out how I wished. I downloaded the ESET Program as I couldn’t get to the ESET website. It scans but I can’t get a log nor can I update it. I download Malwarebyte’s program to but it won’t open to install. Also now my normal safe mode just freezes up when I try to enter it and Safe Mode with Network still has the same problems, I can visit the site you recommend and nothing scans in safe mode obviously.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:21:30 PM, on 11/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\DOCUME~1\rob\LOCALS~1\Temp\csrssc.exe
C:\Program Files\Speedy P2P Movie Finder\speedy\Speedy P2P Movie Finder\Speedy P2P Movie Finder.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Opera\opera.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {6CAB59B4-55A3-4737-9FD5-B93C6430BF77} - C:\WINDOWS\system32\beapebgp.dll
O2 - BHO: (no name) - {73259091-9574-4ED8-A40F-7F65AFC28634} - C:\WINDOWS\system32\xxyyaBsR.dll
O2 - BHO: (no name) - {B5327F8E-3D0A-4403-B381-439D2130F40D} - (no file)
O2 - BHO: {98a88608-e00e-cc89-7d44-b844a1a9ebab} - {babe9a1a-448b-44d7-98cc-e00e80688a89} - C:\WINDOWS\system32\ckroom.dll
O2 - BHO: (no name) - {c445e615-c1c5-4a1f-a19d-2a321c94101e} - C:\WINDOWS\system32\wakozawa.dll (file missing)
O2 - BHO: (no name) - {CAF99E10-855C-4B8D-A90B-27F0E8A90F68} - C:\WINDOWS\system32\urqOGVMD.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [tetidosile] Rundll32.exe "C:\WINDOWS\system32\ridilave.dll",s
O4 - HKLM\..\Run: [{0C-C8-87-73-DW}] c:\windows\system32\dwwnw64r.exe DWmmm01FF
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [d850c8dc] rundll32.exe "C:\WINDOWS\system32\udrgrsii.dll",b
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
O4 - HKCU\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\rob\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [Speedy P2P Movie FinderAutoStart] C:\Program Files\Speedy P2P Movie Finder\speedy\Speedy P2P Movie Finder\Speedy P2P Movie Finder.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [tetidosile] Rundll32.exe "C:\WINDOWS\system32\ridilave.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [tetidosile] Rundll32.exe "C:\WINDOWS\system32\ridilave.dll",s (User 'NETWORK SERVICE')
O4 - Startup: Speedy P2P Movie Finder.lnk = C:\Program Files\Speedy P2P Movie Finder\Speedy P2P Movie Finder.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\logozama.dll ckroom.dll
O20 - Winlogon Notify: xxyyaBsR - C:\WINDOWS\SYSTEM32\xxyyaBsR.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6463 bytes



Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Age of Mythology
AI RoboForm (All Users)
Apple Software Update
Ashampoo WinOptimizer Platinum 3
CCleaner (remove only)
ConvertXtoDVD 3.0.0.9
Creative Media Lite
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DVD Shrink 3.2
EPSON Printer Software
ESET NOD32 Antivirus
Guitar Pro 5.0
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Marvell Miniport Driver
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9
Microsoft Digital Image Pro 9
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.18)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML4 Parser
Nero 7 Essentials
NVIDIA Drivers
Opera 9.62
QuickTime
QuickTime Alternative 2.5.1
Realtek High Definition Audio Driver
Rhapsody Player Engine
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Ventrilo Client
Verizon Online DSL
VideoLAN VLC media player 0.8.6h
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft

I have to be totally honest here, you may very well be fighting a losing battle where the best option is a total reformat and reload. The system is grossly infected with multiple unknowns.
But let's try a bit more if you want. Frankly don't know if either of these will work but here goes;
Try this first:
Download SDFix.exe (http://www.bleepingcomputer.com/files/sdfix.php) and save it to your desktop.
Now, double-click on the SDFix icon that should now be residing on your desktop. If a Open File - Security Warning box opens, click on the Run button.
A window will now open showing SDFix being extracted into the C:\SDFix folder. Once the installation program has finished extracting SDFix, it will open a Notepad with further instructions.


Next, please reboot your computer into Safe Mode (http://www.bleepingcomputer.com/tutorials/tutorial61.html) by doing the following:

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.
When you are at the logon prompt, log in as the same user that you had performed the previous steps as.

When your computer has started in safe mode, and you see the desktop, close all open Windows.
Click on the Start button, click on the Run menu option, and type the following into the Open: field:

C:\SDFix\RunThis.bat

Then press the OK button.
The SDFix window will open containing some brief info and a disclaimer on the use of the tool.


If you want to continue, please press the Y key on your keyboard and then press enter.
SDFix will now start scanning your computer for known infections.
This process can take a while, so you may want to do something else and periodically check back on the status of SDFix. As the scanning process continues you will continue to see new messages on the screen.
When the scanning process has finished you will see a new screen stating that you need to restart your computer in order to continue.

At this point you should press any key on your computer's keyboard in order to restart the computer.
After your computer reboots SDFix will automatically start and perform a last check.
You will now be presented with a screen stating that SDFix has finished.
At this point you should press any key on your computer's keyboard in order to continue to your desktop.
When you are back at your Windows desktop, the SDFix log will automatically be opened in notepad.
Please save this log and post back here with it. I ask that you please copy/paste the log and don't attach it.

Next do this.
Please download Dr Web-Cureit! (ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe)
Save the folder to your desktop.
Don't run it yet.

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.

Run Dr Web-Cureit!
Double-click the "drweb-cureit.exe" and click "ok" in the prompt window that will open, asking "start the express scan now".
It will first make a quick scan of your system, let it clean what it finds, and when it says "done" in the lower left corner click on all your drive's.
A red dot will mark the selected drive(s) . Then hit the pedestrian who now has turned green.
Click on the green man in the right corner, it will scan ALL your drive's, hit yes to all.

Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer back to normal mode.
Post back here with the log.

Can't use either of those as well...so now I must reinstall everything over again? Won't there still be threats on my PC however?

Can't use either of those as well...so now I must reinstall everything over again? Won't there still be threats on my PC however?
A complete format and reload will clean the hard drive and all infection should be gone. Yes, I am sorry, you will have to reinstall everything after the reformat.
You would first install the operating system, drivers, etc. Then go to Windows website and install all updates. Install an anti-virus program and firewall. Then reinstall all your programs and look for updates for each and install.
I am sorry but there is so much infection on the computer that crucial system files have more than likely been damaged also so even if you get the infections off chances are the computer wouldn't run correctly anyway.
Please know the very last thing I suggest is a reformat and reload but for situations like this it very likely is the easiest way and probably the fastest way to go. You will need to use all the disks that came with the computer so be sure you have all those.

Oh well, I thank you for what you could do. I WILL be more careful after this experience. Thank you again =).

Sorry I couldn't have been more help.
Judy