Okay, we have some work to do!
Please re-open HiJackThis and click on System Scan Only. Check the boxes next to all the entries listed below.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
(NOTE: If you have set up your home page to come up blank, leave this entry. If you have not, check the box for removal)
O2 - BHO: (no name) - {35D021EC-EED3-46B9-892E-BDBF412A4942} - (no file)
O2 - BHO: (no name) - {E49E9F3D-BB3C-4165-BB8C-9DA169A87B69} - (no file)
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - (no file)
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - (no file)
O20 - Winlogon Notify: cbXRIbAp - cbXRIbAp.dll (file missing)
O20 - Winlogon Notify: pnmoylll - pnmoylll.dll (file missing)
O20 - Winlogon Notify: vicsguuy - vicsguuy.dll (file missing)
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\mohsin\My Documents\My Pictures\128157190307_0_BG.jpg
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\mohsin\My Documents\My Pictures\262977190307_0_BG.jpg
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\mohsin\My Documents\My Pictures\592977190307_0_BG.jpg
Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into Safe Mode.
Stsrt> Run> msconfig> enter> Selective Startup> Startup tab> UNCHECK any entries for:
Trend Micro Security Suite and/or any components, in particular Transaction Protector> Apply> OK
Control Panel> Add/remove Programs> UNINSTALL Trend Micro Security Suite and/or components.
To remove the 024 Desktop entries:
Start> Control Panel> Display> Desktop> Customize Desktop>
Web tab> uncheck and delete everything you find in there (except for "My current home page")> Also
remove the check mark from the the Lock Desktop Items box if it is checked> Apply> OK> Close.[/QUOTE]
Reboot into Normal Mode: NOTE: You will get a nag message that you can ignore and close after checking 'don't show this message again.' Stay in Selective Startup.
Note re Transaction Protector:These entries appear to be left over from Trend Micro PC-cillin Internet Security Pro . They are not configured correctly and the program needs to be completely uninstalled,
O2 - BHO: TransactionProtector BHO> Wi-Fi Advisor: Checks the credibility and legitimacy of Hotspots and Wi-Fi networks.
O3 - Toolbar: Transaction Protector > Keystroke Encryption :scrambles the identity of your keystrokes using Local SSL technology, protects you from keystroke recording programs.
Please download ComboFix from
HERE
With ComboFix, at the download window, please
rename it to Combo-Fix(.exe) before downloading it.
Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.
• Run Combo-Fix.exe and follow the prompts.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
• Wait for the scan to be completed.
• If it requires a reboot, please do it.
• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)
Do not click on the ComoboFix window, as it may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Run HijackThis again and attach new log and ComboFix report.
Please verify the following:
Did you set these proxies up?
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.emirates.net.ae:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = proxy1.emirates.net.ae:8080 <local>
Is this your ISP?
O17 - HKLM\System\CCS\Services\Tcpip\..\{23DF50E9-62C1-41A5-9321-514204E2F871}: NameServer = 213.42.20.20,195.229.241.222
netname: ETISALAT-IANDES-EMIRNET
descr: Emirates Telecommunication Corporation
descr: P.O. Box 1150, Dubai, UAE
country: AE