Trojandownloader

I went ahead and deleted them all because my friend told me to get rid of them =/.

There is HJT log and Malware's log.

I don't think combofix is doing anything on my computer, a little window pops up (a loading bar) and when it's done it goes away and refreshes my desktop. A command window with a blue screen pops up soon after with some writing, but thats it.

Also, my task manager is gone. -.-

Download RatsCheddar.zip
It contains a program written by Rathat, and it is a Policy Controller.
Save and extract this program to the desktop.
Once extracted, click on the RatsCheddar.exe file.
Enable everything, then click Exit
Reboot your Computer.

: Download and Run DSS

Download Deckard's System Scanner (DSS) to your Desktop. You must be logged onto an account with administrator privileges.

• Close all applications and windows.
• Double-click on dss.exe to run it, and follow the prompts.
• When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<- this one will be minimized.
• Attach the main.txt and the extra.txt in your reply.

I really don't know how to properly thank kritius & Blind Dragon, I'm being very honest when I'm saying, This is the BEST community forums that I've EVER registered on.

I'm glad that you use your knowledge to help others with problems.

Also, when I ran RatsChedder it would give a popup of 'Failed to set data for DisableTaskMgr'

It does it for all of the choices too. When I rebooted my computer the TM still wasnt there.

Also, I downloaded COMODO firewall pro, and I'm really sick of all these popups im getting, I can't open or close a program, let alone go to a website without something coming up wanted me to allow or block... Is there anyway I can make it where it trusts apps?

I just opened up the program and I tried 2 sys restores eariler and now I have 5,000 files waiting to be approved...

Ill need to see a fresh DSS log after doing the system restore

I would love to provide you with a new DSS, but I tried to do system restore, 4, 3, & 2 weeks back, all of them failed. So the above DSS report would be the best to work bye.

Ah misread that, ill look over it later then.

Bring
Up
My
Post
:[ What do I do next. :[

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  Code:

  C:\Windows\userconfig9x.dll
  C:\Windows\system32winlogonpc.exe
  C:\Windows\system32mwin32.exe
  C:\Windows\system32hoproxy.dll
  C:\Windows\FVProtect.exe
  C:\Windows\a.bat
  C:\Windows\system32WINWGPX.EXE
  C:\Windows\system32winsystem.exe
  C:\Windows\system32vcatchpi.dll
  C:\Windows\system32vbsys2.dll
  C:\Windows\system32thun32.dll
  C:\Windows\system32thun.dll
  C:\Windows\system32temp#01.exe
  C:\Windows\system32taack.exe
  C:\Windows\system32taack.dat
  C:\Windows\system32sysreq.exe
  C:\Windows\system32ssvchost.exe
  C:\Windows\system32ssvchost.com
  C:\Windows\system32ssurf022.dll
  C:\Windows\system32sncntr.exe
  C:\Windows\system32Rundl1.exe
  C:\Windows\system32regm64.dll
  C:\Windows\system32regc64.dll
  C:\Windows\system32psoft1.exe
  C:\Windows\system32psof1.exe
  C:\Windows\system32ps1.exe
  C:\Windows\system32newsd32.exe
  C:\Windows\system32netode.exe
  C:\Windows\system32mtr2.exe
  C:\Windows\system32msvchost.exe
  C:\Windows\system32mssecu.exe
  C:\Windows\system32msnbho.dll
  C:\Windows\system32msgp.exe
  C:\Windows\system32medup020.dll
  C:\Windows\system32medup012.dll
  C:\Windows\system32hxiwlgpm.exe
  C:\Windows\system32hxiwlgpm.dat
  C:\Windows\system32h@tkeysh@@k.dll
  C:\Windows\system32emesx.dll
  C:\Windows\system32dpcproxy.exe
  C:\Windows\system32bsva-egihsg52.exe
  C:\Windows\system32bdn.com
  C:\Windows\system32awtoolb.dll
  C:\Windows\system32anticipator.dll
  C:\Windows\system32akttzn.exe
  C:\Users\All Users\hqzgtifc
  HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\DisableTaskMgr

• Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and attach that document back here in your next post.

HighjackThis Instructions

• Make sure you have the LATEST version of HJT (currently v2.0.2) it can be downloaded from HERE
• Run the HijackThis Installer and it will automatically place HJT in its own folder, usually C:\Program Files\Trend Micro\HijackThis. Please don't change the directory as it is necessary to create backups.
• After installing, the program launches automatically, select Scan now and save a log
• After the scan is complete attach the log into your reply.

Do not attempt to fix any item yet.
Do not add anything to the ignore list.
Don't use the AnalyseThis button, its findings are dangerous if misinterpreted.


Fix entries using HiJackThis

• Launch HiJackThis
• Click the Do a system scan only button
• Put a check next to the entries listed below

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O3 - Toolbar: (no name) - {54CF4CA2-C46C-4B5C-8DC5-0C0D42ECD69E} - (no file)
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)

• IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
• Click the Fix checked button and close HiJackThis
• Reboot HijackThis if necessary

LoadLibrary failed for C:\Windows\userconfig9x.dll
C:\Windows\userconfig9x.dll NOT unregistered.
C:\Windows\userconfig9x.dll moved successfully.
C:\Windows\system32winlogonpc.exe moved successfully.
C:\Windows\system32mwin32.exe moved successfully.
LoadLibrary failed for C:\Windows\system32hoproxy.dll
C:\Windows\system32hoproxy.dll NOT unregistered.
C:\Windows\system32hoproxy.dll moved successfully.
C:\Windows\FVProtect.exe moved successfully.
C:\Windows\a.bat moved successfully.
C:\Windows\system32WINWGPX.EXE moved successfully.
C:\Windows\system32winsystem.exe moved successfully.
LoadLibrary failed for C:\Windows\system32vcatchpi.dll
C:\Windows\system32vcatchpi.dll NOT unregistered.
C:\Windows\system32vcatchpi.dll moved successfully.
LoadLibrary failed for C:\Windows\system32vbsys2.dll
C:\Windows\system32vbsys2.dll NOT unregistered.
C:\Windows\system32vbsys2.dll moved successfully.
LoadLibrary failed for C:\Windows\system32thun32.dll
C:\Windows\system32thun32.dll NOT unregistered.
C:\Windows\system32thun32.dll moved successfully.
LoadLibrary failed for C:\Windows\system32thun.dll
C:\Windows\system32thun.dll NOT unregistered.
C:\Windows\system32thun.dll moved successfully.
C:\Windows\system32temp#01.exe moved successfully.
C:\Windows\system32taack.exe moved successfully.
C:\Windows\system32taack.dat moved successfully.
C:\Windows\system32sysreq.exe moved successfully.
C:\Windows\system32ssvchost.exe moved successfully.
C:\Windows\system32ssvchost.com moved successfully.
LoadLibrary failed for C:\Windows\system32ssurf022.dll
C:\Windows\system32ssurf022.dll NOT unregistered.
C:\Windows\system32ssurf022.dll moved successfully.
C:\Windows\system32sncntr.exe moved successfully.
C:\Windows\system32Rundl1.exe moved successfully.
LoadLibrary failed for C:\Windows\system32regm64.dll
C:\Windows\system32regm64.dll NOT unregistered.
C:\Windows\system32regm64.dll moved successfully.
LoadLibrary failed for C:\Windows\system32regc64.dll
C:\Windows\system32regc64.dll NOT unregistered.
C:\Windows\system32regc64.dll moved successfully.
C:\Windows\system32psoft1.exe moved successfully.
C:\Windows\system32psof1.exe moved successfully.
C:\Windows\system32ps1.exe moved successfully.
C:\Windows\system32newsd32.exe moved successfully.
C:\Windows\system32netode.exe moved successfully.
C:\Windows\system32mtr2.exe moved successfully.
C:\Windows\system32msvchost.exe moved successfully.
C:\Windows\system32mssecu.exe moved successfully.
LoadLibrary failed for C:\Windows\system32msnbho.dll
C:\Windows\system32msnbho.dll NOT unregistered.
C:\Windows\system32msnbho.dll moved successfully.
C:\Windows\system32msgp.exe moved successfully.
LoadLibrary failed for C:\Windows\system32medup020.dll
C:\Windows\system32medup020.dll NOT unregistered.
C:\Windows\system32medup020.dll moved successfully.
LoadLibrary failed for C:\Windows\system32medup012.dll
C:\Windows\system32medup012.dll NOT unregistered.
C:\Windows\system32medup012.dll moved successfully.
C:\Windows\system32hxiwlgpm.exe moved successfully.
C:\Windows\system32hxiwlgpm.dat moved successfully.
< C:\Windows\system32h@tkeysh@@k.dll >
LoadLibrary failed for C:\Windows\system32h@tkeysh@@k.dll
C:\Windows\system32h@tkeysh@@k.dll NOT unregistered.
C:\Windows\system32h@tkeysh@@k.dll moved successfully.
LoadLibrary failed for C:\Windows\system32emesx.dll
C:\Windows\system32emesx.dll NOT unregistered.
C:\Windows\system32emesx.dll moved successfully.
C:\Windows\system32dpcproxy.exe moved successfully.
C:\Windows\system32bsva-egihsg52.exe moved successfully.
C:\Windows\system32bdn.com moved successfully.
LoadLibrary failed for C:\Windows\system32awtoolb.dll
C:\Windows\system32awtoolb.dll NOT unregistered.
C:\Windows\system32awtoolb.dll moved successfully.
LoadLibrary failed for C:\Windows\system32anticipator.dll
C:\Windows\system32anticipator.dll NOT unregistered.
C:\Windows\system32anticipator.dll moved successfully.
C:\Windows\system32akttzn.exe moved successfully.
C:\Users\All Users\hqzgtifc moved successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\DisableTaskMgr >
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\DisableTaskMgr deleted successfully.
File/Folder not found.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04192008_182538

Ok, is your task manager working now?

Post a fresh hijackThis log for me please.

Ok, I ran HJT and did as you said,
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
Wasn't listed in the list.

I think I really messed up my computer. :[

Is it running ok now though?

I didnt expect it to still be present after the OTMoveIt script, but I had to be sure, post a fresh HiajckThis log for me.

Alrighty, my Task manager is back up (YES!) Does this mean that the infection is gone? Got any recommended programs to prevent from this BS from happening again?

Here is the HJT log that I just did.

Trojanspyware!!!

I am having all the same problems too. All of my icons keep going on and off the scree. I have the triangle in lower right corner and the pop about spyware on my computer. I have ran my spysweeper and my trend micro and nothing has fixed it.
what do i do now?

KUNZEE please start your own thread.

Frogshark40 your HJT log is clear, lets see how things are looking,

I would like you to do an online scan so that we can what else may be in your system,
Run Kaspersky online scanner
With the exception of Internet Explorer, which must be used for this scan, keep ALL programs closed
Note: It is recommended to disable onboard antivirus program and antispyware programs while performing scans to speed up scan time and to make sure there are no conflicts.
Do not go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable resident antivirus protection along with whatever antispyware application you use.

Do an online scan with Kaspersky Online Scanner in Internet Explorer. You will be prompted to install and run an ActiveX component from Kaspersky, Click Yes.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75%. Once the licence accepted, reset to 100%.

• The program will launch and then start to download the latest definition files.
• Once the scanner is installed and the definitions downloaded, click Next.
• Now click on Scan Settings
• In the scan settings make sure that the following are selected:
  o Scan using the following Anti-Virus database:
  o Extended (If available, otherwise use standard)
  o Scan Options:
  o Scan Archives
  o Scan Mail Bases
• Click OK
• Under select a target to scan, select My Computer
• The scan will take a while so be patient and let it run.
• Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
• Click the Save Report As... button (see red arrow below)
  
  
  
  
  
• In the Save as... prompt, select Desktop
• In the File name box, name the file
• In the Save as type prompt, select Text file (see below)
  
  
  
  
  
• Include the report in your next post.

That was a very long scan there.

Here is your txt file as requested.

C:\Users\Travis\Documents\LimeWire\Incomplete\Preview-T-3545425-purple heart goat.mp3<======Delete this file

Please download ATF Cleaner by Atribune.

• 
  Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

C:\Users\Travis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\<========Delete the contents of this folder

Wow, I didn't think a mp3 could carry a virus.
Should I delete the actual mp3 file aswell as the preview? I have the mp3 on my iPhone, would that effect it in anyway?

C:\Users\Travis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\

C:\Users\Travis\AppData\Local\Microsoft\Windows\;
Files in the above;

1033
Burn
Explorer
GameExplorer
WER
Usrclass.dat
UsrClass.dat.LOG1
Ursclass.dat.LOG2
WindowsUpdate.log


/EDIT

Although im finally fixing my computer up, my desktop background remains a horrendous black. When I right click Personalize and get to where I'm able to choose my background the images are white (you can't preview them) and if you double click one, the background stays black. I'm not all worried about what my background looks like but I really gets annoying seeing total black :[

The background will hopefully be back by the time were done,

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  Code:

  C:\Users\Travis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGR5WHHL
  C:\Users\Travis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNRV3882

• Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

• Double-click OTMoveIt2.exe.
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes, if not delete it by yourself.

How is the computer running?

After running OT, the second time it removed a number of items from my desktop including DSS, OT, and a few others that I don't remember. The background remains black and the preview images are still blank.