Trojan damage help

You made it sound like you received a lot of dead links. You only received one dead link! The actual link to Trend Micro is: http://housecall.trendmicro.com/housecall/start_corp.asp

If there is "True" damage to your file system. Running virus or trojans scanners will not fix the problem. They can in many cases remove viruses and trojans. But if you file system is truly damaged in some form, you will have to repair it by hand. Or reinstall you system.

My statements are only referring to what you indicated when you said the damage was done. If what you meant was that you still have other malware on your system then follow thru with our normal procedures require that you first follow all the steps in this Sticky thread < READ ME FIRST: Basic Spyware, Trojan And Virus Removal >

IMPORTANT: If you already have any of the programs linked in the tutorial please double check your version against our links to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

 

Why didn't you use the link I gave you below in my last message for TrendMicro? It works fine.

And the link to TrendMicro is in step 5 of the READ ME and it is the same as mine. It works fine too.

 

You failed to acknowlede Chaslangs mention of a working link above and it took a couple threads before you accidentally gave us any system specs, but thats probably Bushs fault too. My final advice, if you opt to read this one is to boot into safe mode and use a free antitrojan program like A2: http://majorgeeks.com/download4281.html

Good luck.

 

What are you trying to reload? Are you trying to use SFC?

Why do you keep using the wrong link for TrendMicro? The one you keep referring to is always going to give you a page not found. USE THE ONE I GAVE YOU.

 

I'm not sure where all your problems are coming from. Please download HijackThis from: http://majorgeeks.com/download3155.html We have a tutorial about using it here: http://forums.majorgeeks.com/showthread.php?t=38752

Unzip it to its own directory. Run a scan and save the log to a .txt file. Then upload it back here using Manage Attachments in the "Go Advanced" mode or message creation.

 

You did not pay attention to the READ ME FIRST or HijackThis tutorial and what I just told you.

You are running an old version of HijackThis and you did not put it in your message as an attachment!
You need to get the correct version. And attach a new log.

 

What is this: C:\PROGRAM FILES\CRAZY BROWSER\CRAZY BROWSER.EXE

Well I know it is a browser, but do you use it?

What is your expected home page?

 

Okay so why don't you uninstall Crazy Browser for starters.
What is the name of the program you downloaded from cox.net? Is it still installed?
What do you mean you did the update? What program are you talking about?
Is WeatherBug still installed on your system?
Do you really need all of those tools bars? Google, Yahoo, AIM, COX, seems a bit too much.

 

The unbridge.reg file is a file used to merge changes into your registry. I have no idea who put it there. If you rename it to unbridge.txt, you can upload it here as an attachment and I can look at it.

I need answers to my previous questions before going to much further but here are a few things to fix with HijackThis. (No sense letting Cox advertise on your IE window. ) Please note: select the lines but don't click FIX until you exit all browser sessions (including the one you are reading this in):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/065451910e6b85871901/netzip/RdxIE601.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab

 

Okay they were not all toolbars but some were. In addition to Google you also have an AIM toolbar, a an application from COX which is still part of Authentium (a popup blocker or something), and Yahoo Messenger stuff. Do you use both Yahoo Messenger and AIM? See the lines below:


O2 - BHO: AIM Helper - {D70E6A20-7060-4829-B3D7-B6624A1DE7C6} - C:\PROGRAM FILES\AIM TOOLBAR\AIMHELPER.DLL (file missing)
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\PROGRAM FILES\COX\APPLICATIONS\APP\AUTHBHO.DLL
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\PROGRAM FILES\COX\APPLICATIONS\APP\AUTHBHO.DLL
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE

 

It has one line in it, to remove a registry entry that you do not have anyway. I have no idea were it came from. But it does not do anything on its on unless you double click on it or another program on you computer tries to use it to make changes to the registry.

 

I'm happy to hear it al worked out for you.