We are not related to TechSupportGuy, but it is about the time and effort that goes into helping someone to clean there pc. Analyzing HJT logs and such can take alot of time and by posting on 2 forums you have multiple people working on the same problem wich means that one of those is wasting there time.

• Double click on My Computer -> C:\ -> Program Files > haxfix and double click on fix.bat (or double click on fix.bat desktop icon)
• Close all other open windows since this step requires a reboot
• Select option 2. Run auto fix by typing 2 and then pressing Enter

If an infection is found, you'll get a message to close all other open windows.

• Close all open windows except the red dos window from haxfix and then press Enter
• The computer will reboot
• After reboot a logfile will open > (c:\haxfix.txt)
• Post the contents of that logfile along with a new HijackThis log.

Hello

Here are the 2 log files that you asked for...

Regards

Attached Files

	haxfix.txt (1.5 KB, 2 views)
	hijackthis.log (10.5 KB, 1 views)

Run HijackThis , select to do a "system scan only" and then place a check beside each of the following:

Now first close all windows and browsers other then HijackThis , then click Fix checked and close HijackThis.

After that reboot your pc.

Now go to this site:

VIRUSTOTAL - Free Online Virus and Malware Scan

And have the following files scanned one by one:

C:\WINDOWS\system32\dsdmthem.dll
C:\WINDOWS\system32\d3dishsv.dll
C:\WINDOWS\system32\comuuser.exe
C:\uidsrfqk.exe

When done, please post the results of the above scans, and a new HijackThis log.

Hello again...

The results of the files are as follows...

C:\WINDOWS\system32\dsdmthem.dll --- This one had a virus so before i can attach it norton placed it in the quarantine.


C:\WINDOWS\system32\d3dishsv.dll
[ file data ]
* name: d3dishsv.dll
* size: 35840
* md5.: 65b1a3d0bc527a4ab69b77c06eb3ab80
* sha1: 205787e2e38c8fc5866c7717791dc4d08292d0dd
[ scan result ]
AntiVir 7.2.0.18/20060924 found nothing
Authentium 4.93.8/20060923 found nothing
Avast 4.7.844.0/20060922 found nothing
AVG 386/20060922 found nothing
BitDefender 7.2/20060925 found [Win32.Worm.Stration.V]
CAT-QuickHeal 8.00/20060922 found nothing
ClamAV devel-20060426/20060924 found nothing
DrWeb 4.33/20060922 found nothing
eTrust-InoculateIT 23.73.4/20060924 found nothing
eTrust-Vet 30.3.3093/20060922 found nothing
Ewido 4.0/20060924 found nothing
F-Prot 3.16f/20060923 found nothing
F-Prot4 4.2.1.29/20060923 found nothing
Fortinet 2.82.0.0/20060924 found nothing
Ikarus 0.2.65.0/20060923 found nothing
Kaspersky 4.0.2.24/20060925 found [Email-Worm.Win32.Warezov.am]
McAfee 4858/20060922 found nothing
Microsoft 1.1560/20060924 found nothing
NOD32v2 1.1772/20060924 found nothing
Norman 5.80.02/20060922 found nothing
Panda 9.0.0.4/20060924 found nothing
Sophos 4.09.0/20060924 found nothing
Symantec 8.0/20060925 found nothing
TheHacker 6.0.1.078/20060924 found nothing
UNA 1.83/20060922 found nothing
VBA32 3.11.1/20060924 found nothing
VirusBuster 4.3.7:9/20060924 found nothing
[ notes ]
packers: UPX
packers: UPX
packers: UPX

C:\WINDOWS\system32\comuuser.exe

[ file data ]
* name: comuuser.exe
* size: 21303
* md5.: 78fcffcf07b2a29b466319554adbe1c5
* sha1: 42d49c30ae5b6dc0da12da203723c59a4eabd1d0
[ scan result ]
AntiVir 7.2.0.18/20060924 found nothing
Authentium 4.93.8/20060923 found nothing
Avast 4.7.844.0/20060922 found nothing
AVG 386/20060922 found nothing
BitDefender 7.2/20060925 found [Win32.Worm.Stration.VB]
CAT-QuickHeal 8.00/20060922 found [(Suspicious) - DNAScan]
ClamAV devel-20060426/20060924 found nothing
DrWeb 4.33/20060922 found nothing
eTrust-InoculateIT 23.73.4/20060924 found nothing
eTrust-Vet 30.3.3093/20060922 found nothing
Ewido 4.0/20060924 found nothing
F-Prot 3.16f/20060923 found nothing
F-Prot4 4.2.1.29/20060923 found nothing
Fortinet 2.82.0.0/20060924 found nothing
Ikarus 0.2.65.0/20060923 found [IM-Worm.Win32.Sumom.C]
Kaspersky 4.0.2.24/20060925 found nothing
McAfee 4858/20060922 found [W32/Stration@MM]
Microsoft 1.1560/20060924 found nothing
NOD32v2 1.1772/20060924 found [a variant of Win32/Stration]
Norman 5.80.02/20060922 found [W32/Suspicious_M.gen]
Panda 9.0.0.4/20060924 found [Suspicious file]
Sophos 4.09.0/20060924 found nothing
Symantec 8.0/20060925 found nothing
TheHacker 6.0.1.078/20060924 found [W32/Stration@MM]
UNA 1.83/20060922 found nothing
VBA32 3.11.1/20060924 found nothing
VirusBuster 4.3.7:9/20060924 found nothing
[ notes ]
packers: MEW
packers: MEW

C:\uidsrfqk.exe

[ file data ]
* name: uidsrfqk.exe
* size: 7310
* md5.: a23984f3676a5b17b3692fdf8df49f25
* sha1: 1ae0d292448405e20e4c67d4ecc4f86d983b5d84
[ scan result ]
AntiVir 7.2.0.18/20060924 found [HEUR/Malware]
Authentium 4.93.8/20060923 found nothing
Avast 4.7.844.0/20060922 found nothing
AVG 386/20060922 found nothing
BitDefender 7.2/20060925 found nothing
CAT-QuickHeal 8.00/20060922 found [(Suspicious) - DNAScan]
ClamAV devel-20060426/20060924 found nothing
DrWeb 4.33/20060922 found nothing
eTrust-InoculateIT 23.73.4/20060924 found nothing
eTrust-Vet 30.3.3093/20060922 found nothing
Ewido 4.0/20060924 found nothing
F-Prot 3.16f/20060923 found nothing
F-Prot4 4.2.1.29/20060923 found nothing
Fortinet 2.82.0.0/20060924 found [suspicious]
Ikarus 0.2.65.0/20060923 found nothing
Kaspersky 4.0.2.24/20060925 found nothing
McAfee 4858/20060922 found nothing
Microsoft 1.1560/20060924 found nothing
NOD32v2 1.1772/20060924 found [a variant of Win32/TrojanDownloader.Small.NIH]
Norman 5.80.02/20060922 found [Suspicious_F.gen]
Panda 9.0.0.4/20060924 found [Suspicious file]
Sophos 4.09.0/20060924 found nothing
Symantec 8.0/20060925 found nothing
TheHacker 6.0.1.078/20060924 found nothing
UNA 1.83/20060922 found nothing
VBA32 3.11.1/20060924 found [suspected of Trojan-Downloader.Agent.71]
VirusBuster 4.3.7:9/20060924 found nothing
[ notes ]
packers: FSG
packers: FSG


Thats it...i attach the last hjt logfile as well...

Once more thanks a lot for the quick help

Attached Files

hijackthis.log (10.1 KB, 1 views)

Please download the Killbox.

Run Killbox, left click and drag you mouse over the highlighted files below (including filepath) then right click and choose Copy (including filepath) with your mouse, rightclick and choose Copy. Insert your mouse pointer within the box entitled "Full Filepath of File to Delete", rightclick again and choose File > Paste from Clipboard. All the files should now appear in the box (click on the Tab and check to make sure that only the files I have identified as malware and marked for deletion are there). If each file exists, it will appear in blue under that window when you click on it. Click on Delete on Reboot. Next click on > "Delete on Reboot" and click on "All Files". Please do this even if this option is already checked. You will get a message saying "File with be deleted on next reboot, click "Yes". Process and Reboot now?" Click "Yes" to reboot

C:\WINDOWS\system32\d3dishsv.dll
C:\WINDOWS\system32\comuuser.exe
C:\uidsrfqk.exe

Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O20 - AppInit_DLLs: d3dishsv.dll

Reboot and post a new HJT log

Hello,

When i tried to fix the file you said in Highjack This ( O20 - AppInit_DLLs: d3dishsv.dll ) i got the following error message:

An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: d3dishsv.dll )
Error #5 - Invalid procedure call or argument

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.

I am attaching the last HJT log...

Attached Files

hijackthis.log (10.2 KB, 2 views)