Member Panel

winchester

Thanks for the help. Ran HJT and checked the lines you noted. Attached is a new log.

Brad

dahli

Disable TeaTimer

Reboot in SAFE MODE (Tap F8 during startup)

Run HijackThis and check the following:

O4 - HKLM\..\Run: [dmfne.exe] C:\Windows\system32\dmfne.exe

O4 - HKCU\..\Run: [dmsia.tmp] C:\Windows\system32\dmsia.tmp
O4 - HKCU\..\Run: [dmclg.tmp] C:\Windows\system32\dmclg.tmp
O4 - HKCU\..\Run: [dmuak.tmp] C:\Windows\system32\dmuak.tmp
O4 - HKCU\..\Run: [dmqgw.tmp] C:\Windows\system32\dmqgw.tmp
O4 - HKCU\..\Run: [dmnwo.tmp] C:\Windows\system32\dmnwo.tmp
O4 - HKCU\..\Run: [dmiks.tmp] C:\Windows\system32\dmiks.tmp
O4 - HKCU\..\Run: [dmwaj.tmp] C:\Windows\system32\dmwaj.tmp

Click FIX CHECKED

Reboot

Post a new HijackThis log.

winchester

Thanks for the help.

- disabled tea timer
- followed the rest of your instructions
- have attached a new HJT log and also a screenshot of an HJT error message I got when opening the program; something about a Hosts file

Appreciate the assistance,
Brad

dahli

Please do an online scan with Kaspersky WebScanner
Note: This Scanner is for Internet Explorer Only!

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT

Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Options:Scan Archives
Scan Mail Bases
Click OK

Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Then post the results from the Kapersky scan.

winchester

Hi - thanks for the continued support.

Ran the Kaspersky scan -- completed 100% but had a b*tch of a time saving it. I continually tried to save it as a text file to my desktop, but it seemed to override saying it saved to my Temporary Internet Folders. However, never was able to find the file where they said it would be. Frustrating!

Either way, I took a screen shot of the final completed scan and have attached it. Also did another quick HJT scan and am posting that as well.

Any comment on the error about 'hosts' files I seem to get at the outset of running an HJT scan? Reattached a screenshot of that error as well.

Thanks in advance,
Brad

dahli

Go to this site and submit the following files and post the results:

C:\Windows\system32\dmfne.exe

Run HijackThis and check the following:

O4 - HKCU\..\Run: [dmehc.tmp] C:\Windows\system32\dmehc.tmp
O17 - HKLM\System\CCS\Services\Tcpip\..\{0642EFCB-8E53-40C6-82BB-3788A1190ACD}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{FDC2A44D-81CB-45BC-8E16-D7D689378DD8}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{0642EFCB-8E53-40C6-82BB-3788A1190ACD}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{0642EFCB-8E53-40C6-82BB-3788A1190ACD}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

Click FIX CHECKED

Post a new HijackThis log along with the result from virustotal.

winchester

Thanks Steve. Virustotal result and new HJT log attached. Fixed all the files you told me to, but some showed up again after rebooting...

Let me know what's next. Thanks again.
Brad

Member Panel

Sponsors and Ads

Noticeboard