Re: All of my browers stop working sporadically

[collie00]

Im having the same problem! Very frustrating! My IE or firefox wont open anymore so i started using safari. But i DL avg and i cant update it because it wants to use IE ah i dont know what to do , any help would be great. It says it has encountered a problem then freezes or just shuts down whole comp. I have to fix this problem! I also tried using ie without add ons still same issue

[Karnac]

Follow the guidelines here: http://www.computerhope.com/forum/index.php/topic,46313.0.html

Post the three required logs and a malware specialist will assist you.

[collie00]

See i cant even run avg because when i try to update it wants to open internet explorer so it shuts down on me! So i cant follow those guidelines without a anti virus correct?

[Karnac]

Just carry on with the other 3 programs....you can download them with Safari.

[evilfantasy]

Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

* Scroll down to Non-plug and Play Drivers and click the plus icon to open those drivers.
* Search for any of the following:

- UAC.sys <- Or anything beginning with UAC
- gaopdxserv.sys <- Or anything beginning with gaopd
- gxvxcserv.sys <- Or anything beginning with gxvx
- Seneka.sys <- Or anything beginning with Seneka
- clbdriver.sys <- Or anything beginning with clbdriver
- TDSSserv.sys <- Or anything beginning with TDSS

* If you do find it, right click on it, and select Disable. Do not try to uninstall them.
* Now reboot and see if you can run the scans that would not run.
* Let me know if you find them or not.

If the files are not found then please let me know what is listed in Non-plug and Play Drivers.

[collie00]

Whoa it worked! I clicked disable to TDSSserv.sys I had two of them. But my avg still wont update what am i doing wrong there? And what was it that i disabled? Thank you!

[evilfantasy]

It is a rootkit.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

[collie00]

ComboFix 09-05-08.03 - Colleen murphy 05/09/2009 14:25.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1014.396 [GMT -4:00]
Running from: c:\documents and settings\Colleen murphy\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
AV: PC-cillin Internet Security - Virus Protection *On-access scanning disabled* (Outdated)
FW: PC-cillin Internet Security - Firewall *enabled*
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\documents and settings\Colleen murphy\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
c:\documents and settings\Colleen murphy\Application Data\rhcg37j0e5dl
c:\documents and settings\Colleen murphy\Application Data\WeatherDPA
c:\documents and settings\LocalService\Application Data\twain_32
c:\documents and settings\LocalService\Application Data\twain_32\user.ds
c:\windows\system32\TDSSkkbi.log
c:\windows\system32\TDSSlrvd.dat
c:\windows\system32\twain_32
c:\windows\system32\twain_32\local.ds
c:\windows\system32\twain_32\user.ds

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PACKET
-------\Legacy_TDSSSERV
-------\Legacy_TDSSSERV.SYS
-------\Service_Packet
-------\Service_TDSSserv
-------\Service_TDSSserv.sys


(((((((((((((((((((((((((   Files Created from 2009-04-09 to 2009-05-09  )))))))))))))))))))))))))))))))
.

2009-04-28 14:49 . 2009-04-28 17:03   --------   d--h--w   C:\$AVG8.VAULT$
2009-04-28 14:28 . 2009-04-28 14:28   --------   d-sh--w   c:\documents and settings\Colleen murphy\IECompatCache
2009-04-28 14:22 . 2009-04-28 14:22   --------   d-sh--w   c:\documents and settings\Colleen murphy\PrivacIE
2009-04-28 00:46 . 2009-04-28 00:46   --------   d-sh--w   c:\documents and settings\Colleen murphy\IETldCache
2009-04-28 00:46 . 2009-04-28 00:46   --------   d-sh--w   c:\windows\system32\config\systemprofile\IETldCache
2009-04-28 00:43 . 2009-04-28 00:43   --------   d-----w   c:\windows\ie8updates
2009-04-28 00:39 . 2009-04-28 00:41   --------   dc-h--w   c:\windows\ie8
2009-04-28 00:36 . 2009-02-28 04:55   105984   ------w   c:\windows\system32\dllcache\iecompat.dll
2009-04-27 18:44 . 2009-04-27 18:44   10520   ----a-w   c:\windows\system32\avgrsstx.dll
2009-04-27 18:44 . 2009-04-27 18:44   108552   ----a-w   c:\windows\system32\drivers\avgtdix.sys
2009-04-27 18:44 . 2009-04-27 18:44   325640   ----a-w   c:\windows\system32\drivers\avgldx86.sys
2009-04-27 18:44 . 2009-05-09 17:25   --------   d-----w   c:\windows\system32\drivers\Avg
2009-04-27 18:44 . 2009-04-28 17:16   --------   d-----w   c:\documents and settings\Colleen murphy\Application Data\AVGTOOLBAR
2009-04-27 18:43 . 2009-04-27 18:43   --------   d-----w   c:\program files\AVG
2009-04-27 18:14 . 2009-04-27 18:14   --------   d-----w   c:\program files\Alwil Software
2009-04-16 14:59 . 2009-03-06 14:22   284160   ------w   c:\windows\system32\dllcache\pdh.dll
2009-04-16 14:59 . 2009-02-06 10:39   35328   ------w   c:\windows\system32\dllcache\sc.exe
2009-04-16 14:59 . 2009-02-09 12:10   401408   ------w   c:\windows\system32\dllcache\rpcss.dll
2009-04-16 14:59 . 2009-02-06 11:11   110592   ------w   c:\windows\system32\dllcache\services.exe
2009-04-16 14:59 . 2009-02-09 12:10   473600   ------w   c:\windows\system32\dllcache\fastprox.dll
2009-04-16 14:59 . 2009-02-06 10:10   227840   ------w   c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 14:59 . 2009-02-09 12:10   453120   ------w   c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 14:59 . 2009-02-09 12:10   729088   ------w   c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 14:59 . 2009-02-09 12:10   617472   ------w   c:\windows\system32\dllcache\advapi32.dll
2009-04-16 14:59 . 2009-02-09 12:10   714752   ------w   c:\windows\system32\dllcache\ntdll.dll
2009-04-16 14:56 . 2008-05-03 11:55   2560   ------w   c:\windows\system32\xpsp4res.dll
2009-04-16 14:56 . 2008-04-21 12:08   215552   ------w   c:\windows\system32\dllcache\wordpad.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-30 22:52 . 2006-12-28 21:10   3676   ----a-w   c:\documents and settings\Colleen murphy\Application Data\wklnhst.dat
2009-04-28 16:26 . 2009-02-28 16:48   --------   d-----w   c:\program files\Wopti
2009-04-28 13:58 . 2008-12-11 03:05   2709   ----a-w   c:\windows\system32\TDSSlxwp.dll
2009-03-26 15:56 . 2009-03-26 15:55   --------   d-----w   c:\program files\iTunes
2009-03-26 15:55 . 2009-03-26 15:55   --------   d-----w   c:\program files\iPod
2009-03-26 15:55 . 2007-12-21 01:56   --------   d-----w   c:\program files\Common Files\Apple
2009-03-26 15:53 . 2009-03-26 15:53   --------   d-----w   c:\program files\Bonjour
2009-03-26 15:53 . 2007-02-28 21:20   --------   d-----w   c:\program files\QuickTime
2009-03-25 18:13 . 2008-06-28 23:51   --------   d-----w   c:\program files\CCleaner
2009-03-23 22:09 . 2008-10-21 01:27   0   ----a-w   c:\windows\system32\drivers\lvuvc.hs
2009-03-23 22:09 . 2008-10-21 01:27   0   ----a-w   c:\windows\system32\drivers\logiflt.iad
2009-03-08 08:34 . 2005-08-16 10:18   914944   ----a-w   c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2005-08-16 10:18   43008   ----a-w   c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2005-08-16 10:18   18944   ----a-w   c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2005-08-16 10:18   420352   ----a-w   c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2005-08-16 10:18   72704   ----a-w   c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2005-08-16 10:18   71680   ----a-w   c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2005-08-16 10:18   34816   ----a-w   c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2005-08-16 10:18   48128   ----a-w   c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2005-08-16 10:18   45568   ----a-w   c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2005-08-16 10:18   156160   ----a-w   c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2005-08-16 10:18   284160   ----a-w   c:\windows\system32\pdh.dll
2009-03-06 03:59 . 2009-03-26 15:50   1900544   ----a-w   c:\windows\system32\usbaaplrc.dll
2009-03-06 03:59 . 2007-12-21 01:56   36864   ----a-w   c:\windows\system32\drivers\usbaapl.sys
2009-02-09 12:10 . 2005-08-16 10:18   729088   ----a-w   c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2005-08-16 10:18   401408   ----a-w   c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2005-08-16 10:18   714752   ----a-w   c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2005-08-16 10:18   617472   ----a-w   c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2005-08-16 10:18   1846784   ----a-w   c:\windows\system32\win32k.sys
2009-02-09 03:14 . 2009-02-09 03:14   71436   ---ha-w   c:\windows\system32\mlfcache.dat
2008-06-11 20:23 . 2007-11-12 16:34   5891584   -csha-w   c:\program files\ehthumbs.db
2007-01-07 21:55 . 2007-01-07 21:55   251   ----a-w   c:\program files\wt3d.ini
2007-05-21 17:59 . 2006-12-26 01:11   88   --sh--r   c:\windows\system32\B83AF2285D.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-08-06 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-27 1932568]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-11-6 66864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-27 18:44   10520   ----a-w   c:\windows\system32\avgrsstx.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= Digi32.dll
"aux6"= wdmaud.sys
"Midi1"= diomidi.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0aswBoot.exe /A:* /L:English /KBD:2

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
backup=c:\windows\pss\Service Manager.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphcl37j0e5dl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhcg37j0e5dl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GoToAssist"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
"MobilePreInstallerService"=2 (0x2)
"MDM"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"hnmsvc"=2 (0x2)
"gusvc"=3 (0x3)
"FastTrackInstallerService"=2 (0x2)
"digiSPTIService"=3 (0x3)
"DigiRefresh"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AOL ACS"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"SQLAgent$MICROSOFTSMLBIZ"=3 (0x3)
"seclogon"=2 (0x2)
"SCardSvr"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"Fax"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"LVPrcSrv"=2 (0x2)
"LVCOMSer"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\AOL\\1191432277\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [10/26/2007 11:02 AM 16384]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/27/2009 2:44 PM 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/27/2009 2:44 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/27/2009 2:43 PM 298264]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [12/15/2006 7:08 PM 345696]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [11/9/2006 4:03 PM 923216]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [11/16/2006 2:27 PM 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [11/9/2006 4:04 PM 566872]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [11/9/2006 4:03 PM 280392]
S3 iLokDrvr;iLok;c:\windows\system32\drivers\iLokDrvr.sys [10/5/2006 5:06 PM 27328]
S3 MA763010;M-Audio Fast Track;c:\windows\system32\drivers\MA763010.sys --> c:\windows\system32\drivers\MA763010.sys [?]
S4 ma763004;M-Audio MobilePre USB;c:\windows\system32\drivers\MA763004.sys --> c:\windows\system32\drivers\MA763004.sys [?]
S4 MobilePreInstallerService;MobilePre Installer;c:\program files\M-Audio\MobilePre\Install\MPInst.exe [10/29/2007 9:47 AM 49152]
S4 Viewpoint Manager Service;Viewpoint Manager Service;

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-05-09 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SVCHOST - (no file)


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-09 14:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0949021B-8719-211C-5152-530D7EE74900}\InProcServer32*]
"oajfmfbkecfdopcoldnofagpbegnpp"=hex:6a,61,6d,65,62,6d,70,6f,62,62,65,63,66,65,
   68,6c,62,68,6d,70,00,29
"najfggleaoegkhilokinlekdgfmp"=hex:6a,61,6c,65,66,6d,6c,70,64,69,6f,6d,69,61,
   61,62,70,65,6f,63,00,29
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(736)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
Completion time: 2009-05-09 14:30
ComboFix-quarantined-files.txt  2009-05-09 18:29

Pre-Run: 119,629,279,232 bytes free
Post-Run: 119,611,658,240 bytes free

279   --- E O F ---   2009-05-09 04:29







Sorry it took so long to respond, Heres the log...i cant burn cds now , now what do i do?

Thank you again evil for your help

[Karnac]

Evil's away for the weekend.........

[collie00]

Thank you, thats ok...i'll wait for evil's response ill keep checking back.

[evilfantasy]

Sorry for the delay.

If you already have Malwarebytes be sure to update it before running the scan!

Download Malwarebytes' Anti-Malware (MBAM)

Alternate MBAM download link

• Double-click mbam-setup.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to the following:
• Update Malwarebytes' Anti-Malware
  
• Launch Malwarebytes' Anti-Malware

• Then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

[collie00]

Malwarebytes' Anti-Malware 1.36
Database version: 2117
Windows 5.1.2600 Service Pack 3

5/12/2009 3:21:04 PM
mbam-log-2009-05-12 (15-21-04).txt

Scan type: Quick Scan
Objects scanned: 96781
Time elapsed: 6 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhcg37j0e5dl (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\SBUSA (Adware.Hotbar) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Application Data\SBUSA\SBUSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SBUSA\SBUSAAbout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SBUSA\SBUSAEULA.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSlxwp.dll (Trojan.Agent) -> Quarantined and deleted successfully.


Ok heres is the log for the malware, another problem im having now is when i watch a movie, the picture is fine but the sound is skipping its all broken up, one of the problems i guess that follows a larger problem :sigh: waiting for your command evil Thanks again

[evilfantasy]

another problem im having now is when i watch a movie, the picture is fine but the sound is skipping its all broken up,

That will need to be dealt with in another forum once we finish up here.

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0949021B-8719-211C-5152-530D7EE74900}]

RegLockDel::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0949021B-8719-211C-5152-530D7EE74900}]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

[collie00]

It cant find HIDEC.exe thats what comes up when its done scanning it wont show me a log

[evilfantasy]

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.
,
---

Restart the computer.

Download a new copy of CF and the drag/drop the script.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the

Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0949021B-8719-211C-5152-530D7EE74900}]

RegLockDel::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0949021B-8719-211C-5152-530D7EE74900}]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze