freezes durning search

the only scanner ive been able to go through so far is trend micro house call and it found troj_fakeav.smtz and was able to remove it.. im trying not to waste your time or pass my aggravation over this.. im currently running a scan w/ ad-aware and malwarebytes.. to see if i can get something to pop up so i can get the other programs to start running like they should
 
Renamed ComboFix didn't run in safe mode either (download a fresh copy and try to run it)? Please post a fresh dds.txt log. I want to see current status there.

am i able to delete every folder under the c:\\windows\temp folder w/o hurting anything?
Click to expand...
I advise not to attempt delete anything there.
 
i cant get safe mode to work at all.. it just locks up.. i cant remember where it does but the majority of the things it opens shows but it then it just freezes
 
Ok. Please post those fresh dds logs. Shall see what can be done.
 
i cant get safe mode to work at all.. it just locks up.. i cant remember where it does but the majority of the things it opens shows but it then it just freezes.. ive tried all the safe modes and tried to do the last restore point but still the same.. let me do another dds and ill post here in a few
 
was also wondering if youd like me to do a hijackthis and oldtimer logs?



DDS (Ver_10-10-21.02) - NTFSx86
Run by chuck at 17:37:02.82 on Sat 11/06/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.906 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\PdaNet for Android\PdaNetPC.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\DOCUME~1\chuck\LOCALS~1\Temp\HouseCall\housecall.bin
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\mshta.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\mshta.exe
C:\Documents and Settings\chuck\Desktop\stuff\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell/en/side.html
uSearch Bar = hxxp://www.google.com/hws/sb/dell/en/side.html
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en
uInternet Settings,ProxyServer = http=127.0.0.1:29775
uInternet Settings,ProxyOverride = <local>
mSearchAssistant = hxxp://www.google.com/hws/sb/dell/en/side.html
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRunOnce: [TSC] "c:\docume~1\chuck\locals~1\temp\housecall\tsc.exe" /HD
StartupFolder: c:\docume~1\chuck\startm~1\programs\startup\pdanet~1.lnk - c:\program files\pdanet for android\PdaNetPC.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264395859789
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli hoselozu.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\chuck\applic~1\mozilla\firefox\profiles\vnrsuwt6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\chuck\application data\mozilla\firefox\profiles\vnrsuwt6.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\chuck\application data\mozilla\firefox\profiles\vnrsuwt6.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-25 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-25 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-25 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-25 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-22 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-22 308136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1352832]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2010-11-4 30240]
R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2010-9-26 13312]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2010-11-4 96416]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2010-11-4 12704]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2010-11-4 121504]
S0 nbalygm;nbalygm; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\manycam.sys --> c:\windows\system32\drivers\ManyCam.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\ucdnt.sys [2010-1-25 899700]

=============== Created Last 30 ================

2010-11-06 20:46:57 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-11-06 16:13:19 574464 ----a-w- c:\docume~1\chuck\applic~1\hotfix.exe
2010-11-06 16:13:19 222 ----a-w- c:\docume~1\chuck\applic~1\dkfjasdfshd.bat
2010-11-04 08:12:00 -------- d-----w- C:\AC_SWM
2010-11-04 07:20:48 96416 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2010-11-04 07:20:48 30240 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2010-11-04 07:20:48 1416608 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2010-11-04 07:20:48 1416608 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll
2010-11-04 07:20:48 12704 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2010-11-04 07:20:48 121504 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2010-11-04 07:20:48 10272 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2010-11-04 07:20:48 10272 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2010-11-04 07:20:48 10144 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2010-11-04 07:20:48 10144 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2010-11-04 07:20:48 -------- d-----w- c:\program files\Samsung
2010-10-24 22:32:49 -------- d-----w- c:\program files\Kodak
2010-10-18 06:27:43 -------- d-----w- c:\documents and settings\chuck\.android
2010-10-15 04:17:52 -------- d-----w- c:\program files\One-click FLAC to MP3 Converter

==================== Find3M ====================

2010-09-20 11:23:08 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-14 13:25:12 338432 ----a-w- c:\windows\system32\REX Shared Library.dll
2010-09-14 13:25:11 406528 ----a-w- c:\windows\system32\ReWire.dll
2010-09-08 16:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 16:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

============= FINISH: 17:46:52.46 ===============
 
Would you mind to explain why Vuze seems to be again installed there? It pretty much kills all my motivation on this case if you keep reinstalling P2P software back. This is the last time I'm going to ask you to uninstall it.


Use AppRemover to uninstall AVG for now. You may reinstall it later.

---

You seem to use Firefox as your browser. Please do following to ensure you'll be prompted for download location:
In Firefox click Tools-menu->Options->Main-tab->select Always ask me where to save files.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Download Combofix from any of the links below. You must rename it to testing.exe before saving it. Save it to your desktop.

Link 1
Link 2

CF_download_FF.gif



CF_download_rename.gif
 
Last edited:
sorry about the vuze.. my room mate thought i was done fixing the comp so he reinstalled it.. ive takin it back off and im downloading the links you sent me.. ill update here in a bit
 
heres the log from the combofix

ComboFix 10-11-07.07 - chuck 11/07/2010 17:28:10.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1623 [GMT -6:00]
Running from: c:\documents and settings\chuck\Desktop\testing.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\chuck\Application Data\dkfjasdfshd.bat
c:\windows\system32\bszip.dll
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4


((((((((((((((((((((((((( Files Created from 2010-10-08 to 2010-11-08 )))))))))))))))))))))))))))))))
.

2010-11-07 23:03 . 2010-11-07 23:04 -------- d-----w- C:\32788R22FWJFW
2010-11-04 08:12 . 2010-11-04 08:12 -------- d-----w- C:\AC_SWM
2010-11-04 08:07 . 2010-11-04 08:07 -------- d-----w- c:\program files\Microsoft.NET
2010-11-04 07:20 . 2010-11-04 07:20 -------- d-----w- c:\program files\Samsung
2010-11-04 07:20 . 2010-01-29 20:39 1416608 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2010-11-04 07:20 . 2010-01-29 20:39 1416608 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll
2010-11-04 07:20 . 2010-01-29 20:39 121504 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2010-11-04 07:20 . 2010-01-29 20:39 10144 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2010-11-04 07:20 . 2010-01-29 20:39 10144 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2010-11-04 07:20 . 2010-01-29 20:39 96416 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2010-11-04 07:20 . 2010-01-29 20:39 30240 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2010-11-04 07:20 . 2010-01-29 20:39 12704 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2010-11-04 07:20 . 2010-01-29 20:39 10272 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2010-11-04 07:20 . 2010-01-29 20:39 10272 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2010-10-24 22:32 . 2010-10-24 22:32 -------- d-----w- c:\program files\Kodak
2010-10-18 06:27 . 2010-10-18 06:30 -------- d-----w- c:\documents and settings\chuck\.android
2010-10-18 03:54 . 2010-10-18 03:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-10-18 03:53 . 2010-10-18 03:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2010-10-15 04:17 . 2010-10-15 04:17 -------- d-----w- c:\program files\One-click FLAC to MP3 Converter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-20 11:23 . 2010-09-16 17:21 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-20 11:23 . 2010-01-25 07:10 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-20 11:22 . 2010-01-25 06:20 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-14 13:25 . 2010-09-14 13:25 338432 ----a-w- c:\windows\system32\REX Shared Library.dll
2010-09-14 13:25 . 2010-09-14 13:25 406528 ----a-w- c:\windows\system32\ReWire.dll
2010-09-08 16:17 . 2010-09-08 16:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 16:17 . 2010-09-08 16:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-02 22:49 . 2010-09-26 08:01 13312 ----a-w- c:\windows\system32\drivers\pneteth.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\chuck\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2010-11-4 473616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^chuck^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\chuck\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 04:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 09:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2005-08-31 17:06 106496 ----a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 08:04 332800 ----a-w- c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 07:05 127035 ----a-w- c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 22:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-03-24 02:17 118784 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2006-03-24 02:17 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2010-05-07 23:35 165208 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
2010-08-25 10:49 1713448 ----a-w- c:\program files\ManyCam\Bin\ManyCam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-07-13 01:05 1117184 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash]
2004-11-11 16:26 26112 ----a-w- c:\program files\Intuit\QuickBooks 2005\Atom\QBReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-01-18 21:45 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-03-09 15:02 26100520 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-08-31 19:16 1242448 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 16:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-06-17 11:44 85160 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 01:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dlcccoms.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dla\\tfswctrl.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Steam\\steamapps\\chuck3213@yahoo.com\\counter-strike\\hl.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/25/2010 12:20 AM 64288]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/5/2010 11:43 PM 721904]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 7:19 AM 1352832]
R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [9/26/2010 2:01 AM 13312]
S0 nbalygm;nbalygm; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [11/4/2010 1:20 AM 30240]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?]
S3 Normandy;Normandy SR2; [x]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [11/4/2010 1:20 AM 96416]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [11/4/2010 1:20 AM 12704]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [11/4/2010 1:20 AM 121504]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
S3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\ucdnt.sys [1/25/2010 12:06 AM 899700]
.
Contents of the 'Scheduled Tasks' folder

2010-11-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 11:22]

2010-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:29775
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\chuck\Application Data\Mozilla\Firefox\Profiles\vnrsuwt6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\chuck\Application Data\Mozilla\Firefox\Profiles\vnrsuwt6.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\chuck\Application Data\Mozilla\Firefox\Profiles\vnrsuwt6.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-avgrsstarter - (no file)
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
MSConfigStartUp-rrcomrok - c:\documents and settings\NetworkService\Local Settings\Application Data\mstupcwuh\wgpfrjatssd.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-07 18:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HDS728080PLA380 rev.PF2OA63A -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-f

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89E5BEE4]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x50; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x89896820; SUB DWORD [EBP-0x4], 0x8989612e; PUSH EDI; CALL 0xffffffffffffe10c; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A50CAB8]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A53DD98]
[0x89D99880] -> IRP_MJ_CREATE -> 0x89E5BEE4
kernel: MBR read successfully
_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; }
detected disk devices:
\Device\Ide\IdeDeviceP1T0L0-f -> \??\IDE#DiskHDS728080PLA380_________________________PF2OA63A#5&f85c66f&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x89E5BCE2
user & kernel MBR OK
sectors 156249998 (+231): user != kernel
Warning: possible TDL3 rootkit infection !

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(928)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3572)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\dlcccoms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-11-07 18:24:00 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-08 00:22

Pre-Run: 25,541,341,184 bytes free
Post-Run: 26,461,552,640 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 9EBB1EBA42E11FF17E1249384CEA6077
 
woohoo i was able to run spybot all the way through finally.. the redirects are now gone.. thank you so much.. what kinda of virus scan would you recommend? i cant get avg to load anymore but im not really sad about that one lol
 
my room mate thought i was done fixing the comp so he reinstalled it..
Click to expand...
..and thought to get system re-infected? Might be a good idea to keep your room mate away from the puter ;)


Open notepad and copy/paste the text in the quotebox below into it:

Code: 
File::
c:\documents and settings\chuck\Start Menu\Programs\Startup\LimeWire On Startup.lnk
c:\windows\pss\LimeWire On Startup.lnkStartup
Driver::
nbalygm
Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^chuck^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:29775
uInternet Settings,ProxyOverride = <local>
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into testing.exe
Then post the resultant log.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 22.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u22-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
 
quick question now.. when i followed your instructions you had me deleted every version of java that i had then restart then install the new version.. im now having problems w/ java acting properly.. is that the new update or did i miss something?
 
quick question now.. when i followed your instructions you had me deleted every version of java that i had then restart then install the new version.. im now having problems w/ java acting properly.. is that the new update or did i miss something?
Click to expand...
It's a bit difficult to comment anything to this since you didn't specify what is the problem.


Open notepad and copy/paste the text in the quotebox below into it:

Code: 
File::
C:\Documents and Settings\chuck\Application Data\Sun\Java\Deployment\cache\6.0\13\44944dcd-5803c1bf
C:\Documents and Settings\chuck\Application Data\Sun\Java\Deployment\cache\6.0\29\20db519d-3b8f9f06
C:\Documents and Settings\chuck\Application Data\Sun\Java\Deployment\cache\6.0\29\37abc01d-69833e00
C:\Documents and Settings\chuck\Application Data\Sun\Java\Deployment\cache\6.0\56\9b47178-43b5e719
C:\Documents and Settings\chuck\My Documents\Vuze Downloads\Deamon (DAEMON) Tools Pro 4.30.305 32&64bit Latest.rar
Folder::
c:\Program Files\Vuze
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Vuze\\Azureus.exe"=-


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select cure and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
 
The best example would be facebook or youtube.. On facebook you cant open the online friends to show whos online and chat with them or post comments.. On youtube the site looks all messes up and you cant view any of the videos.. Those are 2 of the largest java based websites that i know.. Other non java sites work just fine
 
The best example would be facebook or youtube.. On facebook you cant open the online friends to show whos online and chat with them or post comments.. On youtube the site looks all messes up and you cant view any of the videos.. Those are 2 of the largest java based websites that i know.. Other non java sites work just fine
Click to expand...
I don't use Facebook myself so I'm not familiar with APIs behind it. I don't think Youtube needs Java but Flash. Anyway, if the issue is just in Firefox and not while using Internet Explorer then I recommend to clear Firefox cache.
 
Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.
 
You must log in or register to reply here.
Back
Top