[kahdah]

The firefox problem sounds like a plugin issue did reinstalling Adobe flash seem to fix it?

Try this for Internet explorer.
Go to Start >All programs>Accessories>system tools>Click on Internet Explorer without add ons use it like that for a while and see if that corrects the issue.
If so then it is one of your add on's that is causing the issue.

Also go ahead and uninstall AVG antispyware as it can eat up a bunch of ram.

Also you have 256mb's of ram it very little ram and would perform a lot better with an upgrade of at least another 256 mb's of ram.

Let me know how it goes.

[Advertisements]

Hi Kahdah,I'm back again

Thought I'd give a couple of days to see if any of my problem cleared up, but it seems most of them still remean.

No it didn't help reinstalling Adobe flash, when playing a clip "say like in Yahoo" news the movie or clip plays back in frames not a continuous move like it use to, the sound is normal though. Windows media player movies, the picture is all distorted an freezes up with no sound. Another thing I have noticed witch still remains is, when a page loads with Explorer or Firefox it takes longer than it use to, like around a minute and a half. Its almost like driving your car, you notice when something seems different

I tried doing as you said with Internet Explorer, (click on Internet Explorer without add ons) but I don't have that option, guess its because I am using Windows XP Pro not regular XP.

All I know it that something in this computer is causing a lot of problems ,and they all started when I got infected.
I ran every program i have again, AVG, Spybot, Ad-Aware and CCleaner and all shows up nothing.

I ran Panda Active scan again and this time it showed some of the issues still re mean.

Incident Status Location

Adware:adware/tvmedia Not disinfected C:\Documents and Settings\Cody Guidry\Application Data\tvmknwrd.dll
Adware:adware/adroar Not disinfected Windows Registry
Adware:adware/sidesearch Not disinfected Windows Registry
Spyware:spyware/sysren Not disinfected Windows Registry
Potentially unwanted tool:Application/BrilliantDigital Not disinfected E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache\bde83.tmp
Potentially unwanted tool:Application/BrilliantDigital Not disinfected E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache\bde8E.tmp
Potentially unwanted tool:Application/BrilliantDigital Not disinfected E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache\bde90.tmp[bdeplayer2.dll]
Potentially unwanted tool:Application/BrilliantDigital Not disinfected E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache\bde92.tmp[BDEEngine2.dll]
Potentially unwanted tool:Application/BrilliantDigital Not disinfected E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache\bde94.tmp
Potentially unwanted tool:Application/BrilliantDigital Not disinfected E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache\bde96.tmp
Potentially unwanted tool:Application/BrilliantDigital Not disinfected E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache\bde98.tmp
Potentially unwanted tool:Application/BrilliantDigital Not disinfected E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache\bde9A.tmp
Potentially unwanted tool:Application/BrilliantDigital Not disinfected E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache\bde9D.tmp[bde3d_ref2.dll]
Potentially unwanted tool:Application/BrilliantDigital Not disinfected E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache\bde9F.tmp
Potentially unwanted tool:Application/BrilliantDigital Not disinfected E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache\bdeA1.tmp
Potentially unwanted tool:Application/BrilliantDigital Not disinfected E:\Documents and Settings\Cody
Guidry\Local Settings\Temp\BDECache\bdeA3.tmp

I am completely baffled now

Oh also still getting, Internet Explorer has encounted a problem and needs to close, as before sometimes, thats why I am using Firefox to post this message.

Edited by factor, 29 February 2008 - 11:17 AM.

[factor]

Hi Kahdah,I'm back again

Thought I'd give a couple of days to see if any of my problem cleared up, but it seems most of them still remean.

No it didn't help reinstalling Adobe flash, when playing a clip "say like in Yahoo" news the movie or clip plays back in frames not a continuous move like it use to, the sound is normal though. Windows media player movies, the picture is all distorted an freezes up with no sound. Another thing I have noticed witch still remains is, when a page loads with Explorer or Firefox it takes longer than it use to, like around a minute and a half. Its almost like driving your car, you notice when something seems different

I tried doing as you said with Internet Explorer, (click on Internet Explorer without add ons) but I don't have that option, guess its because I am using Windows XP Pro not regular XP.

All I know it that something in this computer is causing a lot of problems ,and they all started when I got infected.
I ran every program i have again, AVG, Spybot, Ad-Aware and CCleaner and all shows up nothing.

I ran Panda Active scan again and this time it showed some of the issues still re mean.

Incident Status Location

Adware:adware/tvmedia Not disinfected C:\Documents and Settings\Cody Guidry\Application Data\tvmknwrd.dll
Adware:adware/adroar Not disinfected Windows Registry
Adware:adware/sidesearch Not disinfected Windows Registry
Spyware:spyware/sysren Not disinfected Windows Registry
Potentially unwanted tool:Application/BrilliantDigital Not disinfected E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache\bde83.tmp
Potentially unwanted tool:Application/BrilliantDigital Not disinfected E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache\bde8E.tmp
Potentially unwanted tool:Application/BrilliantDigital Not disinfected E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache\bde90.tmp[bdeplayer2.dll]
Potentially unwanted tool:Application/BrilliantDigital Not disinfected E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache\bde92.tmp[BDEEngine2.dll]
Potentially unwanted tool:Application/BrilliantDigital Not disinfected E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache\bde94.tmp
Potentially unwanted tool:Application/BrilliantDigital Not disinfected E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache\bde96.tmp
Potentially unwanted tool:Application/BrilliantDigital Not disinfected E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache\bde98.tmp
Potentially unwanted tool:Application/BrilliantDigital Not disinfected E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache\bde9A.tmp
Potentially unwanted tool:Application/BrilliantDigital Not disinfected E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache\bde9D.tmp[bde3d_ref2.dll]
Potentially unwanted tool:Application/BrilliantDigital Not disinfected E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache\bde9F.tmp
Potentially unwanted tool:Application/BrilliantDigital Not disinfected E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache\bdeA1.tmp
Potentially unwanted tool:Application/BrilliantDigital Not disinfected E:\Documents and Settings\Cody
Guidry\Local Settings\Temp\BDECache\bdeA3.tmp

I am completely baffled now

Oh also still getting, Internet Explorer has encounted a problem and needs to close, as before sometimes, thats why I am using Firefox to post this message.

Edited by factor, 29 February 2008 - 11:17 AM.

[kahdah]

Ok

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  C:\Documents and Settings\Cody Guidry\Application Data\tvmknwrd.dll 
  E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
• Click the red Moveit! button.
• OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
===============================
Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

[factor]

Tried doing the OTMoveIt2 but gave me error message, so didn't know if I should do the Combo fix

[Custom Input]
< C:\Documents and Settings\Cody Guidry\Application Data\tvmknwrd.dll >
LoadLibrary failed for C:\Documents and Settings\Cody Guidry\Application Data\tvmknwrd.dll
C:\Documents and Settings\Cody Guidry\Application Data\tvmknwrd.dll NOT unregistered.
C:\Documents and Settings\Cody Guidry\Application Data\tvmknwrd.dll moved successfully.
< E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache >
File/Folder E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache not found.

OTMoveIt2 v1.0.20 log created on 02292008_114419

[factor]

Okay tried it again and think I done it right this time.

File/Folder C:\Documents and Settings\Cody Guidry\Application Data\tvmknwrd.dll not found.
File/Folder E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache not found.

OTMoveIt2 v1.0.20 log created on 02292008_125108


ComboFix 08-03-01 - Cody Guidry 2008-02-29 13:07:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.76 [GMT -6:00]
Running from: C:\Documents and Settings\Cody Guidry\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-01 to 2008-03-01 )))))))))))))))))))))))))))))))
.

2008-02-29 11:44 . 2008-02-29 11:44 <DIR> d-------- C:\_OTMoveIt
2008-02-24 21:05 . 2008-02-24 21:05 <DIR> d-------- C:\Documents and Settings\Cody Guidry\Application Data\Malwarebytes
2008-02-24 21:05 . 2008-02-24 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-24 15:24 . 2008-02-24 15:24 288 --a------ C:\fixme.reg
2008-02-24 09:29 . 2008-02-24 09:29 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-22 20:54 . 2008-02-22 20:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-02-21 13:29 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-02-21 12:41 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-21 11:18 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-21 11:18 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-12 19:13 . 2008-02-12 19:13 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-12 18:39 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-02-12 18:39 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-02-12 18:39 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-02-12 18:39 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-02-12 18:39 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-02-12 18:39 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-02-12 18:39 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-02-12 18:38 . 2008-02-12 18:38 <DIR> d-------- C:\Program Files\Sygate
2008-02-12 18:36 . 2008-02-12 18:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-12 16:35 . 2008-02-12 16:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-12 16:08 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-02-12 16:08 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-02-12 16:08 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-02-12 16:08 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-28 21:22 --------- d-----w C:\Documents and Settings\Cody Guidry\Application Data\AVG7
2008-02-28 21:09 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7
2008-02-28 14:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-28 03:16 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-28 03:15 --------- d-----w C:\Program Files\QuickTime
2008-02-28 02:38 --------- d-----w C:\Program Files\iTunes
2008-02-28 02:34 --------- d-----w C:\Program Files\Google
2008-02-27 23:42 --------- d-----w C:\Program Files\Java
2008-02-22 00:01 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-21 16:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-16 00:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2006-12-21 23:54 16,525,203 -c--a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_12_21_17_23_44_full.dmp.zip
2006-07-16 18:23 79,580 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_07_07_23_54_39_small.dmp.zip
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPP Auto Loader"="C:\WINDOWS\tppaldr.exe" [2001-06-29 12:39 118784]
"NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 03:50 155648]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-29 17:33 411648]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 14:45 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-30 22:31 155648]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-04-29 17:34 145920]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 14:05:56 65588]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\System32\DRIVERS\AN983.sys [2001-08-17 06:11]
R3 crtaud;Conexant Riptide WDM Audio Driver;C:\WINDOWS\System32\drivers\crtaud.sys [2001-08-17 06:19]
R3 rpfun;Conexant Riptide Dummy Driver;C:\WINDOWS\System32\drivers\rpfun.sys [2001-08-17 06:19]
R3 rthwcls;Conexant Riptide Bus / Firmware Downloader;C:\WINDOWS\System32\drivers\rthwcls.sys [2001-08-17 06:19]
R3 SiSV6306;SiSV6306;C:\WINDOWS\System32\DRIVERS\SiS6306p.sys [2001-08-17 06:50]
S3 RIOUNIV;Rio universal USB driver;C:\WINDOWS\System32\Drivers\RIOUNIV.sys [2003-07-02 11:15]
S3 TPP725;USB Storage Adapter (TPP);C:\WINDOWS\System32\DRIVERS\TPP725.SYS [2001-06-29 12:39]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 13:13:11
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-01 13:17:00
.
2008-02-16 06:21:19 --- E O F ---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:31:15 PM, on 3/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\tppaldr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1203614180223
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 5118 bytes


Still can not use Explorer to reply on this forum, only with Firefox

[kahdah]

I still am not seeing any malware causes of this perhaps it is a browser issue.

Time for some housekeeping

• Click START then RUN
• Now type Combofix /u in the runbox and click OK
  
  
  [list]
• 

The above procedure will delete and do the following:

• ComboFix and its associated files and folders.
• VundoFix backups, if present
• The C:\Deckard folder, if present
• The C:_OtMoveIt folder, if present
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Clean System Restore points.

Also delete\uninstall anything that we used that is left over.
=============================================
Again your log is clean.

If your problem persists then I would try to post a thread Here and see if they may be able to help you further.

[factor]

Kahdah, thank you very much for your time and help, just wanted to say that.

One more question if you don't mind. In your experience should I disregard what the Panda scans are showing?

I know there is some type of grimlen lurking in this system that is causing these problems, I am even thinking of reformatting and starting all over, if all else fails.

[kahdah]

We removed what the panda scan showed.

You can rerun the scan if you like.

Post the results here and we will go from there.

[factor]

Ran another Panda scan, took 7 hours to run this time.

Same things happening (example) while i am typing this post in Geeks to Go using Internet Explorer I get, Internet Explorer has encountered a problem and needs to close,so I have to close it out. The only way I can post is using Firefox, weird I know. Its like while using the internet every thing is in slow motion,from scrolling pages to pages loading up.

Here is Panda Scan

Panda Activescan

Ran March 02 2008 at 6:04 pm

Incident
Status Location

Adware:adware/adroar Not disinfected Windows Registry
Adware:adware/sidesearch Not disinfected Windows Registry
Spyware:spyware/sysren Not disinfected Windows Registry
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Cody Guidry\Application Data\Mozilla\Firefox\Profiles\hdznyzd9.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Cody Guidry\Application Data\Mozilla\Firefox\Profiles\hdznyzd9.default\cookies.txt[.tribalfusion.com/]
Potentially unwanted tool:Application/BrilliantDigital Not disinfected E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache\bde83.tmp
Potentially unwanted tool:Application/BrilliantDigital Not disinfected E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache\bde8E.tmp
Potentially unwanted tool:Application/BrilliantDigital Not disinfected E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache\bde90.tmp[bdeplayer2.dll]
Potentially unwanted tool:Application/BrilliantDigital Not disinfected E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache\bde92.tmp[BDEEngine2.dll]
Potentially unwanted tool:Application/BrilliantDigital Not disinfected E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache\bde94.tmp
Potentially unwanted tool:Application/BrilliantDigital Not disinfected E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache\bde96.tmp
Potentially unwanted tool:Application/BrilliantDigital Not disinfected E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache\bde98.tmp
Potentially unwanted tool:Application/BrilliantDigital Not disinfected E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache\bde9A.tmp
Potentially unwanted tool:Application/BrilliantDigital Not disinfected E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache\bde9D.tmp[bde3d_ref2.dll]
Potentially unwanted tool:Application/BrilliantDigital Not disinfected E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache\bde9F.tmp
Potentially unwanted tool:Application/BrilliantDigital Not disinfected E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache\bdeA1.tmp
Potentially unwanted tool:Application/BrilliantDigital Not disinfected E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache\bdeA3.tmp


As you can see alot of what the first scan showed is still their

Oh i forgot to mention, I don't get that error message ( Illegal Operation in Plug-in Shockwave Flash The plug-in preformed an illegal operation. You are strongly advised to restart Firefox ) any more.

Edited by factor, 01 March 2008 - 06:56 PM.

[kahdah]

Although these files were found still they are only temp files that OTMoveit didn't find.
We will manually delete them and they are only leftovers and are not executable or are they a threat anymore.
But after that your log is clean the problems you are having are no longer malware related.
I suggest you post a thread in the Web browsers forum as I suggested earlier.
========================================================
I will need to you show hidden files\folders so we can delete the leftover folder.
To Set:

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Show hidden files and folders.
• Uncheck the Hide protected operating system files (recommended) option.
• Click Yes to confirm.
• Click OK

Now using Windows Explorer (to get there right-click your Start button and go to "Explore")
Delete these folder listed below:
E:\Documents and Settings\Cody Guidry\Local Settings\Temp\BDECache
=================================================================
To reset files\foldrs to hidden:

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Do not Show hidden files and folders.
• Check the Hide protected operating system files (recommended) option.
• Click Yes to confirm.
• Click OK

====================
Then empty your cache in firefox.

Empty your recyle bin then we are done.

[factor]

Tried doing as you said, got message saying

E:\Documents and Settings\Cody Guidry is not accessible.

Access is denied

[kahdah]

Sounds like it is a password protected account.
You will have to log into that account and do it.

[factor]

How do i log into that account ? I am not familiar with that.

Edited by factor, 02 March 2008 - 11:22 AM.

[kahdah]

Go to start then click on the key symbol to log out.
Then it will put you at the log in screen.
Then there should be another account present log into that account and delete the folder.

Edited by kahdah, 02 March 2008 - 06:11 PM.