dirtbikeryzz

When I'm browsing online sometimes im redirected to a random site, and other times a online scan pops up and trys to get me to download something, I then have to close everything to get it off. I've dealt with viruses before with Combofix, and superantispyware, but nothing i do will get rid of it. It also only happens in firefox not IE.

Flaring Afro

Did you look at the addons in firefox? I remember having something like this a while back, I think I had to do a system restore...

apj101

Belongs in the computer security sections Ill move it now
the legends there will deal with it

__________________
TechZine
What did one snow man say to the other?
can you smell carrot?
The fight is won or lost far away from witnesses - behind the lines, in the gym, and out there on the road, long before I dance under those lights.

How you do anything, is how you do everything!

Nauru our homeland, the land we dearly love

dirtbikeryzz

When i went to do a system restore the only restore point was that very day, really weird because i normally have like 7 choices.

Respital

Legends?

@ OP you mentioned that you used ComboFix before please do the following so we can have an idea of what's going on with your system;

1. First Uninstall ComboFix using the guide below;

• Click START then RUN
• Now type Combofix /u in the runbox and click OK
  • 

The above procedure will:

• Delete the following:
  • ComboFix and its associated files and folders.
  • VundoFix backups, if present
  • The C:\Deckard folder, if present
  • The C:_OtMoveIt folder, if present
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Reset System Restore.

2. Run a scan with the most up to date version of ComboFix;


Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

• Download this file from one of the three below listed places :
  
  http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  http://www.forospyware.com/sUBs/ComboFix.exe
  http://subs.geekstogo.com/ComboFix.exe
  
• Then double click combofix.exe & follow the prompts.
• When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
NOTE: IF COMBOFIX FAILS TO RUN TRY RENAMING THE FILE TO 'ANYTHING.EXE' WITHOUT THE QUOTES

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

3. Run a scan with Malwarebytes' Anti-Malware, after updating it;


How to run a scan with Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware from Here , Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

4. Run a scan with HiJackThis;

How to run a scan and post a log with HiJackThis
Click here to download HJTsetup.exe

• Save HJTsetup.exe to your desktop.
• Double click on the HJTsetup.exe icon on your desktop.
• By default it will install to C:\Program Files\Hijack This.
• Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
• Put a check by Create a desktop icon then click Next again.
• Continue to follow the rest of the prompts from there.
• At the final dialogue box click Finish and it will launch Hijack This.
• Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
• Click Save to save the log file and then the log will open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

5. Finally post the following logs back in your reply(s);

• The ComboFix log
• Log from Malwarebytes'
• An up to date HiJackThis log
• An update on how your computer is running

__________________
Winner of Photo Tourney: Twilight
/My Rig:/
/Case :/ Antec Sonata III
/Power Supply :/ Antec Earthquake 500W
/Motherboard :/ Gigabyte P35-DSR3
/Processor :/ Intel E6850@3.4Ghz
/Ram :/ Consair 2x 1 Gb 800mhz
/Video Card :/ Radeon HD 5770 (Juniper XT) 1GB
/Monitor:/Samsung T220 w 20 000 : 1 Contrast and 2ms response time
/3DMark06 Score :/ 11730

johnb35

Wow, we've moved up in the world....

__________________
Motherboard - Gigabyte GA-EP45-UD3R
CPU - E8400
Memory - 2GB Corsair XMS2 (2x 1gb)
Graphics - ATI HD3870
Hard Drives - 2-500gb WD Caviar Black
DVD Drives - Lite-On
Power Supply - Rosewill RP600V2-S-SL 600W
22" Acer widescreen AL2216WBD
OS - Windows XP

The Chad

Judging by Respital's post the guys here truly are legends!

__________________
CPU: i7 920 @ 3.4Ghz MoBo: Asus P6T HSF: Coolermaster V8 RAM: OCZ Gold DDR3 1704Mhz 6Gb GPU: HIS 5870 900/1300 Chassis: Coolermaster HAF 932 PSU: Corsair HX750 HDD: 2 x Seagate Barracuda 7200.12 500Gb OS: Windows 7 Ultimate 64bit Mouse & Keyboard: Logitech G9x and G15

dirtbikeryzz

Malwarebytes log

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 6.0.6000
Internet Explorer 7.0.6000.16916

12/3/2009 9:39:11 PM
mbam-log-2009-12-03 (21-39-11).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 184603
Time elapsed: 36 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\browser32.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{18d03766-40b1-466e-8309-74ca2369ae0e} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{18d03766-40b1-466e-8309-74ca2369ae0e} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{18d03766-40b1-466e-8309-74ca2369ae0e} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\browser32.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
C:\Windows\System32\brdgcfg32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.




ComboFix Log
ComboFix 09-12-03.04 - Buyer 12/03/2009 20:50.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3069.2248 [GMT -8:00]
Running from: c:\users\Buyer\Downloads\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-11-04 to 2009-12-04 )))))))))))))))))))))))))))))))
.

2009-12-04 04:55 . 2009-12-04 04:55 -------- d-----w- c:\users\Buyer\AppData\Local\temp
2009-12-04 04:55 . 2009-12-04 04:55 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-04 04:55 . 2009-12-04 04:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-04 04:49 . 2009-12-04 04:49 45056 d-----w- C:\32788R22FWJFW
2009-12-04 04:44 . 2009-12-04 04:44 -------- d-----w- c:\program files\Trend Micro
2009-12-04 04:42 . 2009-12-04 04:42 4844295 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-04 04:42 . 2009-12-04 04:42 -------- d-----w- c:\users\Buyer\AppData\Roaming\Malwarebytes
2009-12-04 04:42 . 2009-12-04 00:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-04 04:42 . 2009-12-04 00:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-04 04:42 . 2009-12-04 04:42 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-04 04:42 . 2009-12-04 04:42 -------- d-----w- c:\programdata\Malwarebytes
2009-12-03 03:11 . 2009-12-03 03:11 320000 ----a-w- c:\windows\system32\CF7363.exe
2009-12-03 03:10 . 2009-12-03 03:10 320000 ----a-w- c:\windows\system32\CF15727.exe
2009-11-30 06:46 . 2009-11-30 06:46 -------- d-----w- c:\windows\system32\xlive
2009-11-30 06:45 . 2009-11-30 06:46 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-11-30 06:42 . 2009-11-30 06:42 -------- d-----w- c:\windows\6833245EDD86479A882A8360D62C8194.TMP
2009-11-30 00:01 . 2007-06-29 22:47 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2009-11-30 00:01 . 2009-11-30 00:01 -------- d-----w- c:\program files\AMD
2009-11-29 23:55 . 2009-11-29 23:55 -------- d-----w- c:\users\Buyer\AppData\Local\Downloaded Installations
2009-11-29 06:54 . 2009-11-29 06:55 -------- d-----w- c:\users\Buyer\AppData\Roaming\Ventrilo
2009-11-29 06:54 . 2009-11-29 06:54 4096 d-----w- c:\program files\Ventrilo
2009-11-28 10:08 . 2009-11-28 10:08 -------- d-----w- c:\users\Buyer\AppData\Roaming\InstallShield
2009-11-25 11:00 . 2009-10-29 07:59 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 23:47 . 2009-08-10 13:05 2048 ----a-w- c:\windows\system32\msxml6r.dll
2009-11-24 23:47 . 2009-08-10 13:05 1406464 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 23:47 . 2009-08-10 13:05 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-11-24 23:47 . 2009-08-10 13:05 1260032 ----a-w- c:\windows\system32\msxml3.dll
2009-11-22 04:41 . 2009-11-22 04:41 12288 d-----w- c:\program files\Eusing Free Registry Cleaner
2009-11-21 22:12 . 2009-11-21 22:14 -------- d-----w- c:\users\Buyer\AppData\Local\ArmA
2009-11-21 10:00 . 2009-11-21 10:00 -------- d-----w- c:\users\Buyer\AppData\Roaming\gtk-2.0
2009-11-21 09:54 . 1998-10-03 03:00 327168 ----a-w- c:\windows\IsUninst.exe
2009-11-19 21:41 . 2009-11-19 21:41 -------- d-----w- c:\program files\SystemRequirementsLab
2009-11-19 21:41 . 2009-11-19 21:41 4096 d-----w- c:\users\Buyer\AppData\Roaming\SystemRequirementsL ab
2009-11-19 21:41 . 2009-11-19 21:41 138240 ----a-w- c:\users\Buyer\AppData\Roaming\SystemRequirementsL ab\SRLProxy_srl_4_1_14_0_d.dll
2009-11-19 21:41 . 2009-11-19 21:41 138240 ----a-w- c:\users\Buyer\AppData\Roaming\SystemRequirementsL ab\SRLProxy_srl_4_1_14_0_c.dll
2009-11-19 21:41 . 2009-11-19 21:41 138240 ----a-w- c:\users\Buyer\AppData\Roaming\SystemRequirementsL ab\SRLProxy_srl_4_1_14_0_b.dll
2009-11-19 21:41 . 2009-11-19 21:41 138240 ----a-w- c:\users\Buyer\AppData\Roaming\SystemRequirementsL ab\SRLProxy_srl_4_1_14_0_a.dll
2009-11-19 21:41 . 2009-11-19 21:41 -------- d-----w- c:\windows\Sun
2009-11-19 00:54 . 2006-11-02 09:51 232040 ----a-w- c:\windows\system32\drivers\iastorv.sys
2009-11-18 04:35 . 2009-11-18 04:35 -------- d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2009-11-18 04:25 . 2009-11-18 04:34 -------- d-----w- C:\BDS
2009-11-18 04:19 . 2009-11-18 04:19 4096 d-----w- c:\program files\Folder Password Expert
2009-11-17 01:32 . 2009-09-05 01:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-11-17 01:32 . 2009-09-05 01:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-11-17 01:32 . 2009-09-05 01:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-11-17 01:32 . 2009-09-05 01:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-11-17 01:32 . 2009-09-05 01:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-11-17 01:32 . 2009-09-05 01:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-11-17 01:32 . 2009-09-05 01:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-11-17 01:32 . 2009-09-05 01:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-11-17 01:32 . 2008-07-31 18:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2009-11-17 01:32 . 2008-07-31 18:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2009-11-17 01:32 . 2008-07-31 18:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2009-11-11 14:33 . 2009-08-14 14:01 2031104 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 14:33 . 2009-08-10 13:08 321536 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-08 21:49 . 2009-11-08 21:49 -------- d-----w- c:\program files\Dreamcatcher
2009-11-07 07:20 . 2007-12-27 01:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2009-11-07 07:20 . 2007-12-27 01:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2009-11-06 04:17 . 2009-11-06 04:17 -------- d-----w- c:\users\Buyer\AppData\Roaming\The Creative Assembly
2009-11-06 03:03 . 2009-11-23 02:07 -------- d-----w- c:\program files\Common Files\Steam
2009-11-06 03:02 . 2009-12-04 04:48 8192 d-----w- c:\program files\Steam
2009-11-06 03:01 . 2008-10-27 18:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2009-11-06 03:01 . 2008-10-27 18:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2009-11-06 03:01 . 2008-10-27 18:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2009-11-06 03:01 . 2008-10-27 18:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2009-11-05 02:10 . 2009-11-21 21:56 -------- d-----w- c:\program files\OpenAL
2009-11-05 02:10 . 2009-11-05 02:10 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-11-05 02:10 . 2009-11-05 02:10 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-11-05 02:08 . 2009-11-05 02:08 -------- d-----w- c:\windows\system32\AGEIA
2009-11-05 02:06 . 2006-12-08 20:02 251672 ----a-w- c:\windows\system32\xactengine2_5.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-11-30 06:42 . 2009-09-23 04:25 4096 d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-30 06:22 . 2009-10-20 00:59 4096 d--h--w- c:\program files\InstallShield Installation Information
2009-11-30 00:03 . 2009-09-26 22:39 16384 d-----w- c:\users\Buyer\AppData\Roaming\Azureus
2009-11-28 12:37 . 2009-10-17 18:14 4096 d-----w- c:\users\Buyer\AppData\Roaming\vlc
2009-11-28 10:17 . 2009-10-23 02:36 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-28 10:08 . 2009-10-19 05:10 8192 d-----w- c:\program files\Common Files\Adobe
2009-11-25 15:40 . 2009-10-01 23:52 8192 d-----w- c:\users\Buyer\AppData\Roaming\LimeWire
2009-11-25 03:10 . 2009-10-11 00:54 4096 d-----w- c:\users\Buyer\AppData\Roaming\Tropico3
2009-11-21 09:34 . 2009-09-26 22:39 4096 d-----w- c:\program files\Vuze
2009-11-12 08:16 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-08 21:48 . 2009-10-08 01:45 -------- d-----w- c:\users\Buyer\AppData\Roaming\DAEMON Tools Lite
2009-11-03 04:42 . 2009-10-03 05:44 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-28 02:04 . 2009-10-28 02:04 268288 ----a-w- c:\windows\system32\browser32.dll
2009-10-28 02:04 . 2009-10-28 02:04 125440 ----a-w- c:\windows\system32\brdgcfg32.dll
2009-10-19 05:26 . 2009-09-11 04:49 48600 ----a-w- c:\users\Buyer\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-19 05:26 . 2009-10-19 05:26 -------- d-----w- c:\programdata\FLEXnet
2009-10-19 05:22 . 2009-10-19 05:22 4096 d-----w- c:\program files\Adobe Media Player
2009-10-19 05:20 . 2009-10-19 05:20 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-17 18:14 . 2009-10-17 18:14 -------- d-----w- c:\program files\VideoLAN
2009-10-17 05:54 . 2009-09-26 22:40 175 ----a-w- c:\users\Buyer\AppData\Roaming\Azureus\restart.bat
2009-10-08 01:51 . 2009-10-08 01:51 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_0 1_09_00.Wdf
2009-10-08 01:49 . 2009-10-08 01:49 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_C oinstaller_Critical.Wdf
2009-10-08 01:49 . 2009-10-08 01:49 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_010 09.Wdf
2009-10-08 01:45 . 2009-10-08 01:45 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-10-08 01:45 . 2009-10-08 01:45 4096 d-----w- c:\program files\DAEMON Tools Lite
2009-10-08 01:43 . 2009-10-08 01:43 -------- d-----w- c:\programdata\DAEMON Tools Pro
2009-10-08 01:38 . 2009-10-08 01:38 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-08 01:38 . 2009-10-08 01:38 -------- d-----w- c:\users\Buyer\AppData\Roaming\DAEMON Tools Pro
2009-10-07 01:45 . 2009-10-07 01:45 4096 d-----w- c:\program files\NavNetApp
2009-10-07 01:45 . 2009-10-07 01:45 -------- d-----w- c:\users\Buyer\AppData\Roaming\NavNet Solutions
2009-10-01 23:49 . 2009-10-01 23:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-23 04:26 . 2009-09-23 04:26 117760 ----a-w- c:\users\Buyer\AppData\Roaming\SUPERAntiSpyware.co m\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-09-14 09:50 . 2009-10-16 00:53 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-12 10:00 . 2009-09-12 10:00 268800 ----a-w- c:\windows\system32\es.dll
2009-09-12 08:11 . 2009-09-12 08:11 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb2398.tmp.exe
2009-09-11 10:08 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-09-11 08:39 . 2009-09-11 08:39 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-09-11 08:39 . 2009-09-11 08:39 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-09-11 08:39 . 2009-09-11 08:39 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2009-09-11 08:39 . 2009-09-11 08:39 272896 ----a-w- c:\windows\system32\polstore.dll
2009-09-11 08:36 . 2009-09-11 08:36 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.d ll
2009-09-11 08:36 . 2009-09-11 08:36 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-09-11 08:36 . 2009-09-11 08:36 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-09-11 08:33 . 2009-09-11 08:33 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2009-09-11 08:33 . 2009-09-11 08:33 87040 ----a-w- c:\windows\system32\msoert2.dll
2009-09-11 08:33 . 2009-09-11 08:33 205824 ----a-w- c:\windows\system32\msoeacct.dll
2009-09-11 08:30 . 2009-09-11 08:30 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2009-09-11 08:30 . 2009-09-11 08:30 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2009-09-11 08:30 . 2009-09-11 08:30 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2009-09-11 08:30 . 2009-09-11 08:30 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2009-09-11 08:30 . 2009-09-11 08:30 542720 ----a-w- c:\windows\system32\sysmain.dll
2009-09-11 08:29 . 2009-09-11 08:29 194560 ----a-w- c:\windows\system32\WebClnt.dll
2009-09-11 08:29 . 2009-09-11 08:29 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-09-11 08:28 . 2009-09-11 08:28 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-11 08:28 . 2009-09-11 08:28 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2009-09-11 08:28 . 2009-09-11 08:28 502272 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-11 08:28 . 2009-09-11 08:28 47104 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-11 08:28 . 2009-09-11 08:28 297984 ----a-w- c:\windows\system32\wlansec.dll
2009-09-11 08:28 . 2009-09-11 08:28 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-11 08:26 . 2009-09-11 08:26 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-09-11 08:26 . 2009-09-11 08:26 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-09-11 08:26 . 2009-09-11 08:26 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-09-11 08:26 . 2009-09-11 08:26 24064 ----a-w- c:\windows\system32\lpk.dll
2009-09-11 08:26 . 2009-09-11 08:26 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-09-11 08:26 . 2009-09-11 08:26 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-09-11 08:25 . 2009-09-11 08:25 49664 ----a-w- c:\windows\system32\csrsrv.dll
2009-09-11 08:25 . 2009-09-11 08:25 376320 ----a-w- c:\windows\system32\winsrv.dll
2009-09-11 08:23 . 2009-09-11 08:23 2855424 ----a-w- c:\windows\system32\mf.dll
2009-09-11 08:23 . 2009-09-11 08:23 98816 ----a-w- c:\windows\system32\mfps.dll
2009-09-11 08:23 . 2009-09-11 08:23 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2009-09-11 08:23 . 2009-09-11 08:23 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-09-11 08:23 . 2009-09-11 08:23 2048 ----a-w- c:\windows\system32\mferror.dll
2009-09-11 08:19 . 2009-09-11 08:19 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-09-11 08:18 . 2009-09-11 08:18 71680 ----a-w- c:\windows\system32\atl.dll
2009-09-11 08:17 . 2009-09-11 08:17 297472 ----a-w- c:\windows\system32\gdi32.dll
2009-09-11 08:15 . 2009-09-11 08:15 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-09-11 08:15 . 2009-09-11 08:15 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2009-09-11 08:13 . 2009-09-11 08:13 211456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-09-11 08:12 . 2009-09-11 08:12 374456 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-09-11 08:11 . 2009-09-11 08:11 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2009-09-11 08:11 . 2009-09-11 08:11 30208 ----a-w- c:\windows\system32\xolehlp.dll
2009-09-11 08:10 . 2009-09-11 08:10 156160 ----a-w- c:\windows\system32\wkssvc.dll
2009-09-11 08:09 . 2009-09-11 08:09 36352 ----a-w- c:\windows\system32\tsgqec.dll
2009-09-11 08:09 . 2009-09-11 08:09 1871872 ----a-w- c:\windows\system32\mstscax.dll
2009-09-11 08:09 . 2009-09-11 08:09 116736 ----a-w- c:\windows\system32\aaclient.dll
2009-09-11 08:08 . 2009-09-11 08:08 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-09-11 08:05 . 2009-09-11 08:05 414208 ----a-w- c:\windows\system32\msscp.dll
2009-09-11 08:00 . 2009-09-11 08:00 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2009-09-11 08:00 . 2009-09-11 08:00 86016 ----a-w- c:\windows\system32\icfupgd.dll
2009-09-11 08:00 . 2009-09-11 08:00 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2009-09-11 08:00 . 2009-09-11 08:00 61952 ----a-w- c:\windows\system32\cmifw.dll
2009-09-11 08:00 . 2009-09-11 08:00 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2009-09-11 08:00 . 2009-09-11 08:00 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2009-09-11 08:00 . 2009-09-11 08:00 16896 ----a-w- c:\windows\system32\wfapigp.dll
2009-09-11 08:00 . 2009-09-11 08:00 23040 ----a-w- c:\windows\system32\drivers\tunnel.sys
2009-09-11 08:00 . 2009-09-11 08:00 178688 ----a-w- c:\windows\system32\iphlpsvc.dll
2009-09-11 08:00 . 2009-09-11 08:00 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2009-09-11 07:56 . 2009-09-11 07:56 696832 ----a-w- c:\windows\system32\localspl.dll
2009-09-11 07:55 . 2009-09-11 07:55 88576 ----a-w- c:\windows\system32\avifil32.dll
2009-09-11 07:55 . 2009-09-11 07:55 82944 ----a-w- c:\windows\system32\mciavi32.dll
2003-12-07 06:12 . 2003-12-07 06:12 121856 --sha-w- c:\windows\System32\fpplock.exe
2007-02-21 19:49 . 2007-02-21 19:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18D03766-40B1-466E-8309-74CA2369AE0e}]
2009-10-28 02:04 268288 ----a-w- c:\windows\System32\browser32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 19:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-09-11 1232896]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-07-09 49968]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Steam"="c:\program files\Steam\Steam.exe" [2009-11-06 1217808]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2006-11-02 2159104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2009-09-11 1006264]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-28 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2009-03-28 92704]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 158448]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-01 149280]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Warning: do not remove it!"="fpplock.exe" - c:\windows\System32\fpplock.exe [2003-12-07 121856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WudfSvc]
@="Service"

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 10:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 10:42 AM 74480]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [9/26/2009 2:39 PM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [9/26/2009 2:39 PM 234888]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/12/2009 12:08 AM 24652]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 10:42 AM 7408]
R3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV 3.SYS [11/2/2006 2:25 AM 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTB S23.SYS [11/2/2006 2:25 AM 251904]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [10/7/2009 5:38 PM 722416]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\users\Buyer\AppData\Roaming\Mozilla\Firefox\Pro files\7ff39yq2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-WudfPf
SafeBoot-WudfRd



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-03 20:55
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-12-03 20:57
ComboFix-quarantined-files.txt 2009-12-04 04:57

Pre-Run: 158,290,051,072 bytes free
Post-Run: 158,286,893,056 bytes free

- - End Of File - - C58711474DE02AC7434BCD2E1B0FCAB8


Hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:42:27 PM, on 12/3/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16916)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\fpplock.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\s wg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Warning: do not remove it!] fpplock.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files\NavNetApp\ComUtilities.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 4306 bytes

softe

thanks for the help Respital, a friend of mine had the same issue and i found this thread just a few hours ago and we got it all fixed up, boy was his PC a mess hehe thanks again

__________________
free spyware removal tools - my Jewelry silver crystal glass beads

Respital

No problem, i suggest that you start a thread and post the logs though as there may still be an infection hiding.

__________________
Winner of Photo Tourney: Twilight
/My Rig:/
/Case :/ Antec Sonata III
/Power Supply :/ Antec Earthquake 500W
/Motherboard :/ Gigabyte P35-DSR3
/Processor :/ Intel E6850@3.4Ghz
/Ram :/ Consair 2x 1 Gb 800mhz
/Video Card :/ Radeon HD 5770 (Juniper XT) 1GB
/Monitor:/Samsung T220 w 20 000 : 1 Contrast and 2ms response time
/3DMark06 Score :/ 11730