Annoying virus.

dirtbikeryzz

dirtbikeryzz

New Member
When I'm browsing online sometimes im redirected to a random site, and other times a online scan pops up and trys to get me to download something, I then have to close everything to get it off. I've dealt with viruses before with Combofix, and superantispyware, but nothing i do will get rid of it. It also only happens in firefox not IE.
 
Did you look at the addons in firefox? I remember having something like this a while back, I think I had to do a system restore...
 
Belongs in the computer security sections Ill move it now
the legends there will deal with it :)
 
Flaring Afro said:
Did you look at the addons in firefox? I remember having something like this a while back, I think I had to do a system restore...
Click to expand...

When i went to do a system restore the only restore point was that very day, really weird because i normally have like 7 choices.
 
apj101 said:
Belongs in the computer security sections Ill move it now
the legends there will deal with it :)
Click to expand...

Legends? :D

@ OP you mentioned that you used ComboFix before please do the following so we can have an idea of what's going on with your system;

1. First Uninstall ComboFix using the guide below;

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    • CF_Cleanup.png
The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.

2. Run a scan with the most up to date version of ComboFix;


Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
NOTE: IF COMBOFIX FAILS TO RUN TRY RENAMING THE FILE TO 'ANYTHING.EXE' WITHOUT THE QUOTES

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

3. Run a scan with Malwarebytes' Anti-Malware, after updating it;


How to run a scan with Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware from Here , Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

4. Run a scan with HiJackThis;

How to run a scan and post a log with HiJackThis
Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

5. Finally post the following logs back in your reply(s);
  • The ComboFix log
  • Log from Malwarebytes'
  • An up to date HiJackThis log
  • An update on how your computer is running
 
Malwarebytes log

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 6.0.6000
Internet Explorer 7.0.6000.16916

12/3/2009 9:39:11 PM
mbam-log-2009-12-03 (21-39-11).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 184603
Time elapsed: 36 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\browser32.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18d03766-40b1-466e-8309-74ca2369ae0e} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{18d03766-40b1-466e-8309-74ca2369ae0e} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18d03766-40b1-466e-8309-74ca2369ae0e} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\browser32.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
C:\Windows\System32\brdgcfg32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.




ComboFix Log
ComboFix 09-12-03.04 - Buyer 12/03/2009 20:50.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3069.2248 [GMT -8:00]
Running from: c:\users\Buyer\Downloads\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-11-04 to 2009-12-04 )))))))))))))))))))))))))))))))
.

2009-12-04 04:55 . 2009-12-04 04:55 -------- d-----w- c:\users\Buyer\AppData\Local\temp
2009-12-04 04:55 . 2009-12-04 04:55 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-04 04:55 . 2009-12-04 04:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-04 04:49 . 2009-12-04 04:49 45056 d-----w- C:\32788R22FWJFW
2009-12-04 04:44 . 2009-12-04 04:44 -------- d-----w- c:\program files\Trend Micro
2009-12-04 04:42 . 2009-12-04 04:42 4844295 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-04 04:42 . 2009-12-04 04:42 -------- d-----w- c:\users\Buyer\AppData\Roaming\Malwarebytes
2009-12-04 04:42 . 2009-12-04 00:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-04 04:42 . 2009-12-04 00:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-04 04:42 . 2009-12-04 04:42 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-04 04:42 . 2009-12-04 04:42 -------- d-----w- c:\programdata\Malwarebytes
2009-12-03 03:11 . 2009-12-03 03:11 320000 ----a-w- c:\windows\system32\CF7363.exe
2009-12-03 03:10 . 2009-12-03 03:10 320000 ----a-w- c:\windows\system32\CF15727.exe
2009-11-30 06:46 . 2009-11-30 06:46 -------- d-----w- c:\windows\system32\xlive
2009-11-30 06:45 . 2009-11-30 06:46 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-11-30 06:42 . 2009-11-30 06:42 -------- d-----w- c:\windows\6833245EDD86479A882A8360D62C8194.TMP
2009-11-30 00:01 . 2007-06-29 22:47 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2009-11-30 00:01 . 2009-11-30 00:01 -------- d-----w- c:\program files\AMD
2009-11-29 23:55 . 2009-11-29 23:55 -------- d-----w- c:\users\Buyer\AppData\Local\Downloaded Installations
2009-11-29 06:54 . 2009-11-29 06:55 -------- d-----w- c:\users\Buyer\AppData\Roaming\Ventrilo
2009-11-29 06:54 . 2009-11-29 06:54 4096 d-----w- c:\program files\Ventrilo
2009-11-28 10:08 . 2009-11-28 10:08 -------- d-----w- c:\users\Buyer\AppData\Roaming\InstallShield
2009-11-25 11:00 . 2009-10-29 07:59 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 23:47 . 2009-08-10 13:05 2048 ----a-w- c:\windows\system32\msxml6r.dll
2009-11-24 23:47 . 2009-08-10 13:05 1406464 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 23:47 . 2009-08-10 13:05 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-11-24 23:47 . 2009-08-10 13:05 1260032 ----a-w- c:\windows\system32\msxml3.dll
2009-11-22 04:41 . 2009-11-22 04:41 12288 d-----w- c:\program files\Eusing Free Registry Cleaner
2009-11-21 22:12 . 2009-11-21 22:14 -------- d-----w- c:\users\Buyer\AppData\Local\ArmA
2009-11-21 10:00 . 2009-11-21 10:00 -------- d-----w- c:\users\Buyer\AppData\Roaming\gtk-2.0
2009-11-21 09:54 . 1998-10-03 03:00 327168 ----a-w- c:\windows\IsUninst.exe
2009-11-19 21:41 . 2009-11-19 21:41 -------- d-----w- c:\program files\SystemRequirementsLab
2009-11-19 21:41 . 2009-11-19 21:41 4096 d-----w- c:\users\Buyer\AppData\Roaming\SystemRequirementsLab
2009-11-19 21:41 . 2009-11-19 21:41 138240 ----a-w- c:\users\Buyer\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2009-11-19 21:41 . 2009-11-19 21:41 138240 ----a-w- c:\users\Buyer\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2009-11-19 21:41 . 2009-11-19 21:41 138240 ----a-w- c:\users\Buyer\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2009-11-19 21:41 . 2009-11-19 21:41 138240 ----a-w- c:\users\Buyer\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2009-11-19 21:41 . 2009-11-19 21:41 -------- d-----w- c:\windows\Sun
2009-11-19 00:54 . 2006-11-02 09:51 232040 ----a-w- c:\windows\system32\drivers\iastorv.sys
2009-11-18 04:35 . 2009-11-18 04:35 -------- d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2009-11-18 04:25 . 2009-11-18 04:34 -------- d-----w- C:\BDS
2009-11-18 04:19 . 2009-11-18 04:19 4096 d-----w- c:\program files\Folder Password Expert
2009-11-17 01:32 . 2009-09-05 01:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-11-17 01:32 . 2009-09-05 01:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-11-17 01:32 . 2009-09-05 01:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-11-17 01:32 . 2009-09-05 01:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-11-17 01:32 . 2009-09-05 01:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-11-17 01:32 . 2009-09-05 01:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-11-17 01:32 . 2009-09-05 01:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-11-17 01:32 . 2009-09-05 01:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-11-17 01:32 . 2008-07-31 18:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2009-11-17 01:32 . 2008-07-31 18:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2009-11-17 01:32 . 2008-07-31 18:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2009-11-11 14:33 . 2009-08-14 14:01 2031104 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 14:33 . 2009-08-10 13:08 321536 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-08 21:49 . 2009-11-08 21:49 -------- d-----w- c:\program files\Dreamcatcher
2009-11-07 07:20 . 2007-12-27 01:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2009-11-07 07:20 . 2007-12-27 01:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2009-11-06 04:17 . 2009-11-06 04:17 -------- d-----w- c:\users\Buyer\AppData\Roaming\The Creative Assembly
2009-11-06 03:03 . 2009-11-23 02:07 -------- d-----w- c:\program files\Common Files\Steam
2009-11-06 03:02 . 2009-12-04 04:48 8192 d-----w- c:\program files\Steam
2009-11-06 03:01 . 2008-10-27 18:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2009-11-06 03:01 . 2008-10-27 18:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2009-11-06 03:01 . 2008-10-27 18:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2009-11-06 03:01 . 2008-10-27 18:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2009-11-05 02:10 . 2009-11-21 21:56 -------- d-----w- c:\program files\OpenAL
2009-11-05 02:10 . 2009-11-05 02:10 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-11-05 02:10 . 2009-11-05 02:10 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-11-05 02:08 . 2009-11-05 02:08 -------- d-----w- c:\windows\system32\AGEIA
2009-11-05 02:06 . 2006-12-08 20:02 251672 ----a-w- c:\windows\system32\xactengine2_5.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-30 06:42 . 2009-09-23 04:25 4096 d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-30 06:22 . 2009-10-20 00:59 4096 d--h--w- c:\program files\InstallShield Installation Information
2009-11-30 00:03 . 2009-09-26 22:39 16384 d-----w- c:\users\Buyer\AppData\Roaming\Azureus
2009-11-28 12:37 . 2009-10-17 18:14 4096 d-----w- c:\users\Buyer\AppData\Roaming\vlc
2009-11-28 10:17 . 2009-10-23 02:36 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-28 10:08 . 2009-10-19 05:10 8192 d-----w- c:\program files\Common Files\Adobe
2009-11-25 15:40 . 2009-10-01 23:52 8192 d-----w- c:\users\Buyer\AppData\Roaming\LimeWire
2009-11-25 03:10 . 2009-10-11 00:54 4096 d-----w- c:\users\Buyer\AppData\Roaming\Tropico3
2009-11-21 09:34 . 2009-09-26 22:39 4096 d-----w- c:\program files\Vuze
2009-11-12 08:16 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-08 21:48 . 2009-10-08 01:45 -------- d-----w- c:\users\Buyer\AppData\Roaming\DAEMON Tools Lite
2009-11-03 04:42 . 2009-10-03 05:44 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-28 02:04 . 2009-10-28 02:04 268288 ----a-w- c:\windows\system32\browser32.dll
2009-10-28 02:04 . 2009-10-28 02:04 125440 ----a-w- c:\windows\system32\brdgcfg32.dll
2009-10-19 05:26 . 2009-09-11 04:49 48600 ----a-w- c:\users\Buyer\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-19 05:26 . 2009-10-19 05:26 -------- d-----w- c:\programdata\FLEXnet
2009-10-19 05:22 . 2009-10-19 05:22 4096 d-----w- c:\program files\Adobe Media Player
2009-10-19 05:20 . 2009-10-19 05:20 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-17 18:14 . 2009-10-17 18:14 -------- d-----w- c:\program files\VideoLAN
2009-10-17 05:54 . 2009-09-26 22:40 175 ----a-w- c:\users\Buyer\AppData\Roaming\Azureus\restart.bat
2009-10-08 01:51 . 2009-10-08 01:51 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2009-10-08 01:49 . 2009-10-08 01:49 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2009-10-08 01:49 . 2009-10-08 01:49 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf
2009-10-08 01:45 . 2009-10-08 01:45 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-10-08 01:45 . 2009-10-08 01:45 4096 d-----w- c:\program files\DAEMON Tools Lite
2009-10-08 01:43 . 2009-10-08 01:43 -------- d-----w- c:\programdata\DAEMON Tools Pro
2009-10-08 01:38 . 2009-10-08 01:38 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-08 01:38 . 2009-10-08 01:38 -------- d-----w- c:\users\Buyer\AppData\Roaming\DAEMON Tools Pro
2009-10-07 01:45 . 2009-10-07 01:45 4096 d-----w- c:\program files\NavNetApp
2009-10-07 01:45 . 2009-10-07 01:45 -------- d-----w- c:\users\Buyer\AppData\Roaming\NavNet Solutions
2009-10-01 23:49 . 2009-10-01 23:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-23 04:26 . 2009-09-23 04:26 117760 ----a-w- c:\users\Buyer\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-09-14 09:50 . 2009-10-16 00:53 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-12 10:00 . 2009-09-12 10:00 268800 ----a-w- c:\windows\system32\es.dll
2009-09-12 08:11 . 2009-09-12 08:11 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb2398.tmp.exe
2009-09-11 10:08 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-09-11 08:39 . 2009-09-11 08:39 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-09-11 08:39 . 2009-09-11 08:39 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-09-11 08:39 . 2009-09-11 08:39 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2009-09-11 08:39 . 2009-09-11 08:39 272896 ----a-w- c:\windows\system32\polstore.dll
2009-09-11 08:36 . 2009-09-11 08:36 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-09-11 08:36 . 2009-09-11 08:36 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-09-11 08:36 . 2009-09-11 08:36 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-09-11 08:33 . 2009-09-11 08:33 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2009-09-11 08:33 . 2009-09-11 08:33 87040 ----a-w- c:\windows\system32\msoert2.dll
2009-09-11 08:33 . 2009-09-11 08:33 205824 ----a-w- c:\windows\system32\msoeacct.dll
2009-09-11 08:30 . 2009-09-11 08:30 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2009-09-11 08:30 . 2009-09-11 08:30 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2009-09-11 08:30 . 2009-09-11 08:30 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2009-09-11 08:30 . 2009-09-11 08:30 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2009-09-11 08:30 . 2009-09-11 08:30 542720 ----a-w- c:\windows\system32\sysmain.dll
2009-09-11 08:29 . 2009-09-11 08:29 194560 ----a-w- c:\windows\system32\WebClnt.dll
2009-09-11 08:29 . 2009-09-11 08:29 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-09-11 08:28 . 2009-09-11 08:28 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-11 08:28 . 2009-09-11 08:28 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2009-09-11 08:28 . 2009-09-11 08:28 502272 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-11 08:28 . 2009-09-11 08:28 47104 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-11 08:28 . 2009-09-11 08:28 297984 ----a-w- c:\windows\system32\wlansec.dll
2009-09-11 08:28 . 2009-09-11 08:28 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-11 08:26 . 2009-09-11 08:26 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-09-11 08:26 . 2009-09-11 08:26 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-09-11 08:26 . 2009-09-11 08:26 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-09-11 08:26 . 2009-09-11 08:26 24064 ----a-w- c:\windows\system32\lpk.dll
2009-09-11 08:26 . 2009-09-11 08:26 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-09-11 08:26 . 2009-09-11 08:26 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-09-11 08:25 . 2009-09-11 08:25 49664 ----a-w- c:\windows\system32\csrsrv.dll
2009-09-11 08:25 . 2009-09-11 08:25 376320 ----a-w- c:\windows\system32\winsrv.dll
2009-09-11 08:23 . 2009-09-11 08:23 2855424 ----a-w- c:\windows\system32\mf.dll
2009-09-11 08:23 . 2009-09-11 08:23 98816 ----a-w- c:\windows\system32\mfps.dll
2009-09-11 08:23 . 2009-09-11 08:23 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2009-09-11 08:23 . 2009-09-11 08:23 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-09-11 08:23 . 2009-09-11 08:23 2048 ----a-w- c:\windows\system32\mferror.dll
2009-09-11 08:19 . 2009-09-11 08:19 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-09-11 08:18 . 2009-09-11 08:18 71680 ----a-w- c:\windows\system32\atl.dll
2009-09-11 08:17 . 2009-09-11 08:17 297472 ----a-w- c:\windows\system32\gdi32.dll
2009-09-11 08:15 . 2009-09-11 08:15 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-09-11 08:15 . 2009-09-11 08:15 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2009-09-11 08:13 . 2009-09-11 08:13 211456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-09-11 08:12 . 2009-09-11 08:12 374456 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-09-11 08:11 . 2009-09-11 08:11 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2009-09-11 08:11 . 2009-09-11 08:11 30208 ----a-w- c:\windows\system32\xolehlp.dll
2009-09-11 08:10 . 2009-09-11 08:10 156160 ----a-w- c:\windows\system32\wkssvc.dll
2009-09-11 08:09 . 2009-09-11 08:09 36352 ----a-w- c:\windows\system32\tsgqec.dll
2009-09-11 08:09 . 2009-09-11 08:09 1871872 ----a-w- c:\windows\system32\mstscax.dll
2009-09-11 08:09 . 2009-09-11 08:09 116736 ----a-w- c:\windows\system32\aaclient.dll
2009-09-11 08:08 . 2009-09-11 08:08 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-09-11 08:05 . 2009-09-11 08:05 414208 ----a-w- c:\windows\system32\msscp.dll
2009-09-11 08:00 . 2009-09-11 08:00 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2009-09-11 08:00 . 2009-09-11 08:00 86016 ----a-w- c:\windows\system32\icfupgd.dll
2009-09-11 08:00 . 2009-09-11 08:00 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2009-09-11 08:00 . 2009-09-11 08:00 61952 ----a-w- c:\windows\system32\cmifw.dll
2009-09-11 08:00 . 2009-09-11 08:00 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2009-09-11 08:00 . 2009-09-11 08:00 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2009-09-11 08:00 . 2009-09-11 08:00 16896 ----a-w- c:\windows\system32\wfapigp.dll
2009-09-11 08:00 . 2009-09-11 08:00 23040 ----a-w- c:\windows\system32\drivers\tunnel.sys
2009-09-11 08:00 . 2009-09-11 08:00 178688 ----a-w- c:\windows\system32\iphlpsvc.dll
2009-09-11 08:00 . 2009-09-11 08:00 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2009-09-11 07:56 . 2009-09-11 07:56 696832 ----a-w- c:\windows\system32\localspl.dll
2009-09-11 07:55 . 2009-09-11 07:55 88576 ----a-w- c:\windows\system32\avifil32.dll
2009-09-11 07:55 . 2009-09-11 07:55 82944 ----a-w- c:\windows\system32\mciavi32.dll
2003-12-07 06:12 . 2003-12-07 06:12 121856 --sha-w- c:\windows\System32\fpplock.exe
2007-02-21 19:49 . 2007-02-21 19:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18D03766-40B1-466E-8309-74CA2369AE0e}]
2009-10-28 02:04 268288 ----a-w- c:\windows\System32\browser32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 19:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-09-11 1232896]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-07-09 49968]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Steam"="c:\program files\Steam\Steam.exe" [2009-11-06 1217808]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2006-11-02 2159104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2009-09-11 1006264]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-28 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-28 92704]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 158448]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-01 149280]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Warning: do not remove it!"="fpplock.exe" - c:\windows\System32\fpplock.exe [2003-12-07 121856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 10:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 10:42 AM 74480]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [9/26/2009 2:39 PM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [9/26/2009 2:39 PM 234888]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/12/2009 12:08 AM 24652]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 10:42 AM 7408]
R3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [11/2/2006 2:25 AM 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [11/2/2006 2:25 AM 251904]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [10/7/2009 5:38 PM 722416]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\users\Buyer\AppData\Roaming\Mozilla\Firefox\Profiles\7ff39yq2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-WudfPf
SafeBoot-WudfRd



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-03 20:55
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-12-03 20:57
ComboFix-quarantined-files.txt 2009-12-04 04:57

Pre-Run: 158,290,051,072 bytes free
Post-Run: 158,286,893,056 bytes free

- - End Of File - - C58711474DE02AC7434BCD2E1B0FCAB8


Hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:42:27 PM, on 12/3/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16916)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\fpplock.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Warning: do not remove it!] fpplock.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files\NavNetApp\ComUtilities.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 4306 bytes
 
thanks for the help Respital, a friend of mine had the same issue and i found this thread just a few hours ago and we got it all fixed up, boy was his PC a mess hehe thanks again
 
softe said:
thanks for the help Respital, a friend of mine had the same issue and i found this thread just a few hours ago and we got it all fixed up, boy was his PC a mess hehe thanks again
Click to expand...

No problem, i suggest that you start a thread and post the logs though as there may still be an infection hiding.
 
@ dirtbikeryzz, how is your system running now? Also please do the following;

Optional - VIEWPOINT MANAGER
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". Read this article: http://www.clickz.com/news/article.php/3561546

Additional info: http://vil.nai.com/vil/content/v_137262.htm

I suggest you remove the program now.

Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar


Your call.
 
Ok everything was going good for about 2 days, then randomly today i started getting that online scan that won't let me close it unless i ctrl alt del.
 
dirtbikeryzz said:
Ok everything was going good for about 2 days, then randomly today i started getting that online scan that won't let me close it unless i ctrl alt del.
Click to expand...

Please run malwarebytes before running hijackthis and then post both logs for us please.
 
Malwarebytes log

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 6.0.6000
Internet Explorer 7.0.6000.16916

12/5/2009 5:54:05 PM
mbam-log-2009-12-05 (17-54-05).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 184693
Time elapsed: 37 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)






Hijack this log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:57:07 PM, on 12/5/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16916)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\fpplock.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Warning: do not remove it!] fpplock.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files\NavNetApp\ComUtilities.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 4439 bytes
 
Please update Malwarebytes' and re-run the full scan, the latest database version is 3302. Also please post another HiJackThis log after completing that.
 
Updated Malwarebytes log

Malwarebytes' Anti-Malware 1.42
Database version: 3302
Windows 6.0.6000
Internet Explorer 7.0.6000.16916

12/5/2009 6:46:51 PM
mbam-log-2009-12-05 (18-46-51).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 185225
Time elapsed: 36 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





hijack this log



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:54:43 PM, on 12/5/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16916)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\fpplock.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Vuze\Azureus.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Warning: do not remove it!] fpplock.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files\NavNetApp\ComUtilities.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 4420 bytes
 
Please do the following in order.

1. uninstall the version of combofix installed by clicking on start and type this in the search box without the quotes "combofix /u". This will uninstall combofix. It will act like its running again but its not.

2. Download the newest version of combofix here

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Save the download to your desktop.

It's a direct download link so once you click a download box will appear. Rerun combofix and post the log file from it.
 
johnb35 said:
Please do the following in order.

1. uninstall the version of combofix installed by clicking on start and type this in the search box without the quotes "combofix /u". This will uninstall combofix. It will act like its running again but its not.

2. Download the newest version of combofix here

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Save the download to your desktop.

It's a direct download link so once you click a download box will appear. Rerun combofix and post the log file from it.
Click to expand...


I've already did this step once but ok.
 
You must log in or register to reply here.
Back
Top