browser redirect, HELP!

J

jacman747

New Member
this problem is extremely annoying. about 70% of the time I click on google search links it redirects me to totally random sites (anything from different search engines to Saturns' car dealer site) I have run malwarebytes anti-malware and it removed a trojan dropper but that didn't fix it. it also does the same thing in IE and firefox any ideas? also here is the anti-malware log

Malwarebytes' Anti-Malware 1.43
Database version: 3497
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

05/01/2010 4:41:13 PM
mbam-log-2010-01-05 (16-41-13).txt

Scan type: Quick Scan
Objects scanned: 93004
Time elapsed: 4 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\spool\prtprocs\w32x86\ACFF.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.


and here is a Hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:51:41 PM, on 05/01/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 5052 bytes

(I am Running windows 7) Please help!
 
johnb35

johnb35

Administrator
Staff member
You are running outdated software but before we have you uninstall and get you updated do this.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
J

jacman

New Member
ComboFix 10-01-04.01 - Jordan 05/01/2010 17:40:58.1.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.2047.812 [GMT -4:00]
Running from: c:\users\Jordan\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-2537798931-174332685-3432204016-1006
c:\windows\system32\NTSVc.ocx

.
((((((((((((((((((((((((( Files Created from 2009-12-05 to 2010-01-05 )))))))))))))))))))))))))))))))
.

2010-01-05 21:37 . 2010-01-05 21:38 -------- d-----w- C:\32788R22FWJFW
2010-01-05 21:06 . 2010-01-05 21:06 52224 ----a-w- c:\users\Jordan\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-05 21:06 . 2010-01-05 21:06 117760 ----a-w- c:\users\Jordan\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-05 21:04 . 2010-01-05 21:04 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-01-05 21:04 . 2010-01-05 21:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-05 21:04 . 2010-01-05 21:04 -------- d-----w- c:\users\Jordan\AppData\Roaming\SUPERAntiSpyware.com
2010-01-05 21:04 . 2010-01-05 21:04 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-05 20:51 . 2010-01-05 20:51 -------- d-----w- c:\program files\Trend Micro
2010-01-05 20:34 . 2010-01-05 20:34 -------- d-----w- c:\users\Jordan\AppData\Roaming\Malwarebytes
2010-01-05 20:34 . 2009-12-30 18:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-05 20:34 . 2010-01-05 20:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-05 20:34 . 2010-01-05 20:34 -------- d-----w- c:\programdata\Malwarebytes
2010-01-05 20:34 . 2009-12-30 18:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 20:18 . 2010-01-05 20:18 -------- d-----w- C:\_OTL
2010-01-05 12:30 . 2010-01-05 02:22 15688 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-05 02:22 . 2010-01-05 02:22 314712 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-05 02:22 . 2010-01-05 02:22 25440 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\savapibridge.dll
2010-01-05 02:22 . 2010-01-05 02:22 15688 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-01-05 02:22 . 2010-01-05 02:22 168800 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-05 02:22 . 2010-01-05 02:22 349008 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-05 02:22 . 2010-01-05 02:22 17632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2010-01-05 02:22 . 2010-01-05 02:22 298336 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-01-05 02:22 . 2010-01-05 02:22 84320 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-01-05 02:21 . 2010-01-05 02:21 1630560 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-05 02:21 . 2010-01-05 02:21 246640 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-01-05 02:21 . 2010-01-05 02:21 40288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-01-05 02:21 . 2010-01-05 02:21 68640 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2010-01-05 02:21 . 2010-01-05 02:21 303976 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2010-01-05 02:21 . 2010-01-05 02:21 64160 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2010-01-05 02:21 . 2010-01-05 02:21 85352 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2010-01-05 02:21 . 2010-01-05 02:21 664936 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-05 02:21 . 2010-01-05 02:21 3695616 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-01-05 02:20 . 2010-01-05 02:20 562552 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-05 02:20 . 2010-01-05 02:20 566632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-01-05 02:20 . 2010-01-05 02:20 2353992 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-05 02:20 . 2010-01-05 02:20 640760 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2010-01-05 02:20 . 2010-01-05 02:20 520024 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-01-05 02:20 . 2010-01-05 02:20 1028432 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-01-05 02:14 . 2010-01-05 02:14 -------- dc-h--w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2010-01-05 02:14 . 2009-01-18 21:43 2892112 -c--a-w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2010-01-05 02:14 . 2010-01-05 02:22 -------- d-----w- c:\programdata\Lavasoft
2010-01-05 02:14 . 2010-01-05 02:14 -------- d-----w- c:\program files\Lavasoft
2010-01-05 02:02 . 2010-01-05 02:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-05 02:02 . 2010-01-05 02:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-05 00:45 . 2010-01-05 00:45 -------- d-----w- c:\program files\AskBarDis
2010-01-05 00:15 . 2010-01-05 00:15 -------- d-----w- c:\programdata\pixelStorm
2009-12-29 12:12 . 2009-12-26 13:04 761624 ----a-w- c:\programdata\avg8\update\backup\avgscanx.exe
2009-12-29 12:12 . 2009-12-26 13:04 339736 ----a-w- c:\programdata\avg8\update\backup\avgscanx.dll
2009-12-28 13:23 . 2009-12-26 13:04 758040 ----a-w- c:\programdata\avg8\update\backup\avginet.dll
2009-12-28 13:23 . 2009-12-26 13:04 1475352 ----a-w- c:\programdata\avg8\update\backup\avgupd.dll
2009-12-28 13:23 . 2009-12-26 13:04 1142552 ----a-w- c:\programdata\avg8\update\backup\avgupd.exe
2009-12-27 21:46 . 2010-01-05 21:34 -------- d-----w- c:\users\Jordan\Tracing
2009-12-27 21:43 . 2009-12-27 21:43 -------- d-----w- c:\program files\Microsoft
2009-12-27 21:43 . 2009-12-27 21:43 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-12-27 21:43 . 2009-12-27 21:43 -------- d-----w- c:\program files\Windows Live
2009-12-27 21:42 . 2009-12-27 21:42 -------- d-----w- c:\windows\PCHEALTH
2009-12-27 21:38 . 2009-12-27 21:38 -------- d-----w- c:\program files\Common Files\Windows Live
2009-12-26 21:22 . 2009-12-26 21:22 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-26 21:20 . 2009-11-20 11:08 38784 ----a-w- c:\users\Jordan\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-26 21:20 . 2009-12-26 21:20 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-26 21:20 . 2009-11-20 11:08 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-26 21:18 . 2009-12-26 21:23 -------- d-----w- c:\users\Jordan\AppData\Local\Adobe
2009-12-26 21:18 . 2009-12-26 21:18 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2009-12-26 21:18 . 2009-12-27 16:07 -------- d-----w- c:\programdata\NOS
2009-12-26 13:04 . 2010-01-05 12:54 -------- d-----w- c:\windows\system32\drivers\Avg
2009-12-26 13:04 . 2009-12-26 13:04 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-26 13:04 . 2009-12-26 13:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-26 13:04 . 2009-12-26 13:04 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-26 13:04 . 2009-12-26 13:04 -------- d-----w- c:\programdata\avg8
2009-12-26 13:04 . 2009-12-26 13:04 -------- d-----w- c:\program files\AVG
2009-12-25 15:19 . 2002-11-05 19:16 57344 ----a-w- c:\windows\system32\Wnaspint.dll
2009-12-25 15:19 . 2009-12-25 15:22 -------- d-----w- c:\program files\Acoustica MP3 CD Burner
2009-12-25 15:09 . 2000-09-16 06:33 284160 ----a-w- c:\windows\system32\Mmmpeg32.dll
2009-12-25 15:09 . 2000-07-04 03:51 86528 ----a-w- c:\windows\system32\lame_enc.dll
2009-12-25 15:09 . 2000-06-21 01:01 99328 ----a-w- c:\windows\system32\Cdrip.dll
2009-12-25 15:09 . 2000-05-02 16:09 256512 ----a-w- c:\windows\system32\MMCDDA32.dll
2009-12-25 15:09 . 1998-12-25 14:30 254976 ----a-w- c:\windows\system32\xaudio.dll
2009-12-25 15:09 . 1998-01-12 22:01 321536 ----a-w- c:\windows\system32\mmmpeg.dll
2009-12-25 14:21 . 2009-12-27 16:05 -------- d-----w- c:\program files\Feurio
2009-12-21 20:28 . 2009-12-21 20:28 -------- d-----w- c:\windows\system32\Macromed
2009-12-21 12:53 . 2009-12-21 12:53 -------- d--h--w- c:\programdata\CanonBJ
2009-12-21 12:53 . 2009-12-21 12:53 -------- d-----w- c:\users\Jordan\AppData\Local\ElevatedDiagnostics
2009-12-18 15:09 . 2010-01-05 01:13 -------- d-----w- c:\users\Jordan\Shared
2009-12-18 15:07 . 2010-01-05 02:22 -------- d-----w- c:\users\Jordan\Incomplete
2009-12-18 15:06 . 2009-12-18 15:07 -------- d-----w- c:\program files\Java
2009-12-18 15:06 . 2009-12-18 15:06 -------- d-----w- c:\program files\Common Files\Java
2009-12-18 15:05 . 2010-01-05 01:16 -------- d-----w- c:\users\Jordan\AppData\Roaming\mp3rocket
2009-12-18 15:05 . 2010-01-05 00:45 -------- d-----w- c:\program files\MP3 Rocket
2009-12-18 13:36 . 2009-12-18 13:36 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-12-18 13:36 . 2009-12-18 13:36 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-12-18 13:36 . 2009-12-26 13:04 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-18 13:16 . 2009-12-18 13:16 -------- d-----w- c:\users\Jordan\AppData\Local\Diagnostics
2009-12-18 13:11 . 2009-12-18 13:11 -------- d-----w- c:\users\Jordan\AppData\Roaming\KALiNKOsoft
2009-12-18 13:09 . 2008-04-14 00:11 619008 ----a-w- c:\windows\system32\dx7vb.dll
2009-12-18 13:09 . 2008-01-13 20:36 91632 ----a-w- c:\windows\system32\dsofile.dll
2009-12-18 13:09 . 2003-01-26 17:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2009-12-18 13:09 . 2001-04-05 10:43 94208 --s---r- c:\windows\system32\msstkprp.dll
2009-12-18 13:09 . 1998-06-18 04:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2009-12-18 13:09 . 2009-12-18 13:10 119296 ----a-w- c:\windows\system32\zlib.dll
2009-12-18 13:09 . 2008-01-13 23:59 36864 ----a-w- c:\windows\system32\dxinputdll.dll
2009-12-18 13:09 . 1999-05-17 17:55 57344 ------w- c:\windows\system32\ADsSecurity.dll
2009-12-18 13:09 . 2009-12-18 13:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-17 23:24 . 2009-12-17 19:32 -------- d-----w- c:\windows\Panther
2009-12-17 23:19 . 2009-12-17 23:19 -------- d-----w- C:\Windows.old
2009-12-17 21:11 . 2009-12-17 21:11 -------- d-----w- c:\programdata\Codemasters
2009-12-17 21:11 . 2009-12-17 21:11 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-12-17 21:11 . 2009-12-17 21:11 -------- d-----w- c:\windows\system32\xlive
2009-12-17 21:11 . 2010-01-05 21:04 -------- d-sh--w- c:\windows\Installer
2009-12-17 21:05 . 2009-12-17 21:05 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-17 21:05 . 2009-12-17 21:05 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-17 21:05 . 2009-12-17 21:05 -------- d-----w- c:\program files\OpenAL
2009-12-17 20:29 . 2009-12-17 20:29 -------- d-----w- c:\program files\Codemasters
2009-12-17 20:26 . 2009-12-17 20:26 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-17 20:26 . 2009-12-17 20:26 -------- d-----w- c:\program files\DAEMON Tools Pro
2009-12-17 20:25 . 2009-12-17 20:29 -------- d-----w- c:\users\Jordan\AppData\Roaming\DAEMON Tools Pro
2009-12-17 20:25 . 2009-12-17 20:26 -------- d-----w- c:\programdata\DAEMON Tools Pro
2009-12-17 20:02 . 2009-12-17 20:02 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2009-12-17 20:01 . 2009-12-17 20:01 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2009-12-17 20:01 . 2009-12-17 20:01 573760 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-17 19:59 . 2009-12-17 19:59 -------- d-----w- c:\users\Jordan\AppData\Local\Mozilla
2009-12-17 19:51 . 2009-11-03 00:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-17 19:39 . 2009-12-17 19:39 57560 ----a-w- c:\users\Jordan\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-17 19:36 . 2010-01-05 21:44 -------- d-----w- c:\windows\system32\wbem\Performance
2009-12-17 19:31 . 2009-12-17 19:31 -------- d-----w- C:\Recovery
2009-12-17 19:17 . 2009-12-17 23:23 -------- d-----w- C:\Boot

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-02 13:58 . 2009-06-10 21:19 142416 ----a-w- c:\windows\system32\drivers\nvstor.sys
2009-12-17 23:26 . 2009-12-17 23:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-11-06 14:59 . 2009-11-06 14:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 14:59 . 2009-11-06 14:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-11-02 22:05 . 2009-11-02 22:05 167064 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-02 22:05 . 2009-11-02 22:05 71832 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-09 02:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-16 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-28 2043160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-05 520024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 18:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2009-12-16 08:28 312640 ----a-w- c:\program files\DAEMON Tools Pro\DTProAgent.exe

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [26/12/2009 9:04 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [26/12/2009 9:04 AM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [16/12/2009 4:26 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [16/12/2009 4:26 PM 74480]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [26/12/2009 9:04 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [26/12/2009 9:04 AM 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 5:34 PM 1028432]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [04/01/2010 10:03 PM 1153368]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [17/12/2009 4:26 PM 691696]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/12/2009 4:27 PM 7408]
.
Contents of the 'Scheduled Tasks' folder

2010-01-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 02:20]
.
.
------- Supplementary Scan -------
.
uLocal Page =
uStart Page =
mLocal Page =
FF - ProfilePath - c:\users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\n6hntt58.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13116&gct=&gc=1&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-01-05 17:48:05
ComboFix-quarantined-files.txt 2010-01-05 21:48

Pre-Run: 35,753,934,848 bytes free
Post-Run: 35,546,857,472 bytes free

- - End Of File - - 7E54AEA6313BDFB5C01A56592E173037




and here's the HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:53:40 PM, on 05/01/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 4314 bytes



my computer seems to work a little better it doesn't redirect as much but it still does
and thanks for the ultra fast reply
 
johnb35

johnb35

Administrator
Staff member
Did you reboot the computer since running combofix? The reason being is the new hijackthis log doesn't show an active virus program running. However, we do have some cleanup to do.

You are running an outdated version of Java which could be causing your issue. Please go into add/remove programs and uninstall all versions of java listed and then go here and download the latest version.

http://www.java.com/en/download/index.jsp

You are also running an outdated version of AVG antivirus please uninstall that as well and then go here and download the latest version 9.0

http://download.cnet.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10320142.html?tag=mncol


Please reboot the computer if you have not and post a fresh hijackthis log.

Please download and run Ccleaner. Let it delete all your old temp files.

Get it here.

http://download.cnet.com/ccleaner/?tag=mncol If you need help running it let me know.

Also since you say you are still being redirected sometimes, please download,update and run Superantispyware.

http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html?tag=mncol

I also recommend uninstalling Adaware and start using Malwarebytes and superantispyware as your scanning programs from now on.
 
J

jacman

New Member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:25:25 PM, on 05/01/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 4416 bytes




I restarted and ran crap cleaner (love the name) updated java and the rediricting seems to have stopped Thank you very much for all your help and super fast replies really appreciate it.
 
johnb35

johnb35

Administrator
Staff member
i would go ahead and uninstall your version of avg and get the new version in that link i gave you.
 
J

jacman747

New Member
aaaarrrrrgggghhh it's back!

I thought the browser redirect thing had been taken care of but just now the stupid thing started doing it again and I know i didn't just get new adware cause i'm running spybot, AVG, and superantispyware. can someone help?
 
johnb35

johnb35

Administrator
Staff member
You have 2 accounts? Just because you are running those programs doesn't mean you can't get reinfected. Please post a fresh hijackthis log. I also recommend to run Malwarebytes before running hijackthis and post both logs.
 
J

jacman747

New Member
here is my malwarebytes log

Malwarebytes' Anti-Malware 1.43
Database version: 3497
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

07/01/2010 6:21:00 PM
mbam-log-2010-01-07 (18-21-00).txt

Scan type: Quick Scan
Objects scanned: 94948
Time elapsed: 5 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



and here is my hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:22:54 PM, on 07/01/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 4320 bytes
 
J

jacman747

New Member
ok I ran superantispyware and it took out a trojan and a bunch of tracking cookies i'll try this for a while and see if it works
 
J

jacman747

New Member
nope still the same problem and I ran superantispyware again and it took out another trojan and tracking cookies but it's still doing it
 
johnb35

johnb35

Administrator
Staff member
Can you list the trojan that it keeps taking out? Or is it a different one each time?
 
J

jacman747

New Member
ok heres the trojan according to the superantispyware log, and yes it is the same one every timeTrojan.SVCHost/Fake
C:\WINDOWS\TEMP\SQVP.TMP\SVCHOST.EXE
 
J

jacman747

New Member
already did and I set it to completely clean the temp folder and just about everywhere else. I also manually checked the temp folder and confirmed that the trojan is gone but it's STILL doing it this is really getting on my nerves.
 
J

jacman747

New Member
here's the combofix log

ComboFix 10-01-04.01 - Jordan 08/01/2010 20:03:17.2.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.2047.821 [GMT -4:00]
Running from: c:\users\Jordan\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskBarDis\bar\bin\askBar.dll

.
((((((((((((((((((((((((( Files Created from 2009-12-09 to 2010-01-09 )))))))))))))))))))))))))))))))
.

2010-01-09 00:08 . 2010-01-09 00:08 -------- d-----w- c:\users\Jordan\AppData\Local\temp
2010-01-09 00:08 . 2010-01-09 00:08 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-09 00:08 . 2010-01-09 00:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-09 00:00 . 2010-01-09 00:01 -------- d-----w- C:\32788R22FWJFW
2010-01-05 22:22 . 2010-01-05 22:22 -------- d-----w- c:\program files\CCleaner
2010-01-05 22:20 . 2010-01-05 22:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-05 22:20 . 2010-01-05 22:20 -------- d-----w- c:\program files\Java
2010-01-05 21:06 . 2010-01-05 21:06 52224 ----a-w- c:\users\Jordan\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-05 21:06 . 2010-01-05 21:06 117760 ----a-w- c:\users\Jordan\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-05 21:04 . 2010-01-05 21:04 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-01-05 21:04 . 2010-01-05 21:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-05 21:04 . 2010-01-05 21:04 -------- d-----w- c:\users\Jordan\AppData\Roaming\SUPERAntiSpyware.com
2010-01-05 21:04 . 2010-01-05 21:04 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-05 20:51 . 2010-01-05 20:51 -------- d-----w- c:\program files\Trend Micro
2010-01-05 20:34 . 2010-01-05 20:34 -------- d-----w- c:\users\Jordan\AppData\Roaming\Malwarebytes
2010-01-05 20:34 . 2009-12-30 18:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-05 20:34 . 2010-01-05 20:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-05 20:34 . 2010-01-05 20:34 -------- d-----w- c:\programdata\Malwarebytes
2010-01-05 20:34 . 2009-12-30 18:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 20:18 . 2010-01-05 20:18 -------- d-----w- C:\_OTL
2010-01-05 02:14 . 2010-01-05 22:14 -------- d-----w- c:\programdata\Lavasoft
2010-01-05 02:14 . 2010-01-05 22:14 -------- d-----w- c:\program files\Lavasoft
2010-01-05 02:02 . 2010-01-08 23:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-05 02:02 . 2010-01-05 02:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-05 00:45 . 2010-01-05 00:45 -------- d-----w- c:\program files\AskBarDis
2010-01-05 00:15 . 2010-01-05 00:15 -------- d-----w- c:\programdata\pixelStorm
2009-12-27 21:46 . 2010-01-08 12:31 -------- d-----w- c:\users\Jordan\Tracing
2009-12-27 21:43 . 2009-12-27 21:43 -------- d-----w- c:\program files\Microsoft
2009-12-27 21:43 . 2009-12-27 21:43 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-12-27 21:43 . 2009-12-27 21:43 -------- d-----w- c:\program files\Windows Live
2009-12-27 21:42 . 2009-12-27 21:42 -------- d-----w- c:\windows\PCHEALTH
2009-12-27 21:38 . 2009-12-27 21:38 -------- d-----w- c:\program files\Common Files\Windows Live
2009-12-26 21:22 . 2009-12-26 21:22 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-26 21:20 . 2009-11-20 11:08 38784 ----a-w- c:\users\Jordan\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-26 21:20 . 2009-12-26 21:20 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-26 21:20 . 2009-11-20 11:08 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-26 21:18 . 2009-12-26 21:23 -------- d-----w- c:\users\Jordan\AppData\Local\Adobe
2009-12-26 21:18 . 2009-12-26 21:18 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2009-12-26 21:18 . 2009-12-27 16:07 -------- d-----w- c:\programdata\NOS
2009-12-26 13:04 . 2010-01-07 22:12 -------- d-----w- c:\windows\system32\drivers\Avg
2009-12-26 13:04 . 2009-12-26 13:04 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-26 13:04 . 2009-12-26 13:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-26 13:04 . 2009-12-26 13:04 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-26 13:04 . 2009-12-26 13:04 -------- d-----w- c:\programdata\avg8
2009-12-26 13:04 . 2009-12-26 13:04 -------- d-----w- c:\program files\AVG
2009-12-25 15:19 . 2002-11-05 19:16 57344 ----a-w- c:\windows\system32\Wnaspint.dll
2009-12-25 15:19 . 2009-12-25 15:22 -------- d-----w- c:\program files\Acoustica MP3 CD Burner
2009-12-25 15:09 . 2000-09-16 06:33 284160 ----a-w- c:\windows\system32\Mmmpeg32.dll
2009-12-25 15:09 . 2000-07-04 03:51 86528 ----a-w- c:\windows\system32\lame_enc.dll
2009-12-25 15:09 . 2000-06-21 01:01 99328 ----a-w- c:\windows\system32\Cdrip.dll
2009-12-25 15:09 . 2000-05-02 16:09 256512 ----a-w- c:\windows\system32\MMCDDA32.dll
2009-12-25 15:09 . 1998-12-25 14:30 254976 ----a-w- c:\windows\system32\xaudio.dll
2009-12-25 15:09 . 1998-01-12 22:01 321536 ----a-w- c:\windows\system32\mmmpeg.dll
2009-12-25 14:21 . 2009-12-27 16:05 -------- d-----w- c:\program files\Feurio
2009-12-21 20:28 . 2009-12-21 20:28 -------- d-----w- c:\windows\system32\Macromed
2009-12-21 12:53 . 2009-12-21 12:53 -------- d--h--w- c:\programdata\CanonBJ
2009-12-21 12:53 . 2009-12-21 12:53 -------- d-----w- c:\users\Jordan\AppData\Local\ElevatedDiagnostics
2009-12-18 15:09 . 2010-01-07 01:35 -------- d-----w- c:\users\Jordan\Shared
2009-12-18 15:07 . 2010-01-07 01:40 -------- d-----w- c:\users\Jordan\Incomplete
2009-12-18 15:05 . 2010-01-07 01:30 -------- d-----w- c:\users\Jordan\AppData\Roaming\mp3rocket
2009-12-18 15:05 . 2010-01-07 01:31 -------- d-----w- c:\program files\MP3 Rocket
2009-12-18 13:36 . 2009-12-18 13:36 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-12-18 13:36 . 2009-12-18 13:36 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-12-18 13:36 . 2009-12-26 13:04 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-18 13:16 . 2009-12-18 13:16 -------- d-----w- c:\users\Jordan\AppData\Local\Diagnostics
2009-12-18 13:11 . 2009-12-18 13:11 -------- d-----w- c:\users\Jordan\AppData\Roaming\KALiNKOsoft
2009-12-18 13:09 . 2008-04-14 00:11 619008 ----a-w- c:\windows\system32\dx7vb.dll
2009-12-18 13:09 . 2008-01-13 20:36 91632 ----a-w- c:\windows\system32\dsofile.dll
2009-12-18 13:09 . 2003-01-26 17:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2009-12-18 13:09 . 2001-04-05 10:43 94208 --s---r- c:\windows\system32\msstkprp.dll
2009-12-18 13:09 . 1998-06-18 04:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2009-12-18 13:09 . 2009-12-18 13:10 119296 ----a-w- c:\windows\system32\zlib.dll
2009-12-18 13:09 . 2008-01-13 23:59 36864 ----a-w- c:\windows\system32\dxinputdll.dll
2009-12-18 13:09 . 1999-05-17 17:55 57344 ------w- c:\windows\system32\ADsSecurity.dll
2009-12-18 13:09 . 2009-12-18 13:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-17 23:24 . 2009-12-17 19:32 -------- d-----w- c:\windows\Panther
2009-12-17 23:19 . 2009-12-17 23:19 -------- d-----w- C:\Windows.old
2009-12-17 21:11 . 2009-12-17 21:11 -------- d-----w- c:\programdata\Codemasters
2009-12-17 21:11 . 2009-12-17 21:11 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-12-17 21:11 . 2009-12-17 21:11 -------- d-----w- c:\windows\system32\xlive
2009-12-17 21:11 . 2010-01-05 22:20 -------- d-sh--w- c:\windows\Installer
2009-12-17 21:05 . 2009-12-17 21:05 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-17 21:05 . 2009-12-17 21:05 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-17 21:05 . 2009-12-17 21:05 -------- d-----w- c:\program files\OpenAL
2009-12-17 20:29 . 2009-12-17 20:29 -------- d-----w- c:\program files\Codemasters
2009-12-17 20:26 . 2009-12-17 20:26 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-17 20:26 . 2009-12-17 20:26 -------- d-----w- c:\program files\DAEMON Tools Pro
2009-12-17 20:25 . 2009-12-17 20:29 -------- d-----w- c:\users\Jordan\AppData\Roaming\DAEMON Tools Pro
2009-12-17 20:25 . 2009-12-17 20:26 -------- d-----w- c:\programdata\DAEMON Tools Pro
2009-12-17 20:02 . 2009-12-17 20:02 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2009-12-17 20:01 . 2009-12-17 20:01 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2009-12-17 20:01 . 2009-12-17 20:01 573760 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-17 19:59 . 2009-12-17 19:59 -------- d-----w- c:\users\Jordan\AppData\Local\Mozilla
2009-12-17 19:51 . 2009-11-03 00:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-17 19:39 . 2009-12-17 19:39 57560 ----a-w- c:\users\Jordan\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-17 19:36 . 2010-01-09 00:07 -------- d-----w- c:\windows\system32\wbem\Performance
2009-12-17 19:31 . 2009-12-17 19:31 -------- d-----w- C:\Recovery
2009-12-17 19:17 . 2009-12-17 23:23 -------- d-----w- C:\Boot
2009-12-17 19:04 . 2009-12-17 12:45 73174624 ----a-w- C:\Win7-P-Retail-en-us-x86.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-06 17:09 . 2009-06-10 21:19 142416 ----a-w- c:\windows\system32\drivers\nvstor.sys
2009-12-17 23:26 . 2009-12-17 23:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-11-06 14:59 . 2009-11-06 14:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 14:59 . 2009-11-06 14:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-11-02 22:05 . 2009-11-02 22:05 167064 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-02 22:05 . 2009-11-02 22:05 71832 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-01-05_21.46.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-17 20:29 . 2010-01-08 12:32 18792 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-01-09 00:03 28306 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-17 23:30 . 2010-01-09 00:02 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-17 23:30 . 2010-01-05 21:39 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-03 11:32 . 2010-01-08 12:38 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
- 2010-01-03 11:32 . 2010-01-05 20:52 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2009-07-14 04:41 . 2010-01-09 00:02 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2010-01-05 21:39 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-17 19:34 . 2010-01-05 21:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-17 19:34 . 2010-01-09 00:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:34 . 2010-01-08 23:10 85960 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-12-17 19:34 . 2010-01-05 21:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-17 19:34 . 2010-01-09 00:04 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-17 19:34 . 2010-01-09 00:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-17 19:34 . 2010-01-05 21:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-17 19:34 . 2010-01-05 21:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-17 19:34 . 2010-01-09 00:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-17 20:13 . 2010-01-05 21:00 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-17 20:13 . 2010-01-09 00:05 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-17 20:13 . 2010-01-05 21:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2009-12-17 20:13 . 2010-01-09 00:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2009-12-17 20:13 . 2010-01-05 21:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2009-12-17 20:13 . 2010-01-09 00:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2009-12-17 19:34 . 2010-01-09 00:05 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-17 19:34 . 2010-01-05 21:39 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-17 19:34 . 2010-01-05 21:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-17 19:34 . 2010-01-09 00:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-17 19:34 . 2010-01-08 12:32 6070 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1530411505-2618041592-1277514061-1001_UserData.bin
- 2010-01-05 21:39 . 2010-01-05 21:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-01-09 00:02 . 2010-01-09 00:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-01-05 21:39 . 2010-01-05 21:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-01-09 00:02 . 2010-01-09 00:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-18 02:56 . 2010-01-08 21:20 260404 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:05 . 2010-01-09 00:07 619206 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-01-05 21:45 619206 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-01-09 00:07 107388 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2010-01-05 21:45 107388 c:\windows\System32\perfc009.dat
+ 2010-01-05 22:20 . 2010-01-05 22:20 149280 c:\windows\System32\javaws.exe
+ 2010-01-05 22:20 . 2010-01-05 22:20 145184 c:\windows\System32\javaw.exe
+ 2010-01-05 22:20 . 2010-01-05 22:20 145184 c:\windows\System32\java.exe
+ 2009-07-14 04:33 . 2010-01-08 12:28 266808 c:\windows\System32\FNTCACHE.DAT
- 2009-07-14 04:33 . 2010-01-05 21:33 266808 c:\windows\System32\FNTCACHE.DAT
- 2009-12-17 19:34 . 2010-01-05 21:39 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-12-17 19:34 . 2010-01-09 00:02 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-12-17 23:30 . 2010-01-09 00:02 147456 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 02:03 . 2010-01-06 02:08 6291456 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:03 . 2010-01-05 13:24 6291456 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-01-05 22:19 . 2010-01-05 22:19 12322816 c:\windows\Installer\1ff491.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-16 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-28 2043160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-05 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 18:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2009-12-16 08:28 312640 ----a-w- c:\program files\DAEMON Tools Pro\DTProAgent.exe

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [26/12/2009 9:04 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [26/12/2009 9:04 AM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [16/12/2009 4:26 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [16/12/2009 4:26 PM 74480]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [26/12/2009 9:04 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [26/12/2009 9:04 AM 297752]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [04/01/2010 10:03 PM 1153368]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [17/12/2009 4:26 PM 691696]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/12/2009 4:27 PM 7408]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uLocal Page =
uStart Page =
mLocal Page =
FF - ProfilePath - c:\users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\n6hntt58.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13116&gct=&gc=1&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-01-08 20:10:17
ComboFix-quarantined-files.txt 2010-01-09 00:10
ComboFix2.txt 2010-01-05 21:48

Pre-Run: 34,382,917,632 bytes free
Post-Run: 34,318,458,880 bytes free

- - End Of File - - D6FD36649B0F0625480524EC4186136C

it's still doing it
 
You must log in or register to reply here.
Top