Unable to remove what was detected by my antivirus

It seems to still be running a little sluggish. Out of nowhere my browser will redirect me to another site telling me I have a virus.
 
Hi,

Does redirecting occur with both Internet Explorer and Firefox?

Start Malwarebytes' Anti-Malware, update definitions on update tab and run a quick scan letting found items to be removed. Post back the report.

Run ComboFix and let it update itself. Post back the report.
 
The malwarebytes didn't find anything.

ComboFix 09-11-25.01 - Amanda 11/25/2009 16:32.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.589 [GMT -6:00]
Running from: c:\documents and settings\Amanda\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.

((((((((((((((((((((((((( Files Created from 2009-10-25 to 2009-11-25 )))))))))))))))))))))))))))))))
.

2009-11-20 01:52 . 2009-11-06 15:20 34112 ----a-w- c:\documents and settings\Amanda\Application Data\Mozilla\Firefox\Profiles\5943iofy.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
2009-11-20 01:52 . 2009-11-06 15:20 32448 ----a-w- c:\documents and settings\Amanda\Application Data\Mozilla\Firefox\Profiles\5943iofy.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-11-20 01:52 . 2009-11-06 15:20 22352 ----a-w- c:\documents and settings\Amanda\Application Data\Mozilla\Firefox\Profiles\5943iofy.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-11-12 19:09 . 2009-11-12 19:09 -------- d-----w- c:\program files\Trend Micro
2009-11-12 19:06 . 2009-11-12 19:06 -------- d-----w- c:\program files\ERUNT
2009-11-12 18:53 . 2009-11-12 18:53 53248 ----a-r- c:\documents and settings\Amanda\Application Data\Microsoft\Installer\{F574616C-4C15-49CE-9C98-E998CD80264A}\ARPPRODUCTICON.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-25 22:32 . 2009-04-18 21:57 81984 ----a-w- c:\windows\system32\bdod.bin
2009-11-25 22:19 . 2009-04-18 16:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-25 22:19 . 2009-06-14 20:33 4045528 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-11-21 18:15 . 2009-05-20 20:42 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-20 23:18 . 2009-05-12 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-12 21:59 . 2009-07-07 22:46 256 ----a-w- c:\windows\system32\pool.bin
2009-11-12 18:53 . 2009-07-07 22:28 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-10-26 01:56 . 2009-09-07 12:03 -------- d-----w- c:\program files\Google
2009-10-26 00:06 . 2009-07-30 20:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-10-26 00:06 . 2009-07-30 20:53 -------- d-----w- c:\program files\Yahoo!
2009-10-26 00:01 . 2009-08-22 23:29 -------- d-----w- c:\documents and settings\Amanda\Application Data\IGN_DLM
2009-10-26 00:00 . 2009-08-23 01:50 -------- d-----w- c:\program files\Cryptic Studios
2009-10-04 03:08 . 2009-10-04 03:08 -------- d-----w- c:\program files\Windows Media Connect 2
2009-09-30 22:37 . 2009-09-30 22:37 1417353 ----a-w- c:\documents and settings\All Users\Application Data\NeoEdge Networks\Yahoo_HiddenSecretNightmar\IAF.dll
2009-09-30 22:37 . 2009-09-30 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\NeoEdge Networks
2009-09-24 21:49 . 2009-04-17 02:25 29520 ----a-w- c:\documents and settings\Amanda\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-11 14:18 . 2003-07-16 16:31 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 20:54 . 2009-04-18 16:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 20:53 . 2009-04-18 16:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2003-07-16 16:29 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-30 14:44 . 2009-08-30 14:44 507904 ----a-r- c:\windows\system32\btwapi.dll
2009-08-29 08:08 . 2003-07-16 16:45 916480 ------w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-19_02.17.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-22 09:47 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
- 2008-10-22 09:47 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2009-10-04 03:08 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
- 2009-10-04 03:08 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2009-10-26 00:22 . 2009-11-20 01:53 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2009-10-26 00:22 . 2009-10-26 00:22 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-11-25 09:00 . 2009-11-25 09:00 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2009-11-25 09:00 . 2009-11-25 09:00 429568 c:\windows\Installer\14ed436.msi
+ 2009-07-21 06:03 . 2009-07-21 06:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2009-04-18 16:54 . 2009-07-31 16:05 1372672 c:\windows\system32\msxml6.dll
+ 2009-07-21 06:05 . 2009-07-21 06:05 1348432 c:\windows\system32\msxml4.dll
+ 2003-07-16 16:31 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2009-04-18 16:54 . 2009-07-31 16:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2006-09-13 05:01 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2009-04-18 368640]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Button Manager.lnk - c:\program files\HP\Button Manager\BM.exe [2009-7-29 266240]
Magic-i.lnk - c:\program files\ArcSoft\Magic-i 3\Magic-i.exe [2009-7-29 530944]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [1/25/2008 2:40 PM 86792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2009-11-22 c:\windows\Tasks\DriverRobot.job
- c:\program files\Driver Robot\DriverRobot.exe [2009-04-18 21:51]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Amanda\Application Data\Mozilla\Firefox\Profiles\5943iofy.default\
FF - plugin: c:\documents and settings\Amanda\Application Data\Mozilla\Firefox\Profiles\5943iofy.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-25 16:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(968)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(5032)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-11-25 16:39
ComboFix-quarantined-files.txt 2009-11-25 22:39
ComboFix2.txt 2009-11-21 18:28
ComboFix3.txt 2009-11-21 18:09
ComboFix4.txt 2009-11-19 02:23

Pre-Run: 65,495,568,384 bytes free
Post-Run: 65,553,620,992 bytes free

- - End Of File - - CE1908011A0672C8A5827F0A5A33607C
 
IrishEyes this thread has been closed due to inactivity.

As it has been four days or more since your last post, it will not be re-opened.

If you still require help, please start a new topic and include a new HijackThis log with a link to your previous thread.

Please do not add any logs that might have been requested previously, you would be starting fresh.

Applies only to the original poster, anyone else with similar problems please start your own topic.

Thank you Blade81.
 
You must log in or register to reply here.
Back
Top