avast can't get rid of url:mal from wxw.cikh71ynks66.xcm which avast blocked.

[PaCKINheAT]

Just got a blue screen after i ran combofix a second time. assumed it was cause avast shields were running

[yongsua]

This is really an unknown site.What is the vendor of this website.

[Pondus]

Try cleaning your temp files

TFC - Temp File Cleaner by OldTimer
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/
TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

did it work ?

[nmb]

The reason for avast detecting as soon as you open your browser might be for 2 reasons :

1. The home page is set to that site or
2. If you have speed dials installed which connects as soon as you open the browser.

Let us know.

[PaCKINheAT]

-correction- when i go on firefox homepage. search for something and click a link. then it pops up and redirects me.

[nmb]

Some thing's not cooking good. Time for essexboy. I have msg'd him. He will be here soon, make sure you obey him

[PaCKINheAT]

ok

[PaCKINheAT]

i found some questionable files that i think may have something to do with it. but scans say its clean.

[PaCKINheAT]

speed dials is not installed and the homepage is set to the firefox homepage

[essexboy]

Hi there do you also get redirects in IE ?

Download OTL  to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
  
• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    

.
THEN

Please read carefully and follow these steps. 

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
   
   
  
   
   
  
• If an infected file is detected, the default action will be Cure, click on Continue.
   
   
  
   
   
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
   
   
  
   
   
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
   
   
  
   
   
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

[PaCKINheAT]

yes it does redirect in IE. and when im using firefox and not IE. IE will popup at random time on a blank page.  i recently found a file in the computers recovery drive called info.exe (original file name starturl.exe, creator xss, made in germany) and in the windows folder a zip folder called ubd.txt containing various malicious infected ips. theres about 20-40 sites in it. and before the ips are listed it shows 20-40 legitimate sites with a weird code at the end ex. wxww.youtube.xom^^10365^^^^1^0^0^0^0^0^0^0^0^0^0^0^none^-1^0^^. each ending is different. my main concern is if the two are related. also i found d:\autorun.inf with this code [AUTORUN]
SHELLEXECUTE=Info.exe folder.htt 480 480. when i click the info.exe i found the it brings up the blank IE page about 30 seconds later. do these have anything to do with my problem possibly. or is it something clean or infected?

[essexboy]

If you could run the programmes and then attach the logs I will be able to figure it out 

[PaCKINheAT]

ok. will do in about 2 hours. im mobile right now. i have otl on the computer in previous trys just to let ya know

[PaCKINheAT]

here is the logs. extra.txt for otl was not found.

[PaCKINheAT]

seems to have gotten rid of my problem. but after about 5 minutes after reboot. i got a avast message saying "suspicious files found. detected using a heuristic method. may be a sign of malware and please allow to be submitted to the virus lab for analysis. the file name system32\drivers\klmd.sys. what did that come from. it hasnt pop ed up before.