Sicne a few days Firefox (used exclusively) and MS IE (used only in case sites do not work in Firefox) are redirecting from a few website logins to the domain pinaccesscode.com. Teh infection, if there is any, can only have occured from Firefox or any other non IE software.

Please note that we have second computer at home that is affected by exactly the same phenomenon. I have even used a laptop that I brought from work, to try - and it showed imemdiately the same phenomenon when attempting to login to the sites in question. this leads me top think that maybe my ISP's setup is infested. I am in Congo DRC (Oops!) and have a WiMax 128 kbps subscription.

Here (and attached) is the DDS log you requested in the waiting room:
.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Frank at 7:30:33 on 2011-06-10
.
============== Running Processes ===============
.
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\xpv10_6147v005\wdm\stacsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CachemanXP\CachemanXP.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\OEM13Mon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\TNTWin\TNTWin.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ICQ7.5\ICQ.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\AppServ\MySQL\bin\mysqld-nt.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Frank\Desktop\dds.com
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [GBMLite8AgentLaCie] "c:\program files\lacie\genie backup assistant\GBMAgent.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [ICQ] "c:\program files\icq7.5\ICQ.exe" silent loginmode=4
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [GBMLite8AgentLaCie] "c:\program files\lacie\genie backup assistant\GBMAgent.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [OEM13Mon.exe] c:\windows\OEM13Mon.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [TNTWin] c:\program files\tntwin\TNTWin.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NeroCheck] c:\windows\system32\\NeroCheck.exe
mRun: [VertrigoServ] "c:\program files\vertrigoserv\Vertrigo.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-explorer: NoSMBalloonTip = 0 (0x0)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
IE: Add to Local Website Archive - c:\documents and settings\frank\application data\aignes\local website archive\config\iearc.htm
IE: Add to WebSite-Watcher - c:\documents and settings\frank\application data\aignes\website-watcher\config\settings\wswie.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\icq7.5\ICQ.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} - c:\program files\drmbuster\YouTubeRipper.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1302913523750
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{F3F58A37-7A5F-4D0A-9CBF-C7D42C0EAF1D} : DhcpNameServer = 192.168.1.1 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\frank\application data\mozilla\firefox\profiles\q2rzhbxq.default\
FF - prefs.js: browser.search.selectedEngine - Google.com (in English)
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? GSService;GSService
R? MpKsl1e20de19;MpKsl1e20de19
R? MpKsldb427e24;MpKsldb427e24
R? MpKslf2db722e;MpKslf2db722e
R? SMServer;SMServer
R? WinRM;Windows Remote Management (WS-Management)
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? AESTAud;AE Audio Service
S? Apache2.2;Apache2.2
S? CachemanXPService;CachemanXP
S? DbusAudio;DbusAudio
S? MpFilter;Microsoft Malware Protection Driver
S? MpKsl0f0ba6a3;MpKsl0f0ba6a3
S? MpKsl8c6e272c;MpKsl8c6e272c
S? OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.
S? OEM13Vfx;Creative Camera OEM013 Video VFX Driver
S? OEM13Vid;Creative Camera OEM013 Driver
.
=============== Created Last 30 ================
.
2011-06-10 00:18:13 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{43287d52-951e-4678-a2c8-1b15d62601b1}\MpKsl0f0ba6a3.sys
2011-06-10 00:16:43 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{43287d52-951e-4678-a2c8-1b15d62601b1}\mpengine.dll
2011-06-09 22:13:23 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-06-09 21:31:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-09 21:31:42 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-06-09 21:12:46 -------- d-----w- c:\program files\ICQ7.5
2011-06-05 19:38:28 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2011-06-05 19:38:28 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-06-05 19:38:28 103168 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2011-06-05 19:38:28 101120 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-06-05 19:38:28 100992 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-06-05 14:04:01 -------- d-----w- c:\program files\Mobile Partner
2011-06-04 14:00:57 -------- d-----w- c:\program files\common files\Digidesign
2011-06-04 14:00:56 -------- d-----w- c:\program files\Wave Arts
2011-05-30 12:43:50 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-05-30 12:43:50 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-05-18 19:13:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-15 08:23:31 -------- d-----w- c:\documents and settings\frank\application data\DDMSettings
2011-05-12 04:36:10 293376 ------w- c:\windows\system32\browserchoice.exe
.
==================== Find3M ====================
.
2011-06-09 16:59:44 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2011-06-08 16:25:08 58288 ----a-w- c:\windows\system32\rpcnet.dll
2011-05-04 03:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 01:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-27 18:17:34 0 ----a-w- C:\TNT_DOWG.TMP
2011-04-23 15:31:04 2272 ----a-w- c:\windows\system32\w95inf16.dll
2011-04-23 15:31:03 4608 ----a-w- c:\windows\system32\w95inf32.dll
2011-04-23 09:39:41 360580 ----a-w- c:\windows\eSellerateEngine.dll
2011-04-19 16:44:52 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2011-04-14 18:43:53 58288 ------w- c:\windows\system32\rpcnet.exe
2011-04-06 15:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 15:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 15:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-31 23:05:48 5688 ----a-w- c:\windows\system32\DbusVideo.sys
2011-03-31 23:05:48 14392 ----a-w- c:\windows\system32\DbusVideo.dll
2011-03-31 23:05:42 23608 ----a-w- c:\windows\system32\drivers\DbusAudio.sys
2011-03-31 23:05:42 23608 ----a-w- c:\windows\system32\DbusAudio.sys
2011-03-31 14:55:16 745472 ----a-w- c:\windows\system32\GSService.exe
2011-03-31 13:05:16 243712 ----a-w- c:\windows\system32\snmvtsvc.exe
.
============= FINISH: 7:33:16.75 ===============

Hi,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent


I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red). Post fresh dds logs when done.

Thank you very much indeed, dear Blade81. The issue is resolved. I will, however, take precautions with regard to the infestation potential that P2P connections are prone to. The issue is - as I suspected - with the local Congolese ISP who don't care about securing their DNS setup and particularly not their proxy that seems to be heavily infested through manipulated resolution tables that redirect to cracker domains that attempt to capture passwords. I've had that issue with redirections from numerous legitimate sites' domain names ... until I tried bypassng the ISP's DNS and/or proxy that *cannot* *be* *changed* by the user of the WiMax device. After successfully browsing trough "anonymisation" web site based services (You enter the target URL in a website interface that calls the previously inaccessible server from its own network), I am using a paid JonDo account to circumvent the ISP's messed-with setup. Everything's fine now and I can continue accessing the services that are vital to my business.

Thank you very much again for the assistance you have provided.

Best regards,
Frank

Ok, thanks for letting us know :)