Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Google redirecting

  1. #1
    Junior Member
    Join Date
    Jan 2010
    Posts
    28

    Default Google redirecting

    I, like many other people, have had issues where I would do a google search and click on a link, only to have it redirect me to a completely different site. I have Malwarebytes Anti-Malware installed, but since I installed Malwarebytes the problem almost seems to occur even more often now. Here is my HJT log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:13:50 AM, on 1/10/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (file missing)
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
    O4 - HKLM\..\Run: [combofix] "C:\Combo-Fix\CF31902.cfxxe" /c "C:\Combo-Fix\C.bat"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
    O4 - Global Startup: Wireless Connection Manager.lnk = ?
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary...s.cab57176.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/Messen....cab109791.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/sof...iveXPlugin.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor....cab102118.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab57213.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames...p.cab56961.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - http://secure.gopetslive.com/dev/GoPetsWeb.cab
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 10933 bytes

    I forgot to add, I have run ComboFix once recently, in case that makes a difference here. I was reading through the FAQ section and discovered that was a dangerous thing to do on my own, so just wanted to add that in case it makes a difference.
    Last edited by tashi; 2010-01-20 at 00:54. Reason: Merged two posts as helpers look for a zero response :-)

  2. #2
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hello cptbellamy

    Welcome to Safer Networking.

    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.


    Combofix can sometimes damage your system if not run correctly , please do not run any other program or scans unless asked to .


    Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

    O4 - HKLM\..\Run: [combofix] "C:\Combo-Fix\CF31902.cfxxe" /c "C:\Combo-Fix\C.bat"

    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe





    Go to your Add Remove Programs in the Control Panel and uninstall Viewpoint, it installs without your knowledge or consent, is considered Adware, uses system resources and is not needed for anything.






    C:\Combofix.txt <--You can find the Combofix log here, open it and copy and paste the log for me to see
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Junior Member
    Join Date
    Jan 2010
    Posts
    28

    Default

    I actually could not find the Combofix.txt file on my computer, I did a search for it and then looked for it manually in my C: drive, and it never came up. I remember I uninstalled Combofix not too long ago, so maybe that has something to do with it. Other than that, doing everything else you mentioned in your post went smoothly.

  4. #4
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi

    Please download RootRepeal one of these locations and save it to your desktop
    Here
    Here
    Here
    • Open on your desktop.
    • Click the tab.
    • Click the button.
    • Check just these boxes:
    • Push Ok
    • Check the box for your main system drive (Usually C:, and press Ok.
    • Allow RootRepeal to run a scan of your system. This may take some time.
    • Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your post.







    Download DDS by sUBs from one of the following links. Save it to your desktop.
    • DDS.com
    • DDS.scr
    • DDS.pif
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
    • Notepad will open with the results, click no to the Optional_Scan
    • Follow the instructions that pop up for posting the results.
    • Close the program window, and delete the program from your desktop.

    Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

    Information on A/V control Here
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Junior Member
    Join Date
    Jan 2010
    Posts
    28

    Default

    RootRepeal log:

    ROOTREPEAL (c) AD, 2007-2009
    ==================================================
    Scan Start Time: 2010/01/20 09:36
    Program Version: Version 1.3.5.0
    Windows Version: Windows XP SP3
    ==================================================

    Drivers
    -------------------
    Name: dump_atapi.sys
    Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
    Address: 0xF157A000 Size: 98304 File Visible: No Signed: -
    Status: -

    Name: dump_WMILIB.SYS
    Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
    Address: 0xF7BC4000 Size: 8192 File Visible: No Signed: -
    Status: -

    Name: PCI_PNP2330
    Image Path: \Driver\PCI_PNP2330
    Address: 0x00000000 Size: 0 File Visible: No Signed: -
    Status: -

    Name: rootrepeal.sys
    Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
    Address: 0xEE1E3000 Size: 49152 File Visible: No Signed: -
    Status: -

    Name: sptd
    Image Path: \Driver\sptd
    Address: 0x00000000 Size: 0 File Visible: No Signed: -
    Status: -

    Name: spzb.sys
    Image Path: spzb.sys
    Address: 0xF7468000 Size: 995328 File Visible: No Signed: -
    Status: -

    SSDT
    -------------------
    #: 011 Function Name: NtAdjustPrivilegesToken
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d825ee

    #: 017 Function Name: NtAllocateVirtualMemory
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xeecb5752

    #: 019 Function Name: NtAssignProcessToJobObject
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xeecb5440

    #: 025 Function Name: NtClose
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d82e6e

    #: 031 Function Name: NtConnectPort
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xeecb5482

    #: 035 Function Name: NtCreateEvent
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d83ef6

    #: 037 Function Name: NtCreateFile
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xeecb5530

    #: 041 Function Name: NtCreateKey
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d81498

    #: 043 Function Name: NtCreateMutant
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d83dce

    #: 044 Function Name: NtCreateNamedPipeFile
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d821f4

    #: 046 Function Name: NtCreatePort
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d83c8a

    #: 047 Function Name: NtCreateProcess
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xeecb5dd8

    #: 048 Function Name: NtCreateProcessEx
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xeecb5e64

    #: 050 Function Name: NtCreateSection
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d823b0

    #: 051 Function Name: NtCreateSemaphore
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d84028

    #: 052 Function Name: NtCreateSymbolicLinkObject
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d85c6a

    #: 053 Function Name: NtCreateThread
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xeecb5ef4

    #: 056 Function Name: NtCreateWaitablePort
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d83d2c

    #: 057 Function Name: NtDebugActiveProcess
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xeecb5580

    #: 063 Function Name: NtDeleteKey
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d81a5c

    #: 065 Function Name: NtDeleteValueKey
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d81dea

    #: 066 Function Name: NtDeviceIoControlFile
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d835d8

    #: 068 Function Name: NtDuplicateObject
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xeecb55c2

    #: 071 Function Name: NtEnumerateKey
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d81f2c

    #: 073 Function Name: NtEnumerateValueKey
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d81fd6

    #: 084 Function Name: NtFsControlFile
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d833e4

    #: 097 Function Name: NtLoadDriver
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xeecb5606

    #: 098 Function Name: NtLoadKey
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d81474

    #: 099 Function Name: NtLoadKey2
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d81486

    #: 108 Function Name: NtMapViewOfSection
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d85d1e

    #: 111 Function Name: NtNotifyChangeKey
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d82122

    #: 114 Function Name: NtOpenEvent
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d83f98

    #: 116 Function Name: NtOpenFile
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d82ef0

    #: 119 Function Name: NtOpenKey
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xeecb5648

    #: 120 Function Name: NtOpenMutant
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d83e66

    #: 122 Function Name: NtOpenProcess
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d827f4

    #: 125 Function Name: NtOpenSection
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xeecb568a

    #: 126 Function Name: NtOpenSemaphore
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d840ca

    #: 128 Function Name: NtOpenThread
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xeecb56cc

    #: 137 Function Name: NtProtectVirtualMemory
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xeecb579a

    #: 160 Function Name: NtQueryKey
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d82080

    #: 161 Function Name: NtQueryMultipleValueKey
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d81ca8

    #: 167 Function Name: NtQuerySection
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d86036

    #: 177 Function Name: NtQueryValueKey
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d818f8

    #: 180 Function Name: NtQueueApcThread
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d85984

    #: 192 Function Name: NtRenameKey
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d81b70

    #: 193 Function Name: NtReplaceKey
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d81312

    #: 194 Function Name: NtReplyPort
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d84454

    #: 195 Function Name: NtReplyWaitReceivePort
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d8431a

    #: 200 Function Name: NtRequestWaitReplyPort
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xeecb570e

    #: 204 Function Name: NtRestoreKey
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xeecb57dc

    #: 206 Function Name: NtResumeThread
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xeecb5824

    #: 207 Function Name: NtSaveKey
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d812aa

    #: 210 Function Name: NtSecureConnectPort
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xeecb58b4

    #: 213 Function Name: NtSetContextThread
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d82d2a

    #: 230 Function Name: NtSetInformationToken
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d84cac

    #: 237 Function Name: NtSetSecurityObject
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d857e8

    #: 240 Function Name: NtSetSystemInformation
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d86176

    #: 247 Function Name: NtSetValueKey
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xeecb5866

    #: 253 Function Name: NtSuspendProcess
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xeecb5958

    #: 254 Function Name: NtSuspendThread
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d86382

    #: 255 Function Name: NtSystemDebugControl
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xeecb599a

    #: 257 Function Name: NtTerminateProcess
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xeecb59dc

    #: 258 Function Name: NtTerminateThread
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d828c2

    #: 267 Function Name: NtUnmapViewOfSection
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf1d85eec

    #: 277 Function Name: NtWriteVirtualMemory
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xeecb5a2a

    ==EOF==

    DDS log:


    DDS (Ver_09-12-01.01) - NTFSx86
    Run by Compaq_Owner at 9:39:13.65 on Wed 01/20/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.59 [GMT -8:00]

    AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
    FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\PC Tools Firewall Plus\FWService.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
    C:\Program Files\D-Link\D-Link Wireless N USB Adapter DWA-130\wirelesscm.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
    c:\windows\system\hpsysdrv.exe
    C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com/
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
    mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 4.0\apdproxy.exe"
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
    mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\d-link wireless n usb adapter dwa-130\wirelesscm.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} - hxxp://messenger.zone.msn.com/binary/Upwords.cab57176.cab
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
    DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
    DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} - hxxp://www.instantaction.com/download/iaplayer.cab
    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} - hxxp://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
    DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxp://secure.gopetslive.com/dev/GoPetsWeb.cab
    TCP: {52CF82B7-ED7F-4895-8DE9-CD57711FC0A5} = 68.238.64.12,68.238.128.12
    Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} -
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: klogon - c:\windows\system32\klogon.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\qa478fak.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
    FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - HiddenExtension: XULRunner: {B6F48131-C733-477B-A02A-5EB6E47977A3} - c:\documents and settings\compaq_owner\local settings\application data\{B6F48131-C733-477B-A02A-5EB6E47977A3}
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: XULRunner: {764E3F99-A011-4765-8FD8-30C31EC2E696} - c:\documents and settings\compaq_owner\local settings\application data\{764E3F99-A011-4765-8FD8-30C31EC2E696}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

    ============= SERVICES / DRIVERS ===============

    R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
    R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
    R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-1-1 315408]
    R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-1-10 233136]
    R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340456]
    R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2010-1-10 88040]
    R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2010-1-10 818432]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
    R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2010-1-10 70664]
    R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2010-1-10 58816]
    R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2010-1-10 115216]
    S3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [2010-1-10 32680]

    =============== Created Last 30 ================

    2010-01-18 04:15:02 0 d-----w- c:\program files\Lucasarts
    2010-01-14 19:00:22 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2010-01-11 17:41:03 0 d-----w- c:\program files\DAEMON Tools Lite
    2010-01-10 23:47:39 0 d-----w- c:\program files\common files\xing shared
    2010-01-10 21:52:42 0 d-----w- c:\docume~1\compaq~1\applic~1\PCToolsFirewallPlus
    2010-01-10 21:50:34 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2010-01-10 21:50:34 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
    2010-01-10 21:50:34 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
    2010-01-10 21:50:34 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2010-01-10 21:50:31 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
    2010-01-10 21:50:31 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2010-01-10 21:49:26 7435 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.cat
    2010-01-10 21:49:26 7399 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.cat
    2010-01-10 21:49:26 70664 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
    2010-01-10 21:49:26 58816 ----a-w- c:\windows\system32\drivers\pctNdis.sys
    2010-01-10 21:49:26 32680 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
    2010-01-10 21:49:26 0 d-----w- c:\program files\common files\PC Tools
    2010-01-10 21:49:23 7383 ----a-w- c:\windows\system32\drivers\pctplfw.cat
    2010-01-10 21:49:23 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys
    2010-01-10 21:49:21 0 d-----w- c:\program files\PC Tools Firewall Plus
    2010-01-10 21:17:29 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
    2010-01-10 18:50:21 0 d-----w- c:\program files\Trend Micro
    2010-01-09 04:32:50 0 d-----w- c:\program files\AC3Filter
    2010-01-08 21:21:21 0 d-----w- c:\program files\SpywareBlaster
    2010-01-08 20:21:01 0 d-----w- c:\program files\Spybot - Search & Destroy
    2010-01-08 20:21:01 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2010-01-08 16:56:09 0 d-----w- c:\program files\common files\EasyInfo
    2010-01-06 23:49:09 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-01-06 23:47:19 0 d-----w- c:\docume~1\compaq~1\applic~1\DAEMON Tools Lite
    2010-01-06 23:47:02 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
    2010-01-06 19:39:31 0 d-----w- c:\program files\uTorrent
    2010-01-01 21:34:44 95259 ----a-w- c:\windows\system32\drivers\klick.dat
    2010-01-01 21:34:44 108059 ----a-w- c:\windows\system32\drivers\klin.dat
    2010-01-01 21:32:51 0 d-----w- c:\program files\Kaspersky Lab
    2010-01-01 21:32:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
    2010-01-01 21:29:04 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
    2010-01-01 19:07:54 50176 ----a-w- c:\windows\system32\proquota.exe
    2010-01-01 19:07:54 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
    2010-01-01 16:39:46 0 d-----w- c:\docume~1\compaq~1\applic~1\Malwarebytes
    2010-01-01 16:39:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-01 16:39:38 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-01-01 16:39:37 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-01-01 16:39:37 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-12-31 22:56:41 0 d-----w- c:\program files\EA GAMES
    2009-12-29 05:18:05 442368 ----a-r- c:\windows\system32\vp6vfw.dll

    ==================== Find3M ====================

    2010-01-10 23:47:16 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2009-11-13 22:05:50 4 ----a-w- c:\docume~1\compaq~1\applic~1\zxcvbd.dat
    2009-10-28 14:40:47 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe

    ============= FINISH: 9:40:40.57 ===============

  6. #6
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Are you being redirected to other sites with Firefox, or just IE or both ?


    Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

    Link 1
    Link 2







    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    • See this Link for programs that need to be disabled and instruction on how to disable them.
    • Remember to re-enable them when we're done.

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

    *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #7
    Junior Member
    Join Date
    Jan 2010
    Posts
    28

    Default

    It doesn't seem to redirect me in IE, but it definitely does in Firefox.

    Combofix log:

    ComboFix 10-01-19.08 - Compaq_Owner 01/20/2010 12:09:14.4.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.194 [GMT -8:00]
    Running from: c:\documents and settings\Compaq_Owner\Desktop\Combo-Fix.exe
    AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\service
    c:\windows\system32\service\21032009_TIS17_SfFniAU.log
    c:\windows\system32\service\24032009_TIS17_SfFniAU.log

    .
    ((((((((((((((((((((((((( Files Created from 2009-12-20 to 2010-01-20 )))))))))))))))))))))))))))))))
    .

    2010-01-18 04:15 . 2010-01-18 04:15 -------- d-----w- c:\program files\Lucasarts
    2010-01-14 19:00 . 2010-01-14 19:00 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2010-01-11 17:41 . 2010-01-11 17:41 -------- d-----w- c:\program files\DAEMON Tools Lite
    2010-01-10 23:47 . 2010-01-10 23:47 -------- d-----w- c:\program files\Common Files\xing shared
    2010-01-10 22:47 . 2010-01-10 22:47 -------- d-----w- c:\program files\Alwil Software
    2010-01-10 21:52 . 2010-01-10 21:53 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\PCToolsFirewallPlus
    2010-01-10 21:50 . 2009-11-23 21:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2010-01-10 21:50 . 2009-11-09 19:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2010-01-10 21:50 . 2010-01-19 16:48 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2010-01-10 21:49 . 2010-01-19 16:48 58816 ----a-w- c:\windows\system32\drivers\pctNdis.sys
    2010-01-10 21:49 . 2010-01-19 16:48 70664 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
    2010-01-10 21:49 . 2010-01-19 16:48 32680 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
    2010-01-10 21:49 . 2010-01-10 21:50 -------- d-----w- c:\program files\Common Files\PC Tools
    2010-01-10 21:49 . 2010-01-19 16:48 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys
    2010-01-10 21:49 . 2010-01-19 16:49 -------- d-----w- c:\program files\PC Tools Firewall Plus
    2010-01-10 21:17 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
    2010-01-10 19:10 . 2010-01-10 19:11 -------- d-----w- c:\program files\ERUNT
    2010-01-10 18:50 . 2010-01-10 18:50 -------- d-----w- c:\program files\Trend Micro
    2010-01-09 04:32 . 2010-01-09 04:32 -------- d-----w- c:\program files\AC3Filter
    2010-01-08 21:21 . 2010-01-20 19:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-01-08 21:21 . 2010-01-19 17:08 -------- d-----w- c:\program files\SpywareBlaster
    2010-01-08 20:21 . 2010-01-08 21:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-01-08 20:21 . 2010-01-08 20:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-01-08 16:56 . 2010-01-08 16:56 -------- d-----w- c:\program files\Common Files\EasyInfo
    2010-01-08 02:30 . 2010-01-08 02:30 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-01-08 01:25 . 2010-01-10 04:42 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\RcIncidents
    2010-01-06 23:49 . 2010-01-11 17:41 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-01-06 23:47 . 2010-01-07 00:51 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\DAEMON Tools Lite
    2010-01-06 23:47 . 2010-01-06 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
    2010-01-06 19:39 . 2010-01-09 17:18 -------- d-----w- c:\program files\uTorrent
    2010-01-01 21:34 . 2010-01-01 21:34 95259 ----a-w- c:\windows\system32\drivers\klick.dat
    2010-01-01 21:34 . 2010-01-01 21:34 108059 ----a-w- c:\windows\system32\drivers\klin.dat
    2010-01-01 21:32 . 2010-01-20 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
    2010-01-01 21:32 . 2010-01-01 21:32 -------- d-----w- c:\program files\Kaspersky Lab
    2010-01-01 21:29 . 2010-01-01 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
    2010-01-01 19:07 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
    2010-01-01 19:07 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
    2010-01-01 16:39 . 2010-01-01 16:39 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
    2010-01-01 16:39 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-01 16:39 . 2010-01-01 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-01-01 16:39 . 2010-01-08 02:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-01-01 16:39 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-31 22:56 . 2010-01-13 19:48 -------- d-----w- c:\program files\EA GAMES
    2009-12-29 06:22 . 2010-01-11 22:40 -------- d-----w- c:\program files\Electronic Arts
    2009-12-29 05:18 . 2005-09-28 04:11 442368 ----a-r- c:\windows\system32\vp6vfw.dll
    2009-12-25 03:04 . 2009-12-25 03:04 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\{764E3F99-A011-4765-8FD8-30C31EC2E696}

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-01-20 16:49 . 2008-12-02 04:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
    2010-01-20 16:07 . 2009-04-30 17:30 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\uTorrent
    2010-01-18 00:02 . 2008-01-13 01:29 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\LimeWire
    2010-01-10 23:48 . 2005-11-21 13:37 -------- d-----w- c:\program files\Common Files\Real
    2010-01-10 23:47 . 2003-03-19 11:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2010-01-10 23:29 . 2005-11-21 13:21 -------- d-----w- c:\program files\Java
    2010-01-01 16:01 . 2009-11-20 19:31 0 ----a-w- c:\windows\Olaxexug.bin
    2010-01-01 16:01 . 2009-11-28 05:48 120 ----a-w- c:\windows\Qqocujumuqob.dat
    2009-12-09 17:24 . 2008-05-26 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-11-25 18:42 . 2008-01-12 20:22 -------- d-----w- c:\program files\iTunes
    2009-11-25 18:40 . 2009-11-25 18:40 -------- d-----w- c:\program files\iPod
    2009-11-25 18:40 . 2008-01-12 20:20 -------- d-----w- c:\program files\Common Files\Apple
    2009-11-25 18:16 . 2009-11-25 18:13 -------- d-----w- c:\program files\QuickTime
    2009-11-25 17:56 . 2009-11-25 17:56 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
    2009-11-24 23:26 . 2008-01-15 02:14 54680 ----a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-11-24 17:12 . 2005-06-25 05:31 82623 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2009-11-24 17:11 . 2009-11-24 17:11 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
    2009-11-24 17:11 . 2009-11-24 17:11 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
    2009-11-24 17:11 . 2009-11-24 17:11 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
    2009-11-24 17:11 . 2009-11-24 17:11 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
    2009-11-24 17:11 . 2009-11-24 17:11 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
    2009-11-24 17:11 . 2009-11-24 17:11 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
    2009-11-24 17:11 . 2009-11-24 17:11 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
    2009-11-24 17:11 . 2009-11-24 17:11 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
    2009-11-24 11:07 . 2005-11-21 13:46 -------- d-----w- c:\program files\Microsoft Works
    2009-11-24 06:48 . 2009-11-24 06:48 -------- d-----w- c:\program files\Windows Resource Kits
    2009-11-23 23:14 . 2009-11-23 23:14 -------- d-----w- c:\program files\MSBuild
    2009-11-23 23:14 . 2009-11-23 23:14 -------- d-----w- c:\program files\Reference Assemblies
    2009-11-23 23:06 . 2009-11-23 23:06 -------- d-----w- c:\program files\MSXML 6.0
    2009-11-23 21:02 . 2009-11-23 21:02 152576 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
    2009-11-23 21:01 . 2009-11-23 21:01 79488 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
    2009-11-16 00:20 . 2010-01-09 01:13 16 ----a-w- c:\documents and settings\HelpAssistant\Application Data\zxcvbd.dat
    2009-11-14 15:22 . 2009-11-14 15:22 20 ----a-w- c:\documents and settings\NetworkService\Application Data\zxcvbd.dat
    2009-11-13 22:05 . 2009-11-13 22:05 4 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\zxcvbd.dat
    2009-10-29 07:45 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll
    2009-10-27 17:08 . 2009-10-27 17:08 152576 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-10 39408]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-10 198160]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
    "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-21 340456]
    "00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-19 3168216]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

    c:\documents and settings\HelpAssistant\Start Menu\Programs\Startup\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-21 27136]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2005-11-21 36903]
    Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link Wireless N USB Adapter DWA-130\wirelesscm.exe [2008-8-19 14020608]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader2
    "6112:TCP"= 6112:TCP:Blizzard Downloader

    R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
    R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [1/10/2010 1:50 PM 233136]
    R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [1/10/2010 1:50 PM 88040]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
    R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [1/10/2010 1:49 PM 70664]
    R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [1/10/2010 1:49 PM 58816]
    R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [1/10/2010 1:49 PM 115216]
    S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/6/2010 3:49 PM 691696]
    S3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [1/10/2010 1:49 PM 32680]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    TCP: {52CF82B7-ED7F-4895-8DE9-CD57711FC0A5} = 68.238.64.12,68.238.128.12
    DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxp://secure.gopetslive.com/dev/GoPetsWeb.cab
    FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qa478fak.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
    FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - HiddenExtension: XULRunner: {B6F48131-C733-477B-A02A-5EB6E47977A3} - c:\documents and settings\Compaq_Owner\Local Settings\Application Data\{B6F48131-C733-477B-A02A-5EB6E47977A3}
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF - HiddenExtension: XULRunner: {764E3F99-A011-4765-8FD8-30C31EC2E696} - c:\documents and settings\Compaq_Owner\Local Settings\Application Data\{764E3F99-A011-4765-8FD8-30C31EC2E696}
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-20 12:21
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1224)
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2010-01-20 12:28:53
    ComboFix-quarantined-files.txt 2010-01-20 20:28

    Pre-Run: 128,543,019,008 bytes free
    Post-Run: 128,599,609,344 bytes free

    - - End Of File - - FECC0672AF22A0AA3FC1D02F5165A702

    HijackThis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:38:30 PM, on 1/20/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\PC Tools Firewall Plus\FWService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
    C:\Program Files\D-Link\D-Link Wireless N USB Adapter DWA-130\wirelesscm.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (file missing)
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
    O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
    O4 - Global Startup: Wireless Connection Manager.lnk = ?
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary...s.cab57176.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/Messen....cab109791.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/sof...iveXPlugin.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor....cab102118.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab57213.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames...p.cab56961.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - http://secure.gopetslive.com/dev/GoPetsWeb.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{52CF82B7-ED7F-4895-8DE9-CD57711FC0A5}: NameServer = 68.238.64.12,68.238.128.12
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe

    --
    End of file - 11752 bytes

  8. #8
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    Please download GooredFix from one of the locations below and save it to your

    Desktop

    Download Mirror #1
    Download Mirror #2
    • Ensure all Firefox windows are closed.
    • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
    • When prompted to run the scan, click Yes.
    • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #9
    Junior Member
    Join Date
    Jan 2010
    Posts
    28

    Default

    GooredFix by jpshortstuff (08.01.10.1)
    Log created at 14:48 on 20/01/2010 (Compaq_Owner)
    Firefox version 3.5.7 (en-US)

    ========== GooredScan ==========

    Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{B6F48131-C733-477B-A02A-5EB6E47977A3} -> Success!
    Deleting C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\{B6F48131-C733-477B-A02A-5EB6E47977A3} -> Success!
    Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{764E3F99-A011-4765-8FD8-30C31EC2E696} -> Success!
    Deleting C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\{764E3F99-A011-4765-8FD8-30C31EC2E696} -> Success!

    ========== GooredLog ==========

    C:\Program Files\Mozilla Firefox\extensions\
    linkfilter@kaspersky.ru [21:35 01/01/2010]
    {972ce4c6-7e08-4474-a285-3208198ce6fd} [03:28 17/11/2008]
    {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [18:49 17/04/2009]
    {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [23:18 12/06/2009]
    {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [06:07 26/08/2009]
    {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [17:11 27/10/2009]
    {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [21:04 23/11/2009]

    C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qa478fak.default\extensions\
    {20a82645-c095-46ed-80e3-08825760534b} [23:05 24/11/2009]
    {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [22:14 10/01/2010]

    [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
    "jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [18:48 17/04/2009]
    "{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [23:16 23/11/2009]
    "{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="c:\program files\real\realplayer\browserrecord\firefox\ext" [23:48 10/01/2010]

    -=E.O.F=-

  10. #10
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Great, try Firefox and see if your still be redirected
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •