Links get redirected when clicked

Hey guys,

When I make a search in a search engine (like Google) and click on a link, I often get redirected to a random page. So I have to copy and paste the link location into the address bar and access the website from there. My mum also uses the same computer, on her user account and the same happens to her.. and she's asking me to sort it out!

Another thing I have been experiencing lately is getting redirected to another one of those fake antivirus systems... just a webpage though, not an actual program. It comes up with all the stuff about how i've got viruses and need to get rid of them, and then comes up with a download window. I usually have to go into the task manager here to close the Firefox window, because the pop-up won't let me click the cross to close the window.

I'm just wondering if anyone can help me stop the links redirecting and the fake antivirus webpage alert.

Thanks alot,
Matt.

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

Hi Belahzur,

I installed Combo-Fix the way you told me. I ran it. It scanned my computer and stuff going through each stage but then it suddenly turned to a blue screen and said that a serious error had occurred or something. It told me to restart the computer and gave me instructions what to do if it appeared again.

I used Combo-Fix a few days ago and it worked fine. I posted the log but I didn't get a reply. If this helps, here is the log from when I used Combo-Fix the other day. I used Combo-Fix back then for the same reason (pages redirecting).


SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 20:54 on 30/11/2009 by Matt (Administrator - Elevation successful)

========== filefind ==========

Searching for "a347scsi.sys"
C:\WINDOWS\system32\drivers\a347scsi.sys ------ 5248 bytes [16:20 03/08/2009] [08:33 30/04/2004] 113E4B318BBAA7483CA4E582A4D63F49

Searching for "iastor.sys"
C:\dell\MEDIAEXE\RepFiles\iastor.sys --a--- 871040 bytes [11:04 06/01/2006] [13:28 25/04/2005] D593517879E65167DF35F6015814AC59
C:\drivers\storage\sata\onboard\iastor.sys --a--- 872064 bytes [11:04 06/01/2006] [12:33 17/06/2005] 9A65E42664D1534B68512CAAD0EFE963
C:\i386\iaStor.sys --a--- 872064 bytes [23:48 03/07/2009] [12:33 17/06/2005] 9A65E42664D1534B68512CAAD0EFE963
C:\WINDOWS\system32\drivers\iastor.sys --a--- 872064 bytes [11:04 06/01/2006] [00:22 30/11/2009] 9A65E42664D1534B68512CAAD0EFE963

-=End Of File=-

If you didn't get a reply, you should of bumped the topic, we try not to miss anyway but sometimes we do, they manage to slip past our view.

That log is from SystemLook, not Combofix.

Hey Belahzur,

Ooh right sorry. The topic I started previously was about something else and I was asking for extra so I thought I needed to start a new topic or something Thanks alot, I'll remember that in future!

Ohhh damn! So it is! Well here is the Combofix log from when I did it a week ago, if this is okay? Or I could try running Combofix again? (I don't want to mess up my computer or anything though haha:

Here is the log:

ComboFix 09-11-29.02 - Matt 30/11/2009 0:30.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.196 [GMT 0:00]
Running from: c:\documents and settings\Matt\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\Drivers\a347scsi.sys . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-30 )))))))))))))))))))))))))))))))
.

2009-11-29 19:40 . 2009-11-29 19:40 4045528 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-11-29 19:39 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-29 19:39 . 2009-11-29 19:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-29 19:39 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-29 16:44 . 2009-11-06 09:00 2064152 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-11-29 16:44 . 2009-11-03 13:44 3513624 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-11-29 16:44 . 2009-11-03 13:44 2028312 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
2009-11-29 16:32 . 2009-11-29 16:32 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-27 23:15 . 2009-11-27 23:15 -------- d-----w- c:\documents and settings\LocalService\IETldCache
2009-11-27 15:33 . 2009-11-27 15:33 -------- d-----w- c:\documents and settings\Ann\Application Data\Apple Computer
2009-11-25 23:27 . 2009-11-25 23:27 -------- d-----w- c:\documents and settings\Ann\Local Settings\Application Data\Temp
2009-11-25 10:40 . 2009-11-25 10:40 -------- d-----w- C:\found.000
2009-11-22 20:08 . 2009-11-22 20:08 4286 ----a-r- c:\documents and settings\Matt\Application Data\Microsoft\Installer\{D2D1CFB2-1B70-451C-AD66-3193368B7683}\_B9F43533A67D917C3D3CFD.exe
2009-11-22 20:08 . 2009-11-22 20:08 4286 ----a-r- c:\documents and settings\Matt\Application Data\Microsoft\Installer\{D2D1CFB2-1B70-451C-AD66-3193368B7683}\_377F621D98CD78E4DC325F.exe
2009-11-20 17:37 . 2009-11-20 17:37 -------- d-----w- c:\program files\Microsoft
2009-11-19 00:46 . 2009-11-19 00:48 20798256 ----a-w- c:\documents and settings\Matt\Application Data\Adobe\Acrobat\6.0\Updater\AdbeRdr70_enu_full.exe
2009-11-15 12:01 . 2009-11-15 12:01 -------- d-----w- c:\documents and settings\Malc\Application Data\DivX
2009-11-15 12:01 . 2009-11-15 12:01 -------- d-----w- c:\documents and settings\Malc\Application Data\Media Player Classic
2009-11-14 22:20 . 2009-11-14 22:22 -------- d-----w- c:\documents and settings\Matt\Local Settings\Application Data\Temp
2009-11-14 22:20 . 2009-11-14 22:20 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-11-14 22:19 . 2009-11-14 22:24 -------- d-----w- c:\documents and settings\Matt\Local Settings\Application Data\Google
2009-11-14 22:19 . 2009-11-14 22:23 -------- d-----w- c:\program files\Google
2009-11-14 19:57 . 2009-11-14 19:58 -------- d-----w- c:\documents and settings\Matt\Application Data\Media Player Classic
2009-11-14 19:46 . 2009-11-14 19:46 -------- d-----w- c:\documents and settings\Matt\Application Data\DivX
2009-11-14 19:43 . 2009-09-25 16:42 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-11-14 19:43 . 2009-09-25 16:42 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-11-14 19:43 . 2009-09-25 16:42 129784 ------w- c:\windows\system32\pxafs.dll
2009-11-14 19:42 . 2009-11-14 19:52 -------- d-----w- c:\program files\DivX
2009-11-14 19:42 . 2009-11-14 19:43 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-14 19:39 . 2001-11-09 00:19 53248 ----a-w- c:\windows\system32\MMTray.exe
2009-11-14 19:39 . 2002-01-16 13:45 224256 ----a-w- c:\windows\system32\MMIJG32.dll
2009-11-14 19:39 . 2009-11-14 19:39 -------- d-----w- c:\program files\Morgan
2009-11-14 19:24 . 2009-11-14 19:24 -------- d-----w- c:\program files\4Videosoft Studio
2009-11-08 11:20 . 2009-11-27 15:33 -------- d-----w- c:\documents and settings\Ann\Local Settings\Application Data\Apple Computer
2009-11-04 17:07 . 2009-11-04 17:07 -------- d-----w- c:\program files\iPod
2009-11-04 17:07 . 2009-11-04 17:07 -------- d-----w- c:\program files\iTunes
2009-11-04 17:01 . 2009-11-04 17:01 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-03 21:20 . 2009-11-03 21:20 152576 ----a-w- c:\documents and settings\Matt\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-02 14:10 . 2009-11-02 14:10 -------- d-----w- c:\documents and settings\Matt\Local Settings\Application Data\Yahoo
2009-11-02 14:07 . 2009-11-02 14:07 -------- d-----w- c:\documents and settings\Matt\Application Data\Yahoo!
2009-11-02 14:05 . 2009-11-02 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-11-02 14:05 . 2009-11-02 18:37 -------- d-----w- c:\program files\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-30 00:22 . 2006-01-06 11:04 872064 ----a-w- c:\windows\system32\drivers\iastor.sys
2009-11-30 00:10 . 2009-07-14 16:20 -------- d-----w- c:\documents and settings\Matt\Application Data\uTorrent
2009-11-29 16:31 . 2009-07-14 16:20 -------- d-----w- c:\program files\uTorrent
2009-11-24 23:54 . 2009-07-14 22:11 -------- d-----w- c:\documents and settings\Matt\Application Data\vlc
2009-11-22 20:10 . 2009-10-09 13:37 -------- d-----w- c:\program files\FriendAdderElite
2009-11-19 00:46 . 2009-07-27 17:50 -------- d-----w- c:\documents and settings\Matt\Application Data\AdobeUM
2009-11-18 14:15 . 2009-08-30 00:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-14 19:57 . 2009-11-14 19:54 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-11-14 19:53 . 2006-01-06 11:31 -------- d-----w- c:\program files\Common Files\Real
2009-11-12 11:08 . 2009-07-05 23:45 33768 ----a-w- c:\documents and settings\Matt\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-09 18:00 . 2009-11-14 19:54 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-05 15:27 . 2009-10-19 23:28 -------- d-----w- c:\documents and settings\Matt\Application Data\Apple Computer
2009-11-04 17:07 . 2009-10-19 23:23 -------- d-----w- c:\program files\Common Files\Apple
2009-11-03 21:26 . 2006-01-06 11:25 -------- d-----w- c:\program files\Java
2009-10-28 15:14 . 2009-07-11 13:32 30984 ----a-w- c:\documents and settings\Ann\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-21 13:28 . 2009-10-19 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-19 23:28 . 2009-10-19 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-19 23:27 . 2009-10-19 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-19 23:27 . 2009-10-19 23:27 -------- d-----w- c:\program files\Bonjour
2009-10-19 23:27 . 2006-01-06 11:32 -------- d-----w- c:\program files\QuickTime
2009-10-19 23:24 . 2009-10-19 23:24 -------- d-----w- c:\program files\Apple Software Update
2009-10-11 04:17 . 2009-08-28 12:36 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-09 13:29 . 2009-10-09 13:29 -------- d-----w- c:\program files\Myspace Marketing Manager
2009-10-09 12:55 . 2009-10-09 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-10-09 12:26 . 2009-10-09 12:26 -------- d-----w- c:\program files\DAMN NFO Viewer
2009-10-09 11:43 . 2009-10-08 09:30 -------- d-----w- c:\program files\FriendBlasterPro
2009-09-29 12:23 . 2009-09-29 12:23 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-25 16:42 . 2009-07-01 22:54 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-09-25 16:42 . 2009-07-01 22:54 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-09-25 16:42 . 2005-04-25 02:03 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys
2009-09-19 21:59 . 2009-09-19 21:56 52770576 ----a-w- c:\documents and settings\Matt\Application Data\Sony Setup\64993CD0-67D1-4244-A2BC-FD73F4DA5B62\dotnetfx3.exe
2009-09-11 14:18 . 2004-08-10 12:51 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-10 12:51 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

c:\windows\System32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-07-08 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe " [X]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-29 2029336]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-1-6 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 11:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [03/08/2009 16:20 5248]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [03/07/2009 23:53 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [03/07/2009 23:53 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/07/2009 23:52 297752]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [03/07/2009 23:52 908056]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14/11/2009 22:20 135664]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [03/08/2009 16:20 160640]
.
Contents of the 'Scheduled Tasks' folder

2009-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-14 22:19]

2009-08-30 c:\windows\Tasks\User_Feed_Synchronization-{E388B728-B4AA-4974-A125-80116E5C1734}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell.co.uk/myway
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
FF - ProfilePath - c:\documents and settings\Matt\Application Data\Mozilla\Firefox\Profiles\r7hezc8q.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - c:\documents and settings\Matt\My Documents\Downloads\HijackThis.exe
AddRemove-QcDrv - c:\program files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE UNINSTALL REMOVEPROMPT



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-30 01:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82D2D618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf85dff28
\Driver\ACPI -> ACPI.sys @ 0xf8472cb8
\Driver\atapi -> atapi.sys @ 0xf8355852
\Driver\iaStor -> iastor.sys @ 0xf8379b10
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Intel(R) PRO/1000 PL Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf8249bb0
PacketIndicateHandler -> NDIS.sys @ 0xf8256a21
SendHandler -> NDIS.sys @ 0xf823487b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(768)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3420)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-11-30 02:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-30 02:00

Pre-Run: 171,901,964,288 bytes free
Post-Run: 174,601,830,400 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - F320AA2CF2C536E76470B28F9B4B9112

Hello.
Nearly done.

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

Hey!
Thanks man!

Here are the results:

µTorrent
~[s p a m]~ Video Converter Platinum
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Media Player
Adobe Reader 7.0
AOL You've Got Pictures Screensaver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ARTEuro
ATI Control Panel
ATI Display Driver
avast! Antivirus
Bonjour
Camtasia Studio 6
CCleaner (remove only)
Conexant D850 56K V.9x DFVc Modem
Dell Driver Reset Tool
Dell Media Experience
Dell Support 5.0.0 (630)
Digital Line Detect
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
EPSON Printer Software
EPSON Scan
Free YouTube to MP3 Converter version 3.2
FriendAdderElite
FriendBlasterPro
Google Earth
Google Update Helper
GTA San Andreas
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Intel Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 17
K-Lite Mega Codec Pack 5.4.4
Learn2 Player (Uninstall Only)
Logitech QuickCam Software
Malwarebytes' Anti-Malware
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
Modem Helper
Morgan M-JPEG codec V3
Mozilla Firefox (3.5.5)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 6.0 Parser (KB925673)
Myspace Marketing Manager 2.20
MyWay Search Assistant
NetWaiting
P2P_Energy Toolbar
PowerDVD 5.5
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Sony Vegas Pro 8.0
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Viewpoint Media Player
VLC media player 1.0.0
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

µTorrent
Java 2 Runtime Environment, SE v1.4.2_03
MyWay Search Assistant
Viewpoint Media Player

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   KILLALL::
   
   FCopy::
   c:\windows\$NtServicePackUninstall$\eventlog.dll | c:\windows\System32\eventlog.dll
   

   
   
4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.
   

Hey!
Here is the log:

ComboFix 09-12-07.01 - Matt 07/12/2009 23:13.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.159 [GMT 0:00]
Running from: c:\documents and settings\Matt\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Matt\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 091207-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\Microsoft\WLSetup
c:\documents and settings\All Users\Application Data\Microsoft\WLSetup\Logs\2009-07-07_14-10_b14-daj8qfb3.log
c:\documents and settings\All Users\Application Data\Microsoft\WLSetup\Logs\2009-11-12_11-08_c9c-t9jq2t2p.log
c:\documents and settings\All Users\Application Data\Microsoft\WLSetup\Logs\2009-11-20_17-31_a64-0n1ysqh8.log
c:\documents and settings\All Users\Application Data\Microsoft\WLSetup\wltF5.tmp

.
--------------- FCopy ---------------

c:\windows\$NtServicePackUninstall$\eventlog.dll --> c:\windows\System32\eventlog.dll
.
((((((((((((((((((((((((( Files Created from 2009-11-07 to 2009-12-07 )))))))))))))))))))))))))))))))
.

2009-12-07 23:13 . 2004-08-04 05:00 55808 ----a-w- c:\windows\system32\eventlog.dll
2009-12-07 23:13 . 2004-08-04 05:00 55808 ----a-w- c:\windows\system32\dllcache\eventlog.dll
2009-11-30 21:06 . 2009-11-30 21:11 -------- d-----w- c:\documents and settings\Matt\Application Data\Movie Torrent
2009-11-30 21:06 . 2009-11-30 21:06 -------- d-----w- c:\documents and settings\Matt\Local Settings\Application Data\Conduit
2009-11-30 21:06 . 2009-11-30 21:06 -------- d-----w- c:\program files\Conduit
2009-11-30 21:06 . 2009-11-30 21:06 -------- d-----w- c:\documents and settings\Matt\Local Settings\Application Data\P2P_Energy
2009-11-30 21:06 . 2009-11-30 21:06 -------- d-----w- c:\program files\P2P_Energy
2009-11-30 21:04 . 2009-11-30 21:55 -------- d-----w- c:\program files\Movie Torrent
2009-11-30 16:53 . 2009-12-07 11:42 34160 ----a-w- c:\documents and settings\Malc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-30 16:15 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-30 16:15 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-30 16:15 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-30 16:15 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-30 16:15 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-30 16:15 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-30 16:15 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-30 16:15 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-30 16:14 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-30 16:14 . 2009-11-30 16:14 -------- d-----w- c:\program files\Alwil Software
2009-11-30 15:34 . 2009-11-30 15:34 -------- d-----w- C:\AVGTemp
2009-11-29 19:40 . 2009-11-29 19:40 4045528 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-11-29 19:39 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-29 19:39 . 2009-11-29 19:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-29 19:39 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-29 16:32 . 2009-11-29 16:32 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-27 23:15 . 2009-11-27 23:15 -------- d-----w- c:\documents and settings\LocalService\IETldCache
2009-11-27 15:33 . 2009-11-27 15:33 -------- d-----w- c:\documents and settings\Ann\Application Data\Apple Computer
2009-11-25 23:27 . 2009-11-25 23:27 -------- d-----w- c:\documents and settings\Ann\Local Settings\Application Data\Temp
2009-11-25 10:40 . 2009-11-25 10:40 -------- d-----w- C:\found.000
2009-11-22 20:08 . 2009-11-22 20:08 4286 ----a-r- c:\documents and settings\Matt\Application Data\Microsoft\Installer\{D2D1CFB2-1B70-451C-AD66-3193368B7683}\_B9F43533A67D917C3D3CFD.exe
2009-11-22 20:08 . 2009-11-22 20:08 4286 ----a-r- c:\documents and settings\Matt\Application Data\Microsoft\Installer\{D2D1CFB2-1B70-451C-AD66-3193368B7683}\_377F621D98CD78E4DC325F.exe
2009-11-20 17:37 . 2009-11-20 17:37 -------- d-----w- c:\program files\Microsoft
2009-11-15 12:01 . 2009-11-15 12:01 -------- d-----w- c:\documents and settings\Malc\Application Data\DivX
2009-11-15 12:01 . 2009-11-15 12:01 -------- d-----w- c:\documents and settings\Malc\Application Data\Media Player Classic
2009-11-14 22:20 . 2009-12-06 22:34 -------- d-----w- c:\documents and settings\Matt\Local Settings\Application Data\Temp
2009-11-14 22:20 . 2009-11-14 22:20 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-11-14 22:19 . 2009-12-06 22:35 -------- d-----w- c:\program files\Google
2009-11-14 22:19 . 2009-11-14 22:24 -------- d-----w- c:\documents and settings\Matt\Local Settings\Application Data\Google
2009-11-14 19:57 . 2009-11-14 19:58 -------- d-----w- c:\documents and settings\Matt\Application Data\Media Player Classic
2009-11-14 19:46 . 2009-11-14 19:46 -------- d-----w- c:\documents and settings\Matt\Application Data\DivX
2009-11-14 19:43 . 2009-09-25 16:42 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-11-14 19:43 . 2009-09-25 16:42 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-11-14 19:43 . 2009-09-25 16:42 129784 ------w- c:\windows\system32\pxafs.dll
2009-11-14 19:42 . 2009-11-14 19:52 -------- d-----w- c:\program files\DivX
2009-11-14 19:42 . 2009-11-14 19:43 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-14 19:39 . 2001-11-09 00:19 53248 ----a-w- c:\windows\system32\MMTray.exe
2009-11-14 19:39 . 2002-01-16 13:45 224256 ----a-w- c:\windows\system32\MMIJG32.dll
2009-11-14 19:39 . 2009-11-14 19:39 -------- d-----w- c:\program files\Morgan
2009-11-14 19:24 . 2009-11-14 19:24 -------- d-----w- c:\program files\4Videosoft Studio
2009-11-08 11:20 . 2009-11-27 15:33 -------- d-----w- c:\documents and settings\Ann\Local Settings\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-07 23:07 . 2006-01-06 11:25 -------- d-----w- c:\program files\Java
2009-12-07 23:06 . 2009-07-14 16:20 -------- d-----w- c:\documents and settings\Matt\Application Data\uTorrent
2009-12-06 21:45 . 2009-07-14 22:11 -------- d-----w- c:\documents and settings\Matt\Application Data\vlc
2009-12-05 18:50 . 2009-07-05 23:45 34160 ----a-w- c:\documents and settings\Matt\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-03 00:46 . 2006-01-06 11:04 872064 ----a-w- c:\windows\system32\drivers\iastor.sys
2009-12-01 19:54 . 2009-07-27 17:50 -------- d-----w- c:\documents and settings\Matt\Application Data\AdobeUM
2009-11-22 20:10 . 2009-10-09 13:37 -------- d-----w- c:\program files\FriendAdderElite
2009-11-18 14:15 . 2009-08-30 00:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-14 19:57 . 2009-11-14 19:54 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-11-14 19:53 . 2006-01-06 11:31 -------- d-----w- c:\program files\Common Files\Real
2009-11-09 18:00 . 2009-11-14 19:54 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-05 15:27 . 2009-10-19 23:28 -------- d-----w- c:\documents and settings\Matt\Application Data\Apple Computer
2009-11-04 17:07 . 2009-11-04 17:07 -------- d-----w- c:\program files\iTunes
2009-11-04 17:07 . 2009-11-04 17:07 -------- d-----w- c:\program files\iPod
2009-11-04 17:07 . 2009-10-19 23:23 -------- d-----w- c:\program files\Common Files\Apple
2009-11-04 17:01 . 2009-11-04 17:01 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-03 21:20 . 2009-11-03 21:20 152576 ----a-w- c:\documents and settings\Matt\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-02 18:37 . 2009-11-02 14:05 -------- d-----w- c:\program files\Yahoo!
2009-11-02 16:09 . 2009-11-02 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-11-02 14:07 . 2009-11-02 14:07 -------- d-----w- c:\documents and settings\Matt\Application Data\Yahoo!
2009-10-28 15:14 . 2009-07-11 13:32 30984 ----a-w- c:\documents and settings\Ann\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-21 13:28 . 2009-10-19 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-19 23:28 . 2009-10-19 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-19 23:27 . 2009-10-19 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-19 23:27 . 2009-10-19 23:27 -------- d-----w- c:\program files\Bonjour
2009-10-19 23:27 . 2006-01-06 11:32 -------- d-----w- c:\program files\QuickTime
2009-10-19 23:24 . 2009-10-19 23:24 -------- d-----w- c:\program files\Apple Software Update
2009-10-11 04:17 . 2009-08-28 12:36 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-09 13:29 . 2009-10-09 13:29 -------- d-----w- c:\program files\Myspace Marketing Manager
2009-10-09 12:55 . 2009-10-09 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-10-09 12:26 . 2009-10-09 12:26 -------- d-----w- c:\program files\DAMN NFO Viewer
2009-10-09 11:43 . 2009-10-08 09:30 -------- d-----w- c:\program files\FriendBlasterPro
2009-09-29 12:23 . 2009-09-29 12:23 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-25 16:42 . 2009-07-01 22:54 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-09-25 16:42 . 2009-07-01 22:54 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-09-25 16:42 . 2005-04-25 02:03 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys
2009-09-19 21:59 . 2009-09-19 21:56 52770576 ----a-w- c:\documents and settings\Matt\Application Data\Sony Setup\64993CD0-67D1-4244-A2BC-FD73F4DA5B62\dotnetfx3.exe
2009-09-11 14:18 . 2004-08-10 12:51 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-30_01.52.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-07 23:24 . 2009-12-07 23:24 16384 c:\windows\Temp\Perflib_Perfdata_5d4.dat
+ 2009-12-07 10:59 . 2009-12-07 10:59 16384 c:\windows\Temp\Perflib_Perfdata_5a0.dat
+ 2009-12-07 23:24 . 2009-12-07 23:24 16384 c:\windows\Temp\Perflib_Perfdata_3ec.dat
- 2009-07-01 22:49 . 2009-11-30 00:45 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-01 22:49 . 2009-12-05 14:59 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-01 22:49 . 2009-12-05 14:59 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-07-01 22:49 . 2009-11-30 00:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-07-01 22:49 . 2009-11-30 00:45 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-07-01 22:49 . 2009-12-05 14:59 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-12-01 19:54 . 2009-12-01 19:54 25214 c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A70000000000}\SC_Reader.exe
+ 2009-12-06 22:36 . 2009-12-06 22:36 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2009-12-06 22:36 . 2009-12-06 22:36 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2009-12-06 22:36 . 2009-12-06 22:36 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-12-06 22:36 . 2009-12-06 22:36 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-12-06 22:36 . 2009-12-06 22:36 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2009-12-06 22:36 . 2009-12-06 22:36 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2009-12-06 22:36 . 2009-12-06 22:36 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\ARPPRODUCTICON.exe
+ 2009-07-04 11:43 . 2009-12-05 14:59 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-07-04 11:43 . 2009-11-30 00:45 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2004-08-10 12:57 . 2009-12-05 21:42 2037320 c:\windows\system32\FNTCACHE.DAT
+ 2009-12-01 19:54 . 2009-12-01 19:54 2727936 c:\windows\Installer\cc826.msi
+ 2009-12-06 22:36 . 2009-12-06 22:36 1258496 c:\windows\Installer\2475a86.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P_.dll" [2009-10-27 2325528]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2009-10-27 11:45 2325528 ----a-w- c:\program files\P2P_Energy\tbP2P_.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P_.dll" [2009-10-27 2325528]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-07-08 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-1-6 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [03/08/2009 16:20 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [30/11/2009 16:15 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30/11/2009 16:15 20560]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14/11/2009 22:20 135664]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [03/08/2009 16:20 160640]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1269415
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:?body=http%3A%2F%2Fimg004.lazygirls.info%2Fpeople%2Fmiley_cyrus%2Fmiley_cyrus_miley_wonder_world_concert_3__lJSPbXY.jpg&subject=
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
FF - ProfilePath - c:\documents and settings\Matt\Application Data\Mozilla\Firefox\Profiles\r7hezc8q.default\
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

Notify-avgrsstarter - avgrsstx.dll
AddRemove-Microsoft Interactive Training - c:\windows\IsUninst.exe -fc:\windows\orun32.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-07 23:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3288)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\stsystra.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-12-07 23:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-07 23:39
ComboFix2.txt 2009-11-30 02:01

Pre-Run: 171,498,233,856 bytes free
Post-Run: 171,455,713,280 bytes free

- - End Of File - - 5D84116C67B5DFB98CD6E3676E0EE2E8

Missed this, uninstall this too:

P2P_Energy Toolbar

Still having problems?

Hey!
Just uninstalled P2P_Energy Toolbar.
Everything seems to be fine now! No links seem to be redirecting or anything. Is there anything else you need me to do?

Thanks alot for all the help mate, I really appreciate it!
Matt.

Nope, that should do.