WiredWX Hobby Weather ToolsLog in

 


Yahoo and Google page redirect

2 posters

descriptionYahoo and Google page redirect EmptyYahoo and Google page redirect

more_horiz
My PC was infected by virus earlier, and since then computer has been slow and windows update is not working.
http://www.GeekPolice.net/virus-spyware-malware-removal-f11/removed-antivirus-action-now-no-internet-t24175.htm#162592
The link above how problem was resolved.

I used to have yahoo search, I do a regular search, search result is displayed, but when I click on that link, I am redirected to a different page. I changed my search engine to Google, and is happening with Google as well.

What should I do?
Thanks.

descriptionYahoo and Google page redirect EmptyRe: Yahoo and Google page redirect

more_horiz
Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionYahoo and Google page redirect EmptyRe: Yahoo and Google page redirect

more_horiz
Hi, the default was for 30 days, I ran the scan without changing any default setting. Let me know if I should run for more days.

OTL.Txt
OTL logfile created on: 11/16/2010 6:37:39 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\user1\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 409.00 Mb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186.31 Gb Total Space | 118.85 Gb Free Space | 63.79% Space Free | Partition Type: NTFS

Computer Name: HOME-PC2 | User Name: user1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/16 18:36:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\user1\Desktop\OTL.exe
PRC - [2010/10/16 19:26:02 | 000,340,520 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
PRC - [2010/07/20 11:12:02 | 001,033,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
PRC - [2010/07/20 11:09:42 | 000,349,064 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe
PRC - [2010/07/20 11:09:42 | 000,016,896 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
PRC - [2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/20 19:34:38 | 000,207,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
PRC - [2009/07/13 17:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/04/23 05:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 05:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe


========== Modules (SafeList) ==========

MOD - [2010/11/16 18:36:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\user1\Desktop\OTL.exe
MOD - [2010/08/20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 17:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 17:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 17:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 17:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 17:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 17:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 17:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 17:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 17:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 17:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/16 19:26:02 | 000,340,520 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2010/07/20 11:09:42 | 000,016,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe -- (FCSAM)
SRV - [2010/04/12 18:07:57 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/13 17:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 17:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 17:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 17:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 17:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 17:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 17:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 17:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 17:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 17:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 17:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 17:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 17:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 17:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 17:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 17:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 17:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 17:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\user1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/10/16 19:26:01 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2009/12/10 23:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/10/14 20:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 18:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 13:46:36 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/09/01 14:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009/07/13 17:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 17:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 17:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 17:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 17:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 17:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 17:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 17:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 17:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 17:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 17:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 17:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 17:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 17:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 17:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 17:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 17:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 17:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 17:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 17:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 17:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 17:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 17:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 17:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 17:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 17:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 17:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 17:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 17:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 17:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 17:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 17:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 17:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 17:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 17:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 17:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 17:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 17:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 17:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 17:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 17:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 16:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 16:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 16:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 15:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 15:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 15:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 15:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 15:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 15:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 15:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/13 15:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 15:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 15:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 15:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 15:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 15:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 15:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 15:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 15:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 15:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 15:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 14:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 14:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 14:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 14:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 14:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 14:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 14:02:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2009/07/13 14:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 14:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 14:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/10 13:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 95 F5 81 87 5F 28 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/10/15 11:36:38 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/10/15 13:44:06 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Microsoft Forefront Client Security Antimalware Service] c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [cdloader] C:\Users\user1\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - Startup: C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/16 18:36:17 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\user1\Desktop\OTL.exe
[2010/10/24 11:44:29 | 000,447,792 | ---- | C] (Microsoft Corporation) -- C:\Users\user1\Desktop\FixitCenter_Run.exe
[2010/10/22 12:00:21 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\Adobe
[2010/10/19 15:27:44 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/10/19 11:36:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/19 11:35:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/10/19 11:35:58 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\temp
[2010/10/19 11:06:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

========== Files - Modified Within 30 Days ==========

[2010/11/16 18:41:39 | 000,619,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/16 18:41:39 | 000,105,440 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/16 18:36:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\user1\Desktop\OTL.exe
[2010/11/16 18:33:59 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/16 18:26:11 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/16 18:25:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/14 13:42:37 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/14 13:42:37 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/14 13:34:24 | 804,573,184 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/24 11:44:30 | 000,447,792 | ---- | M] (Microsoft Corporation) -- C:\Users\user1\Desktop\FixitCenter_Run.exe
[2010/10/19 14:16:12 | 142,438,527 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2010/07/03 16:41:24 | 000,000,000 | ---- | C] () -- C:\Windows\PanaFLB800_FLM650.ini
[2010/01/16 23:49:31 | 000,000,000 | ---- | C] () -- C:\Windows\PhantomOfVenice.INI
[2009/08/28 14:33:45 | 000,007,605 | ---- | C] () -- C:\Users\user1\AppData\Local\Resmon.ResmonCfg
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

< End of report >

descriptionYahoo and Google page redirect EmptyRe: Yahoo and Google page redirect

more_horiz
Extra.Txt
OTL Extras logfile created on: 11/16/2010 6:37:39 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\user1\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 409.00 Mb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186.31 Gb Total Space | 118.85 Gb Free Space | 63.79% Space Free | Partition Type: NTFS

Computer Name: HOME-PC2 | User Name: user1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1505D9B1-6037-4310-815A-4D8A212C5075}" = Nancy Drew: The Phantom of Venice
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{A22989EE-AE7A-42F8-A0C0-9C99CFB644FB}" = Microsoft Forefront Client Security Antimalware Service
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"king.com" = king.com (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Zynga Toolbar" = Zynga Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"magicJack" = magicJack
"Move Media Player" = Move Media Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/28/2010 4:59:14 PM | Computer Name = home-pc2 | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
stamp: 0x4ba9b21e Exception code: 0xc0000005 Fault offset: 0x0006af67 Faulting process
id: 0x3f0 Faulting application start time: 0x01cb76df0ace06d0 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 37f37277-e2d6-11df-b42a-000cf18234c3

Error - 10/28/2010 5:43:36 PM | Computer Name = home-pc2 | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
stamp: 0x4ba9b21e Exception code: 0xc0000005 Fault offset: 0x0006af67 Faulting process
id: 0xdf8 Faulting application start time: 0x01cb76e2fdbb6f0b Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 6aefd5cd-e2dc-11df-b42a-000cf18234c3

Error - 10/30/2010 10:30:02 PM | Computer Name = home-pc2 | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
stamp: 0x4ba9b21e Exception code: 0xc0000005 Fault offset: 0x0006af67 Faulting process
id: 0x404 Faulting application start time: 0x01cb78a100485800 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: c315244a-e496-11df-a97a-000cf18234c3

Error - 10/31/2010 2:07:58 PM | Computer Name = home-pc2 | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
stamp: 0x4ba9b21e Exception code: 0xc0000005 Fault offset: 0x0006af67 Faulting process
id: 0x344 Faulting application start time: 0x01cb7924d3f0595e Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: ca2ccde2-e519-11df-9eb7-000cf18234c3

Error - 10/31/2010 3:37:01 PM | Computer Name = home-pc2 | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
stamp: 0x4ba9b21e Exception code: 0xc0000005 Fault offset: 0x0006af67 Faulting process
id: 0x3f8 Faulting application start time: 0x01cb79313027647c Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 3af20b31-e526-11df-8ff3-000cf18234c3

Error - 10/31/2010 3:51:36 PM | Computer Name = home-pc2 | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16671 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: eb4 Start
Time: 01cb7934d9f32137 Termination Time: 31 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: 4174d7b4-e528-11df-8ff3-000cf18234c3

Error - 10/31/2010 4:17:45 PM | Computer Name = home-pc2 | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: Flash10c.ocx, version: 10.0.32.18, time
stamp: 0x4a613d79 Exception code: 0xc0000005 Fault offset: 0x0023fa1a Faulting process
id: 0xecc Faulting application start time: 0x01cb7933084ec1f1 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\Macromed\Flash\Flash10c.ocx
Report
Id: eb98a54b-e52b-11df-8ff3-000cf18234c3

Error - 11/13/2010 3:28:25 PM | Computer Name = home-pc2 | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
stamp: 0x4ba9b21e Exception code: 0xc0000005 Fault offset: 0x0006af67 Faulting process
id: 0x3dc Faulting application start time: 0x01cb8366d59a4070 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 2e986428-ef5c-11df-8895-000cf18234c3

Error - 11/13/2010 4:46:02 PM | Computer Name = home-pc2 | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
stamp: 0x4ba9b21e Exception code: 0xc0000005 Fault offset: 0x0006af67 Faulting process
id: 0x1138 Faulting application start time: 0x01cb8368f9d3468c Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 0699c77b-ef67-11df-8895-000cf18234c3

Error - 11/16/2010 10:32:19 PM | Computer Name = home-pc2 | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
stamp: 0x4ba9b21e Exception code: 0xc0000005 Fault offset: 0x0006af67 Faulting process
id: 0x3f8 Faulting application start time: 0x01cb8443c124cea2 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: e5fd65f7-f1f2-11df-a099-000cf18234c3

[ Media Center Events ]
Error - 1/12/2010 2:14:34 AM | Computer Name = home-pc2 | Source = MCUpdate | ID = 0
Description = 10:14:34 PM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

[ System Events ]
Error - 11/16/2010 10:32:45 PM | Computer Name = home-pc2 | Source = Service Control Manager | ID = 7031
Description = The Secondary Logon service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.

Error - 11/16/2010 10:32:45 PM | Computer Name = home-pc2 | Source = Service Control Manager | ID = 7031
Description = The System Event Notification Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 11/16/2010 10:32:45 PM | Computer Name = home-pc2 | Source = Service Control Manager | ID = 7031
Description = The Shell Hardware Detection service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 11/16/2010 10:32:45 PM | Computer Name = home-pc2 | Source = Service Control Manager | ID = 7031
Description = The Themes service terminated unexpectedly. It has done this 1 time(s).
The following corrective action will be taken in 60000 milliseconds: Restart the
service.

Error - 11/16/2010 10:32:45 PM | Computer Name = home-pc2 | Source = Service Control Manager | ID = 7031
Description = The Windows Management Instrumentation service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 11/16/2010 10:32:45 PM | Computer Name = home-pc2 | Source = Service Control Manager | ID = 7031
Description = The Windows Update service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 11/16/2010 10:33:45 PM | Computer Name = home-pc2 | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Server service, but this action
failed with the following error: %%1056

Error - 11/16/2010 10:34:45 PM | Computer Name = home-pc2 | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Computer Browser service,
but this action failed with the following error: %%1056

Error - 11/16/2010 10:34:45 PM | Computer Name = home-pc2 | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Multimedia Class Scheduler
service, but this action failed with the following error: %%1056

Error - 11/16/2010 10:34:45 PM | Computer Name = home-pc2 | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056


< End of report >


Thank you.

descriptionYahoo and Google page redirect EmptyRe: Yahoo and Google page redirect

more_horiz
Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

descriptionYahoo and Google page redirect EmptyRe: Yahoo and Google page redirect

more_horiz
I had already done that scan, and it doesn't give any error messages. I had posted it in my original discussion thread and also posted link here in my first message.
Should I do it again?

descriptionYahoo and Google page redirect EmptyRe: Yahoo and Google page redirect

more_horiz
Hello.

  • Download combofix from here
    Link 1
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:

Yahoo and Google page redirect CF_download_FF

Yahoo and Google page redirect 2aflf5z

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See HERE for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.

descriptionYahoo and Google page redirect EmptyRe: Yahoo and Google page redirect

more_horiz
As I was running combofix a message popped up that it detected rootkill and asked me to reboot the machine. I said yes to reboot then the log was generated. Below is log attached.
But now as I activated Kaspersky 2010 I am getting the orange bar that computer is at risk. I clicked Fix it, it starts doing Kaspersky update process, saying database is out of date, but cannot do update. Little box appears saying task failed, object not found.

Combofix log:
ComboFix 10-11-18.03 - user1 11/18/2010 20:30:20.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1023.435 [GMT -8:00]
Running from: c:\users\user1\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-10-19 to 2010-11-19 )))))))))))))))))))))))))))))))
.

2010-11-19 04:45 . 2010-11-19 04:46 -------- d-----w- c:\users\user1\AppData\Local\temp
2010-11-19 04:45 . 2010-11-19 04:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-19 03:42 . 2010-11-19 03:44 -------- d-----w- C:\32788R22FWJFW
2010-10-22 20:00 . 2010-10-22 20:03 -------- d-----w- c:\users\user1\AppData\Local\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-09 22:52 . 2010-10-15 17:44 6084944 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{07D34FB6-D100-45D9-83E6-BB82EC3899D6}\mpengine.dll
2010-09-09 22:52 . 2009-08-29 03:39 6084944 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\Backup\mpengine.dll
2010-09-08 04:30 . 2010-10-15 02:20 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28 . 2010-10-15 02:20 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22 . 2010-10-15 02:20 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48 . 2010-10-15 02:20 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 04:23 . 2010-10-15 02:19 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34 . 2010-10-15 02:19 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32 . 2010-10-15 02:19 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32 . 2010-10-15 02:19 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-27 05:46 . 2010-10-15 02:19 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 03:31 . 2010-10-15 02:19 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-27 03:30 . 2010-10-15 02:19 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-27 03:30 . 2010-10-15 02:19 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-26 04:39 . 2010-10-15 02:19 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-08-21 05:36 . 2010-10-15 02:19 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-21 05:36 . 2010-10-15 02:19 224256 ----a-w- c:\windows\system32\schannel.dll
2010-08-21 05:33 . 2010-10-15 02:19 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-08-21 05:32 . 2010-09-18 01:21 316928 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2010-02-22 19:05 2353176 ----a-w- c:\program files\Zynga\tbZyng.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\users\user1\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-09-09 50592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Microsoft Forefront Client Security Antimalware Service"="c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" [2010-07-20 1033600]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-10-17 340520]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FCSAM]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 136176]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-13 1343400]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-15 36880]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [2010-07-20 16896]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-03 19472]

.
Contents of the 'Scheduled Tasks' folder

2010-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 22:14]

2010-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 22:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride =
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-11-18 20:50:34
ComboFix-quarantined-files.txt 2010-11-19 04:50
ComboFix2.txt 2010-10-19 19:35

Pre-Run: 130,501,152,768 bytes free
Post-Run: 130,352,508,928 bytes free

- - End Of File - - 4757ED14D251F3D253652CF8A9BCEE8E

descriptionYahoo and Google page redirect EmptyRe: Yahoo and Google page redirect

more_horiz
Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

descriptionYahoo and Google page redirect EmptyRe: Yahoo and Google page redirect

more_horiz
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

This is all that was on the log as pasted above.

descriptionYahoo and Google page redirect EmptyRe: Yahoo and Google page redirect

more_horiz
Hello.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    Adobe Reader 9.3.3
    Java(TM) 6 Update 17

  • Click on the Uninstall/Change button at the top.

Updating Java:

  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 22.
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u22-windows-i586.exe that you downloaded to install the newest version.

Then download and install Adobe Reader 9.4

How is the machine running now?

descriptionYahoo and Google page redirect EmptyRe: Yahoo and Google page redirect

more_horiz
Hello.
I did all of the above, PC is a bit faster than before, but still have the page redirect problem. Whatever search link I click on directs me to a different page.

descriptionYahoo and Google page redirect EmptyRe: Yahoo and Google page redirect

more_horiz
Hello.

Download MBRCheck to your desktop.

  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.

descriptionYahoo and Google page redirect EmptyRe: Yahoo and Google page redirect

more_horiz
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 183):
0x8281B000 \SystemRoot\system32\ntoskrnl.exe
0x82C1B000 \SystemRoot\system32\halmacpi.dll
0x856E5000 \SystemRoot\system32\kdcom.dll
0x83011000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x83089000 \SystemRoot\system32\PSHED.dll
0x8309A000 \SystemRoot\system32\BOOTVID.dll
0x830A2000 \SystemRoot\system32\CLFS.SYS
0x830E4000 \SystemRoot\system32\CI.dll
0x8318F000 \SystemRoot\system32\drivers\klbg.sys
0x8319C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8320D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8321B000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x83263000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8326C000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x83274000 \SystemRoot\system32\DRIVERS\pci.sys
0x8329E000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x832A9000 \SystemRoot\System32\drivers\partmgr.sys
0x832BA000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x832CA000 \SystemRoot\System32\drivers\volmgrx.sys
0x83315000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8331C000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8332A000 \SystemRoot\System32\drivers\mountmgr.sys
0x83340000 \SystemRoot\system32\DRIVERS\atapi.sys
0x83349000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8336C000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x83375000 \SystemRoot\system32\drivers\fltmgr.sys
0x833A9000 \SystemRoot\system32\drivers\fileinfo.sys
0x87825000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87954000 \SystemRoot\System32\Drivers\msrpc.sys
0x8797F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87992000 \SystemRoot\System32\Drivers\cng.sys
0x879EF000 \SystemRoot\System32\drivers\pcw.sys
0x879FD000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x87A06000 \SystemRoot\system32\drivers\ndis.sys
0x87ABD000 \SystemRoot\system32\drivers\NETIO.SYS
0x87AFB000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x87C06000 \SystemRoot\System32\drivers\tcpip.sys
0x87D4F000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87D80000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x87D89000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x87DC8000 \SystemRoot\System32\Drivers\spldr.sys
0x87DD0000 \SystemRoot\System32\drivers\rdyboost.sys
0x87DFD000 \SystemRoot\System32\Drivers\mup.sys
0x87E0D000 \SystemRoot\System32\drivers\hwpolicy.sys
0x87E15000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x87E47000 \SystemRoot\system32\DRIVERS\disk.sys
0x87E58000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x87E7D000 \SystemRoot\system32\DRIVERS\agp440.sys
0x87EBF000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x87EDE000 \SystemRoot\system32\DRIVERS\klif.sys
0x87F2F000 \SystemRoot\System32\Drivers\Null.SYS
0x87F36000 \SystemRoot\System32\Drivers\Beep.SYS
0x87F3D000 \SystemRoot\System32\drivers\vga.sys
0x87F49000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x87F6A000 \SystemRoot\System32\drivers\watchdog.sys
0x87F77000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x87F7F000 \SystemRoot\system32\drivers\rdpencdd.sys
0x87F87000 \SystemRoot\system32\drivers\rdprefmp.sys
0x87F8F000 \SystemRoot\System32\Drivers\Msfs.SYS
0x87F9A000 \SystemRoot\System32\Drivers\Npfs.SYS
0x87FA8000 \SystemRoot\system32\DRIVERS\tdx.sys
0x87FBF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E81E000 \SystemRoot\system32\DRIVERS\kl1.sys
0x8ED3E000 \SystemRoot\system32\drivers\afd.sys
0x8ED98000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8EDCA000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8EDD1000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8EDF0000 \SystemRoot\system32\DRIVERS\klim6.sys
0x8EDF7000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8EE05000 \SystemRoot\system32\DRIVERS\serial.sys
0x8EE1F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8EE32000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8EE42000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8EE83000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8EE8D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8EE97000 \SystemRoot\System32\drivers\discache.sys
0x8EEA3000 \SystemRoot\system32\drivers\csc.sys
0x8EF07000 \SystemRoot\System32\Drivers\dfsc.sys
0x8EF1F000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8EF2D000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8EF4E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x9042A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x90D90000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x90E47000 \SystemRoot\System32\drivers\dxgmms1.sys
0x90E80000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x90E8B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x90ED6000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x90EE5000 \SystemRoot\system32\DRIVERS\E1G60I32.sys
0x90F02000 \SystemRoot\system32\DRIVERS\fdc.sys
0x90F0D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x90F25000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x90F32000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0x90F3B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90F48000 \SystemRoot\system32\DRIVERS\serenum.sys
0x90F52000 \SystemRoot\system32\DRIVERS\parport.sys
0x90F6A000 \SystemRoot\system32\drivers\smwdm.sys
0x90FAA000 \SystemRoot\system32\drivers\portcls.sys
0x90FD9000 \SystemRoot\system32\drivers\drmk.sys
0x8EF60000 \SystemRoot\system32\drivers\ks.sys
0x90FF2000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x90400000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x90412000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EF94000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8EF9F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8EFC1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8EFD9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8E800000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8EFF0000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x8EFFA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x87FCA000 \SystemRoot\system32\DRIVERS\umbus.sys
0x87B20000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x87FD8000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x87FE2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x87FF3000 \SystemRoot\System32\Drivers\crashdmp.sys
0x87E8D000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x87E98000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x87EA1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x91C70000 \SystemRoot\System32\win32k.sys
0x87EB2000 \SystemRoot\System32\drivers\Dxapi.sys
0x87B64000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x8EFFC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x87B6F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x91ED0000 \SystemRoot\System32\TSDDD.dll
0x91F00000 \SystemRoot\System32\cdd.dll
0x87B7A000 \SystemRoot\system32\drivers\luafv.sys
0x87B95000 \SystemRoot\system32\drivers\WudfPf.sys
0x87BAF000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x87BBF000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x87BCF000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x97C13000 \SystemRoot\system32\drivers\HTTP.sys
0x97C98000 \SystemRoot\system32\DRIVERS\bowser.sys
0x97CB1000 \SystemRoot\System32\drivers\mpsdrv.sys
0x97CC3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x97CE6000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x97D21000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x97D3C000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x97D43000 \SystemRoot\system32\drivers\peauth.sys
0x97DDA000 \SystemRoot\System32\Drivers\secdrv.SYS
0x97DE4000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x97E05000 \SystemRoot\System32\drivers\tcpipreg.sys
0x97E12000 \SystemRoot\System32\DRIVERS\srv2.sys
0x97E61000 \SystemRoot\System32\DRIVERS\srv.sys
0x97EB2000 \SystemRoot\system32\drivers\spsys.sys
0x97F1C000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x771A0000 \Windows\System32\ntdll.dll
0x47950000 \Windows\System32\smss.exe
0x773E0000 \Windows\System32\apisetschema.dll
0x00700000 \Windows\System32\autochk.exe
0x773B0000 \Windows\System32\sechost.dll
0x77310000 \Windows\System32\usp10.dll
0x77300000 \Windows\System32\nsi.dll
0x770D0000 \Windows\System32\msctf.dll
0x76F70000 \Windows\System32\ole32.dll
0x76E30000 \Windows\System32\urlmon.dll
0x76DF0000 \Windows\System32\ws2_32.dll
0x76D70000 \Windows\System32\comdlg32.dll
0x772F0000 \Windows\System32\lpk.dll
0x76B70000 \Windows\System32\iertutil.dll
0x769D0000 \Windows\System32\setupapi.dll
0x769A0000 \Windows\System32\imagehlp.dll
0x76940000 \Windows\System32\difxapi.dll
0x768B0000 \Windows\System32\oleaut32.dll
0x76890000 \Windows\System32\imm32.dll
0x75C40000 \Windows\System32\shell32.dll
0x75B90000 \Windows\System32\rpcrt4.dll
0x772E0000 \Windows\System32\normaliz.dll
0x75B80000 \Windows\System32\psapi.dll
0x75AD0000 \Windows\System32\msvcrt.dll
0x759F0000 \Windows\System32\kernel32.dll
0x75920000 \Windows\System32\user32.dll
0x758C0000 \Windows\System32\shlwapi.dll
0x75830000 \Windows\System32\clbcatq.dll
0x75790000 \Windows\System32\advapi32.dll
0x75690000 \Windows\System32\wininet.dll
0x75640000 \Windows\System32\gdi32.dll
0x755F0000 \Windows\System32\Wldap32.dll
0x755D0000 \Windows\System32\devobj.dll
0x755A0000 \Windows\System32\cfgmgr32.dll
0x75510000 \Windows\System32\comctl32.dll
0x753F0000 \Windows\System32\crypt32.dll
0x753A0000 \Windows\System32\KernelBase.dll
0x75370000 \Windows\System32\wintrust.dll
0x75360000 \Windows\System32\msasn1.dll

Processes (total 53):
0 System Idle Process
4 System
312 C:\Windows\System32\smss.exe
408 csrss.exe
452 C:\Windows\System32\wininit.exe
460 csrss.exe
492 C:\Windows\System32\winlogon.exe
552 C:\Windows\System32\services.exe
564 C:\Windows\System32\lsass.exe
572 C:\Windows\System32\lsm.exe
672 C:\Windows\System32\svchost.exe
744 C:\Windows\System32\svchost.exe
796 C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
888 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
1076 C:\Windows\System32\audiodg.exe
1188 C:\Windows\System32\svchost.exe
1304 C:\Windows\System32\svchost.exe
1456 C:\Windows\System32\spoolsv.exe
1508 C:\Windows\System32\svchost.exe
1620 C:\Windows\System32\taskhost.exe
1680 C:\Windows\System32\dwm.exe
1704 C:\Windows\explorer.exe
1808 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
1928 C:\Windows\System32\svchost.exe
2000 C:\Windows\System32\taskeng.exe
2012 C:\Windows\System32\svchost.exe
3092 C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
3120 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
3196 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3516 C:\Windows\System32\SearchIndexer.exe
3532 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3636 C:\Program Files\OpenOffice.org 3\program\soffice.exe
3828 C:\Program Files\Windows Media Player\wmpnetwk.exe
3852 C:\Program Files\OpenOffice.org 3\program\soffice.bin
700 WmiPrvSE.exe
2348 C:\Windows\System32\SearchProtocolHost.exe
924 C:\Windows\System32\svchost.exe
3488 C:\Program Files\Internet Explorer\iexplore.exe
3416 C:\Program Files\Internet Explorer\iexplore.exe
3876 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
3764 C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe
3108 C:\Windows\System32\sppsvc.exe
2772 C:\Program Files\Internet Explorer\iexplore.exe
2460 C:\Program Files\Internet Explorer\iexplore.exe
2224 WmiPrvSE.exe
3296 C:\Windows\servicing\TrustedInstaller.exe
3440 C:\Users\user1\Desktop\MBRCheck.exe
3020 C:\Windows\System32\conhost.exe
664 C:\Windows\System32\dllhost.exe
2564 C:\Windows\System32\SearchProtocolHost.exe
3544 C:\Windows\System32\SearchFilterHost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3200822AS, Rev: 3.01

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

descriptionYahoo and Google page redirect EmptyRe: Yahoo and Google page redirect

more_horiz
Still having the re-direct problem? everything looks fine, the MBR infection was repaired.

descriptionYahoo and Google page redirect EmptyRe: Yahoo and Google page redirect

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum