Can't open task manager

[scarvic]

Hi, having a bit of a problem with my comp, here are the details:

I can't seem to be able to open task manager and some sites that I try to go on it will take me to another site and ask to scan my comp for viruses or w/e and I always exit out.

How it happened:

I was surfing the web and watching videos and it told me that flash player needed update and I was pretty sure I had the latest update but I downloaded it anyway and it was obviously a virus.. It started installing "Fast Antivirus 2009". I tried other sites because this one wouldnt work and it would take me to another site, and now it works for some reason. On other sites (bleepingcomputer i think) i downloaded a program called Malwarebytes' Anti-Malware" and did a quick scan to remove 40 or so malware and it removed the fast antivirus but I still cant open taskmgr and everything is slow and the site problem. heres all the information from what you asked to be posted. I appreciate your guy's help btw doing a great job.

----------------------------------------------


DDS (Ver_09-05-14.01) - NTFSx86
Run by Compaq_Owner at 14:03:45.15 on Sun 06/14/2009
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1535.1042 [GMT -7:00]

AV: Fast Antivirus 2009 *On-access scanning enabled* (Updated) {A73A301A-B452-4D6D-932D-CB10E2743B69}
FW: Fast Antivirus 2009 *enabled* {D3F0268A-E544-443D-BC63-0EC53CC50A2F}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 1 (0x1)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://dev.srtest.com/srl_bin/sysreqlab3.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: igfxcui - igfxsrvc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\m26g2mnn.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\documents and settings\compaq_owner\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\gametap\bin\release\npgametaptool.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll

============= SERVICES / DRIVERS ===============

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 XDva177;XDva177;\??\c:\windows\system32\xdva177.sys --> c:\windows\system32\XDva177.sys [?]
S3 XDva189;XDva189;\??\c:\windows\system32\xdva189.sys --> c:\windows\system32\XDva189.sys [?]
S3 XDva224;XDva224;\??\c:\windows\system32\xdva224.sys --> c:\windows\system32\XDva224.sys [?]

=============== Created Last 30 ================

2009-06-14 13:28 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Malwarebytes
2009-06-14 13:28 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-14 13:28 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-14 13:28 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-14 13:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-14 05:09 <DIR> --dsh--- c:\docume~1\compaq~1\applic~1\Fast Antivirus 2009
2009-06-14 05:09 <DIR> --dsh--- c:\docume~1\alluse~1\applic~1\SysFld
2009-06-14 05:09 <DIR> --dsh--- c:\docume~1\alluse~1\applic~1\e227ec3
2009-06-04 17:07 77,719 a------- c:\windows\War3Unin.dat
2009-06-04 17:07 2,829 a------- c:\windows\War3Unin.pif
2009-06-04 17:07 139,264 a------- c:\windows\War3Unin.exe
2009-05-24 00:39 86,683 a------- c:\windows\system32\pthreadGC2.dll
2009-05-22 19:51 189,472 a------- c:\windows\system32\PnkBstrB.xtr

==================== Find3M ====================

2009-06-05 17:58 136,888 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-05 17:58 111,928 a------- c:\windows\system32\PnkBstrB.exe
2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-05-29 13:36 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-22 19:06 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-05-04 15:35 22,328 a------- c:\docume~1\compaq~1\applic~1\PnkBstrK.sys
2009-05-04 15:34 2,250,024 a------- c:\windows\system32\pbsvc.exe
2009-03-12 19:52 34 a------- c:\documents and settings\compaq_owner\jagex_runescape_preferences.dat
2005-07-29 17:24 472 a--shr-- c:\windows\ia\KE.vbs

============= FINISH: 14:04:10.87 ===============

[scarvic]

A few updates:

-Whenever I do a search on google, first couple results always go to another site like sucleaner.com or some search site
-My comp is very laggy and internet also

I'll list more if I get my hands on any

*didnt mean to bump, couldnt find a edit button*

[Ried]

Hello scarvic,

It will require more than one round to properly clean your system. Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.


***************************************************

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT- Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
• Double click on combofix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

Are you still getting redirected in Google? If so, does it happen with IE or Firefox?

[scarvic]

okay when i try to open combofix, it tells me that "fast antivirus 2009" is running and thats the problem, that is the virus that I got and its counting it as a antivirus program or w/e and also when it gave me that message, my comp made 2 beeping noises

also i cant close the fast antivirus thing from tray nor can i access my task mgr


do you want me to continue with combofix or something else?

[Ried]

Please go click OK and run Combofix anyway.

[scarvic]

Ok combofix did its thing and now I can open task manager, but the google search thing is still messed up. for example i searched 'tech support forum' and it took a while to load, and clicked on the first link which is this site and it took me to this or some other sited

http://www.icityfind.com............ etc

also in my c:/ folder i noticed there are a lot of files that start with install.res
example install.res.1041.dll
i dont know if its from combofix or a virus or something else just letting you know

*browser im using is google chrome*

all sites load fast except when i do a google search it takes a long time

I attached the log file and again thanks for all your help :)

[Ried]

Hi scarvic,


Open notepad and copy/paste the text in the code box below into it:

Quote:

RegLockDel::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{116d4192-3329-4e81-8cdb-78e92a4b6a67}]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

SecCenter::
AV: Fast Antivirus 2009 *On-access scanning enabled* (Updated) {A73A301A-B452-4D6D-932D-CB10E2743B69}
FW: Fast Antivirus 2009 *enabled* {D3F0268A-E544-443D-BC63-0EC53CC50A2F}

Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

***************************************************





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt


--------------------------------------------------------------------

It's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.

• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
  
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

---------------------------------------------------------------

Please include the following in your next reply:

C:\ComboFix.txt
Kaspersky results
Update on system behavior

Are you still getting redirects in Google Chrome? Does this happen with IE as well?

[scarvic]

Good news, no more redirects and I can open task mgr and everything is running pretty fast now

Only problem is that whenever I do a google search, it takes sort of a long time (8-9 seconds). I don't know if thats how long it usually takes but it seems like its taking too long since my other pages load instantly.

Again, thanks for all your help and attached are the scan report and CF log



EDIT: wow guess not, it sometimes redirects search and sometimes it doesnt... i thought it was the certain site i was going on that was redirecting but it wasnt..it took me to a site like

http://freeforfan.net/search.php?s=1...H7To9TT8~&pe=0

and

http://fansearching.net/search.php?s...UMzcHAA~~&pe=0

this happened with all my browsers: chrome, firefox and IE

[Ried]

That should go away after this round.

Download the attached CFScript.txt and save it to your desktop.






Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

Post that in your next reply along with an update on system behavior.

[scarvic]

okay i think problem solved, google search only takes about 2-3 seconds now instead of 9 and 2-3 seconds is what it usually takes, also the searches no longer redirect. i did a couple searches and none of them redirected. this site takes a long time to load stuff and do actions but im guessing thats because the server is very busy.

again thx for help :D

[Ried]

Much better.

If you are in need of an AV, please install it immediately:

Download Avira AntiVir Personal Download, install, update definitions, and run a full system scan.

Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:

The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.


Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u

--------------------------------------------------------------------

Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.



To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

• Green to go
• Yellow for caution
• Red to stop

WOT has an addon available for both Firefox and IE.

SpywareBlaster 4.0 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

• It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.


Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer


In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?
Think Prevention


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

**Kindly respond one more time and let me know if we may consider this thread resolved.

[scarvic]

problem resolved. thank you so much for putting the time in to help me

[Ried]

You're welcome, take care.

[scarvic]

my problem with the sites redirecting came back
i havent gone on any harmful websites or anything but it does it again now...for about a day it didnt do it...i dont know, maybe sometimes it redirects and sometimes it doesnt but it is definitely doing it now

also it sometimes says "Oops! This link appears to be broken." when i try to go on a site (typing in adress bar) and the 2nd time i try to go on it, it works

[Ried]

Hi scarvic,

As mentioned in our PM exchange, I'll need to see new reports from dds.scr and gmer.exe.

Please run scans with each of them and post them in your next reply.

[scarvic]

gmer file

[scarvic]

DDS files

* i think i found something that might help you...

i did a google and yahoo search for "tech support forum"

these are the 1st and 2nd choices out of the list for the search:

1st choice
Google
-------
http://www.google.com/go/1/55372/K0lNzlAoLi0oyC8qUUjLLyrN5TTgtMjMLy3Ny0s3yjK1TC5NMspLt0gqKDUrLTMCAA~~
(site supposed to be "www.techsupportforum.com/", redirects)

Yahoo
------

hxxp://search.yahoo.com/go/2/34736/K0lNzlAoLi0oyC8qUUjLLyrN5TTgLC1JT7LMKjMrSU3LTCxMzjctLDUvNjAoLDEBAA~~
(site supposed to be "www.apple.com/support", redirects)

---------------------

2nd choice

Google
-------
hxxp://www.techsupportforum.com/security-center/virus-trojan-spyware-help/[/url]
(correct link, no redirect)

Yahoo
-------
hxxp://rds.yahoo.com/_ylt=A0geu49CljxK1acAjX5XNyoA;_ylu=X3oDMTEzNzA5bGU0BHNlYwNzcgRwb3MDMgRjb2xvA2FjMgR2dGlkA0Y4MjJfMTAz/SIG=1214c4d9f/EXP=1245571010/**http%3a//www.geek.com/forums/forum/tech-support
(adress is weird but doesn't redirect and takes to http://www.geek.com/forums/forum/tech-support)


DDS (Ver_09-05-14.01) - NTFSx86
Run by Compaq_Owner at 21:39:20.17 on Fri 06/19/2009
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1535.535 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Activision\Prototype\prototypef.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mPolicies-system: ConsentPromptBehaviorAdmin = 1 (0x1)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://dev.srtest.com/srl_bin/sysreqlab3.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: igfxcui - igfxsrvc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\m26g2mnn.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\documents and settings\compaq_owner\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\gametap\bin\release\npgametaptool.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-6-18 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-18 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-18 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-18 55640]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 XDva177;XDva177;\??\c:\windows\system32\xdva177.sys --> c:\windows\system32\XDva177.sys [?]
S3 XDva189;XDva189;\??\c:\windows\system32\xdva189.sys --> c:\windows\system32\XDva189.sys [?]
S3 XDva224;XDva224;\??\c:\windows\system32\xdva224.sys --> c:\windows\system32\XDva224.sys [?]

=============== Created Last 30 ================

2009-06-18 22:19 4,379,984 a------- c:\windows\system32\D3DX9_40.dll
2009-06-18 22:19 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll
2009-06-18 22:19 452,440 a------- c:\windows\system32\d3dx10_40.dll
2009-06-18 22:19 514,384 a------- c:\windows\system32\XAudio2_3.dll
2009-06-18 22:19 70,992 a------- c:\windows\system32\XAPOFX1_2.dll
2009-06-18 22:19 235,856 a------- c:\windows\system32\xactengine3_3.dll
2009-06-18 22:19 23,376 a------- c:\windows\system32\X3DAudio1_5.dll
2009-06-18 22:03 <DIR> --d----- C:\Root
2009-06-18 01:38 <DIR> --d----- c:\program files\World of Warcraft
2009-06-18 01:11 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-06-18 00:40 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-06-16 21:50 <DIR> --d----- c:\program files\Avira
2009-06-16 21:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-06-16 21:46 <DIR> --d----- c:\program files\SpywareBlaster
2009-06-16 21:40 <DIR> --ds---- C:\ComboFix
2009-06-14 22:22 <DIR> --d----- c:\docume~1\compaq~1\applic~1\dota-allstars.71E01812711E1682B196CE418CDA466F24682743.1
2009-06-14 22:22 <DIR> --d----- c:\docume~1\compaq~1\applic~1\dota_allstars
2009-06-14 22:21 <DIR> --d----- C:\Games
2009-06-14 13:28 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Malwarebytes
2009-06-14 13:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-14 05:09 <DIR> --dsh--- c:\docume~1\alluse~1\applic~1\SysFld
2009-06-14 05:09 <DIR> --dsh--- c:\docume~1\alluse~1\applic~1\e227ec3
2009-06-04 17:07 77,911 a------- c:\windows\War3Unin.dat
2009-06-04 17:07 2,829 a------- c:\windows\War3Unin.pif
2009-06-04 17:07 139,264 a------- c:\windows\War3Unin.exe
2009-05-24 00:39 86,683 a------- c:\windows\system32\pthreadGC2.dll
2009-05-22 19:51 189,472 a------- c:\windows\system32\PnkBstrB.xtr

==================== Find3M ====================

2009-06-05 17:58 136,888 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-05 17:58 111,928 a------- c:\windows\system32\PnkBstrB.exe
2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-05-29 13:36 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-22 19:06 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-05-04 15:35 22,328 a------- c:\docume~1\compaq~1\applic~1\PnkBstrK.sys
2009-05-04 15:34 2,250,024 a------- c:\windows\system32\pbsvc.exe
2009-03-12 19:52 34 a------- c:\documents and settings\compaq_owner\jagex_runescape_preferences.dat

============= FINISH: 21:41:01.20 ===============

[Ried]

Thanks, scarvic.

Download GooredFix and save it to your desktop.

Double-click Goored.exe to run it.

• Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
• A log will open, please post the contents of that log in your next reply
• Note: Do not run Option #2 yet.

[scarvic]

here it is

[Ried]

Do the redirects only happen in Google Chrome browser, or in all browsers?