[Active] Google randomly redirects to different pages

ARKIM · 4th July 2009

Whenever I search through Google and click on a link, I am sometimes redirected to a spam site or an irrelevant page. This doesn't happen on ALL the links I click, but it does happen quite often.
I heard it was a type of bug, but I'm not entirely sure what...
I recently installed Windows Service Pack 3, and I thought it would help in such a problem...

**broni** · 4th July 2009

What browser?

Read this post, then post the requested log(s).

ARKIM · 5th July 2009

I use Mozilla Firefox as my main browser:
This is my DDS log:

DDS (Ver_09-06-26.01) - NTFSx86
Run by owner at 22:24:16.84 on 07/04/2009 Sat
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.949.82.1033.18.503.87 [GMT -4:00]

AV: 알약 *On-access scanning enabled* (Updated) {B9431E5A-E196-4B6F-843A-10E01DB25461}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ESTsoft\ALYac\AYServiceNt.aye
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\ESTsoft\ALYac\AYAgent.aye
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\rundll32.exe
D:\system\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ALYac] "c:\program files\estsoft\alyac\AYUpdate.exe" /run
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1246455144562
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\ibcxvier.default\
FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program files\mozilla firefox\extensions\{BA5EF5A7-08DE-4B8B-A31D-7C86EC970391}

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-4-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-4-28 72944]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-4-28 7408]
S2 cvdcfykd;Direct Parallel Link Monitor;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
S2 zyyhnsikaeooe;zyyhnsikaeooe;\??\c:\windows\system32\drivers\rsjotlkrcgsg.sy s --> c:\windows\system32\drivers\rsjotlkrcgsg.sys [?]
S3 AYDrvSP_ALYAC;AYDrvSP_ALYAC;c:\program files\estsoft\alyac\AYDrvSP.sys [2009-4-30 24312]

=============== Created Last 30 ================

2009-07-04 13:07 <DIR> --d----- c:\windows\LastGood.Tmp
2009-07-04 13:06 19,569 a------- c:\windows\000001_.tmp
2009-07-04 12:38 <DIR> --d----- c:\windows\ServicePackFiles
2009-07-04 12:35 19,569 a------- c:\windows\002866_.tmp
2009-07-04 12:05 25,088 a------- c:\windows\system32\userinit(2).exe
2009-07-04 11:16 <DIR> --d----- C:\ee5899ae7454f1f22d8980e3553e67
2009-07-04 10:32 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-07-04 10:32 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-04 10:32 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-07-04 10:32 268,288 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-07-04 10:32 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-07-04 10:32 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-07-04 10:32 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-07-04 10:32 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-07-04 10:32 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-07-04 10:29 <DIR> --d----- c:\windows\network diagnostic
2009-07-03 01:06 <DIR> --d----- c:\program files\Enigma Software Group
2009-07-02 18:47 <DIR> --d----- c:\program files\Spyware Doctor
2009-07-02 18:46 <DIR> --d----- c:\docume~1\owner\applic~1\GetRightToGo
2009-07-02 09:33 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-07-02 09:33 268,648 a------- c:\windows\system32\mucltui.dll
2009-07-01 09:37 118 a------- c:\windows\system32\MRT.INI
2009-06-15 06:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\93249366
2009-06-15 06:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\13239374

==================== Find3M ====================

2009-07-04 12:41 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-04-30 15:27 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:55 78,336 a------- c:\windows\system32\ieencode.dll

============= FINISH: 22:24:55.31 ===============

And my "Attach" log:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/25/2008 1:50:18 AM
System Uptime: 7/4/2009 1:16:17 PM (9 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | 945GZM-S2
Processor: Intel(R) Celeron(R) D CPU 3.06GHz | Socket 775 | 3082/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 77 GiB total, 65.264 GiB free.
D: is FIXED (FAT32) - 29 GiB total, 6.227 GiB free.
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 7/2/2009 10:18:28 AM - Software Distribution Service 3.0
RP2: 7/2/2009 2:09:28 PM - Software Distribution Service 3.0
RP3: 7/4/2009 9:37:24 AM - Software Distribution Service 3.0
RP4: 7/4/2009 10:27:13 AM - Software Distribution Service 3.0
RP5: 7/4/2009 10:43:21 AM - Software Distribution Service 3.0
RP6: 7/4/2009 12:35:45 PM - Installed Windows XP Service Pack 3.
RP7: 7/4/2009 12:43:24 PM - Installed Windows XP KB923561.
RP8: 7/4/2009 12:44:06 PM - Installed Windows XP KB938464-v2.
RP9: 7/4/2009 12:44:42 PM - Installed Windows XP KB946648.
RP10: 7/4/2009 12:45:17 PM - Installed Windows XP KB950762.
RP11: 7/4/2009 12:45:51 PM - Installed Windows XP KB950974.
RP12: 7/4/2009 12:46:28 PM - Installed Windows XP KB951066.
RP13: 7/4/2009 12:47:02 PM - Installed Windows XP KB951376-v2.
RP14: 7/4/2009 12:47:38 PM - Installed Windows XP KB951748.
RP15: 7/4/2009 12:48:14 PM - Installed Windows XP KB952004.
RP16: 7/4/2009 12:48:49 PM - Installed Windows XP KB952287.
RP17: 7/4/2009 12:49:24 PM - Installed Windows XP KB952954.
RP18: 7/4/2009 12:49:59 PM - Installed Windows XP KB954600.
RP19: 7/4/2009 12:50:33 PM - Installed Windows XP KB955069.
RP20: 7/4/2009 12:51:11 PM - Installed Windows XP KB956572.
RP21: 7/4/2009 12:51:50 PM - Installed Windows XP KB956802.
RP22: 7/4/2009 12:52:25 PM - Installed Windows XP KB956803.
RP23: 7/4/2009 12:52:59 PM - Installed Windows XP KB957097.
RP24: 7/4/2009 12:53:33 PM - Installed Windows XP KB958644.
RP25: 7/4/2009 12:54:09 PM - Installed Windows XP KB958687.
RP26: 7/4/2009 12:54:46 PM - Installed Windows XP KB958690.
RP27: 7/4/2009 12:55:37 PM - Installed Windows XP KB959426.
RP28: 7/4/2009 1:06:12 PM - Installed Windows XP Service Pack 3.
RP29: 7/4/2009 1:07:47 PM - Installed Windows XP KB923561.
RP30: 7/4/2009 1:08:09 PM - Installed Windows XP KB938464-v2.
RP31: 7/4/2009 1:08:30 PM - Installed Windows XP KB946648.
RP32: 7/4/2009 1:08:49 PM - Installed Windows XP KB950762.
RP33: 7/4/2009 1:09:04 PM - Installed Windows XP KB950974.
RP34: 7/4/2009 1:09:20 PM - Installed Windows XP KB951066.
RP35: 7/4/2009 1:09:36 PM - Installed Windows XP KB951376-v2.
RP36: 7/4/2009 1:09:56 PM - Installed Windows XP KB951748.
RP37: 7/4/2009 1:10:12 PM - Installed Windows XP KB952004.
RP38: 7/4/2009 1:10:28 PM - Installed Windows XP KB952287.
RP39: 7/4/2009 1:10:43 PM - Installed Windows XP KB952954.
RP40: 7/4/2009 1:11:01 PM - Installed Windows XP KB954600.
RP41: 7/4/2009 1:11:16 PM - Installed Windows XP KB955069.
RP42: 7/4/2009 1:11:37 PM - Installed Windows XP KB956572.
RP43: 7/4/2009 1:11:52 PM - Installed Windows XP KB956802.
RP44: 7/4/2009 1:12:08 PM - Installed Windows XP KB956803.
RP45: 7/4/2009 1:12:28 PM - Installed Windows XP KB957097.
RP46: 7/4/2009 1:12:44 PM - Installed Windows XP KB958644.
RP47: 7/4/2009 1:13:00 PM - Installed Windows XP KB958687.
RP48: 7/4/2009 1:13:16 PM - Installed Windows XP KB958690.
RP49: 7/4/2009 1:13:32 PM - Installed Windows XP KB959426.

==== Installed Programs ======================

AC3Filter (remove only)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 7.0.8
Apple Mobile Device Support
Apple Software Update
Bonjour
DTS+AC3 필터
GOM Player
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 11
LimeWire 5.1.2
Malwarebytes' Anti-Malware
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Mozilla Firefox (3.0.11)
MPEG2 Codec(libmpeg2/mad)
Nero 6 Ultra Edition
QuickTime
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VP6 VFW Codec
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinRAR archiver
알약
알툴즈 업데이트
한글 2004

==== Event Viewer Messages From Past Week ========

7/4/2009 12:55:37 PM, error: NtServicePack [4373] - Windows XP KB959426 installation failed.
A system shutdown is in progress.
7/4/2009 11:13:17 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Windows XP Service Pack 3 (KB936929).
7/3/2009 12:55:27 AM, error: Service Control Manager [7034] - The ALYac_PZSrv service terminated unexpectedly. It has done this 1 time(s).
7/3/2009 11:16:47 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
7/3/2009 11:16:47 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/3/2009 11:16:47 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/3/2009 11:16:47 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/3/2009 11:16:47 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/3/2009 11:16:47 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/3/2009 11:16:47 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/3/2009 11:16:18 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/3/2009 11:16:05 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/3/2009 1:56:07 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/3/2009 1:56:06 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
7/3/2009 1:55:53 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
7/3/2009 1:55:35 PM, error: Service Control Manager [7022] - The PC Tools Security Service service hung on starting.
7/2/2009 10:56:18 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.
7/2/2009 10:14:22 AM, error: Service Control Manager [7023] - The Direct Parallel Link Monitor service terminated with the following error: The specified module could not be found.
7/1/2009 9:27:21 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Installer service to connect.
7/1/2009 9:27:21 AM, error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/1/2009 9:27:12 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
7/1/2009 9:24:21 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
6/30/2009 9:41:31 AM, error: Service Control Manager [7028] - The zyyhnsikaeooe Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
6/28/2009 3:59:33 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.

==== End Of File ===========================

**broni** · 5th July 2009

1. Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

2. Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.