Another google redirect

Resolved
By kirkv
Mar 14, 2011
Topic Status:
Not open for further replies.
  1. AVG 8.5 Anti-Virus command line scanner
    Copyright (c) 1992 - 2009 AVG Technologies
    Program version 8.0.401, engine 8.0.406
    Virus Database: Version 271.1.1/3505 2011-03-13

    C:\Documents and Settings\Don\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
    C:\Documents and Settings\Don\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
    C:\Documents and Settings\Don\NTUSER.DAT Locked file. Not tested.
    C:\Documents and Settings\Don\ntuser.dat.LOG Locked file. Not tested.
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
    C:\Documents and Settings\LocalService\NTUSER.DAT Locked file. Not tested.
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Locked file. Not tested.
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
    C:\Documents and Settings\NetworkService\NTUSER.DAT Locked file. Not tested.
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Locked file. Not tested.
    C:\pagefile.sys Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\Data\CatInfo.dat Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS025BC601-DA3A-4B83-8437-DE8AF4018B99.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS03243019-3B03-4DEE-B48C-D20D27489DA3.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS0735A5BF-8DAA-4BE5-84CC-7D215E73D567.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS086EB523-9DF5-46FD-BB7A-7936EF7B0F95.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS090AD54B-88C3-453E-ADF6-350F97B40352.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS0A02DF71-DC6F-4A68-BC76-771998FD4912.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS0C95BE4D-E8D1-44C0-94C8-DF40F7688996.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS1012782F-CD0C-469C-9059-082CFA4A9E90.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS126021E8-FDCC-4570-90BE-639795150C83.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS181401CF-AA9F-4A49-97AE-D56FE02CF4CE.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS18704F30-CFCD-4486-BEDD-997DB0C5AF6A.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS18DC6A5F-1391-49BC-8902-55D8CC5E4709.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS1BF71987-9024-48FE-AAAD-6EFC2D71F19A.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS1E64E2B8-ABF4-44DA-A073-F22C5180FF10.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS1EE2AB31-B3CF-4BA6-AAF0-96CF17EA25DA.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS204B94AB-FDB4-4146-972B-A1FB921ED6B5.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS23499A20-498C-4CB0-A444-9B5C147FB0F9.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS2652F93E-D4FC-4BB7-B34C-C5F09E38B337.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS282DB6B2-A72E-448E-B173-A3357148DB4F.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS2BDB0BB5-A10F-4E73-9B11-68CC7D7ACEC3.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS2D019CC3-D784-4FB7-8810-D887C1F73F46.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS2DB86374-29F7-40CA-8C8D-B10EBA32B6C5.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS2D74E466-AD95-4622-AF57-6E772241F3E7.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS2E504AF8-90B4-41A4-A6F8-5D2000BB0B5E.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS2E8A788D-018D-48AE-9779-7BF12FF37302.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS33F5F339-D1A2-4C6F-B403-F3286E8A8F5F.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS38E181EB-315E-45D4-980D-09795F9FB3CA.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS3CF2E4B0-E322-4813-9BB7-785542A5F0AC.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS3574E758-0405-434C-8015-3BBA5C925863.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS3D0D7E59-8AD3-46FD-88A2-8C47A356208F.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS3E4FBAAB-A20C-413B-82EB-CFF52FBF5384.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS40146C94-808E-4305-AF4A-87920EEC9BD4.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS4568AD59-DEF0-406F-AFFC-6E0488C2318D.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS4DD656D5-E47E-4B64-83F9-9097D1181D8E.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS4CBC5058-D996-40A9-A9B2-33E8E165A1E4.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS51F06759-B814-4787-BB8A-F06A3FD322BB.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS59A8ACCF-D415-4E0E-9500-7DB702C25D62.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS5B9C70A6-187A-4686-9E50-0B7DA17E951F.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS5EBA4E5D-4C74-4EE1-9F8E-AAAF855272BB.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS5E5F7076-5C5B-4901-829A-C3D158DFE2A8.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS60184B28-C4AB-4160-A0E4-825E1C0AFECF.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS60BB1C74-8C68-4DB3-AA40-E446B81AD1C2.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS645F364A-D456-45D6-AA8F-DC9B53822F22.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS67A815D0-4C5F-4188-972F-32F8D35C9A2E.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS684D0436-BA2E-450A-9CDB-4F09FAD44440.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS6F5EC169-1A22-4A2E-892E-BC02A5426297.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS7096A414-B09B-46A1-BE2E-299DB7476673.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS71ED0D17-E621-403A-8CF3-9AEA8BF50790.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS7221F263-739D-485D-8387-20EE7482561D.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS71A40081-D2DE-44F2-B5F8-840E35F3E56C.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS727F8900-3EF6-4F20-9EDD-C7DA4B112B93.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS7311FE73-AA98-46C7-BFFD-DBCF896C252A.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS738CF28F-1187-448E-809D-7ED6A705C9F5.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS742C2834-C516-4E40-8DD5-5532BED5EDEC.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS7CD9451F-9E97-4B79-A206-4EB25F6B3E37.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS7D3E59C4-D5BC-4DC9-8176-0B9594773F63.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS87CBF6FE-C67E-47D8-A892-6295ED453B1E.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS8BC5B111-61E2-4835-B695-333341D80113.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS8692C9A1-8665-4D1B-A65D-C8295DDF92A2.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS8C5A1DE9-15A5-4CB0-A9B1-23B21BBAEF5F.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS8DF3D713-F1D2-4EF9-94D7-49AB69BA27FA.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS8EA29C49-F448-49B0-9D4E-1D57CA593BA7.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS982012AC-5D3C-4C7C-A7B2-6A0E658CED1B.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS8F6DEA5A-0CA2-4580-9E44-D58E7BE9A97D.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS9AD8A4FB-BBE9-451A-B1E7-0C873B6A910A.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS9BB06348-0BC8-4671-9F75-AFB6346E9B81.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSA369B7BF-A336-494F-A1EE-3FCBA47B6AAE.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS9BF1B54A-FDA4-4476-856F-4A8F3CA36D9B.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSA605775A-6753-465D-8B43-C89DFC4D47D4.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSA685051F-4475-42D2-A8ED-A60DE86DE752.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSA83F1C16-E54B-4B14-B94F-DEB891D2309E.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSADA58576-92F9-4223-A01C-B7736D7A14DE.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSAECE05E4-38F2-49FD-A784-996FA0D9EFDE.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSB44AC200-1790-4EC5-918C-0B7E7FC8956A.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSB5630EFA-173C-49D1-BB16-D472969C98D4.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSB6749B49-3472-404E-B2EE-EE13AE2F794D.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSC1CE7E7D-7280-4E7C-A5C5-1E83C117D2CE.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSC29D45E5-176C-4171-A97B-5D52A6B78CF3.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSC54AE426-ABED-49FB-92D6-1B33B6F0CAB8.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSCA26689D-3623-4043-BE0B-5A4829EBE1A0.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSD1CFDF44-D95E-475D-9058-8E2262971709.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSD2770BD2-43DD-4DB3-A9F8-82176C5F804B.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSD37FE424-0E47-4A33-B011-86C7A2AD18B8.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSD381F0BC-0487-4868-8C7B-5227EBDF94DF.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSD638DEE0-85F7-4D78-8396-366EB3140BB3.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSDEE1138D-6227-4733-BBC6-634A0D6BB63B.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSE03778B8-6BF7-4E1C-A90B-B851AADCCA0A.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSE29296BC-1AA8-4E8D-BF2B-17977732FC71.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSE36AC690-E53C-4874-A767-CCE115B0675D.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSE53ABD34-A0FA-4393-B915-B4AF5CEDF9DE.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSE8B5CCA7-860C-47E0-B60B-A783DEDD5D5E.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSE8E27D62-8F95-40CC-9A9E-11B0BCCC3652.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSE9C28D0B-6DED-478A-9775-21A9527D77A6.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSEB40B72D-EEA6-4E74-8FBC-D23A0056ED4C.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSEC811B30-F2F0-4F96-B327-D38FA17E81EA.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSEE86CD52-92EC-48F8-B04D-5F6B82713187.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSEEA784E0-7E8F-4B60-8F2D-F3724245E288.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSEF986B76-7C4A-40DE-BA7B-79B123BF4E35.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSF09CB0DC-55AE-4E87-B05A-2136C2D4C6AB.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSF3027AE3-F3D8-4E49-8ABB-C6A36F3173A3.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSF4DF0E17-50B5-4905-87B8-2F82DCD1CA92.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSF703E10C-52BD-434D-BBD4-B9432222AB60.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSFCEF4EDB-F6BE-483C-B29D-5AE731BAA62F.tmp Locked file. Not tested.
    C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSFECBE84A-E218-4C62-902C-EC759E23D8DE.tmp Locked file. Not tested.
    C:\System Volume Information\ Locked file. Not tested.
    C:\WINDOWS\system32\config\default Locked file. Not tested.
    C:\WINDOWS\system32\config\default.LOG Locked file. Not tested.
    C:\WINDOWS\system32\config\SAM Locked file. Not tested.
    C:\WINDOWS\system32\config\SAM.LOG Locked file. Not tested.
    C:\WINDOWS\system32\config\SECURITY Locked file. Not tested.
    C:\WINDOWS\system32\config\SECURITY.LOG Locked file. Not tested.
    C:\WINDOWS\system32\config\software Locked file. Not tested.
    C:\WINDOWS\system32\config\software.LOG Locked file. Not tested.
    C:\WINDOWS\system32\config\system Locked file. Not tested.
    C:\WINDOWS\system32\config\system.LOG Locked file. Not tested.
    C:\WINDOWS\system32\nwwksh.dll Locked file. Not tested.
    C:\WINDOWS\Tasks\MMBSKTW.job Locked file. Not tested.

    ------------------------------------------------------------
    Objects scanned : 208864
    Found infections : 0
    Found PUPs : 0
    Healed infections : 0
    Healed PUPs : 0
    Warnings : 0
    ------------------------------------------------------------
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6011

    Windows 5.1.2600 Service Pack 3 (Safe Mode)
    Internet Explorer 8.0.6001.18702

    3/13/2011 9:53:00 PM
    mbam-log-2011-03-13 (21-52-59).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 198585
    Time elapsed: 30 minute(s), 25 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:28:02 PM, on 3/13/2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16722)
    Boot mode: Normal

    Running processes:
    F:\Program Files\TeamViewer\Version6\TeamViewer.exe
    F:\Windows\system32\taskhost.exe
    F:\Windows\system32\Dwm.exe
    F:\Windows\Explorer.EXE
    F:\Program Files\Epson Software\Event Manager\EEventManager.exe
    F:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    F:\Program Files\AVG\AVG8\avgtray.exe
    F:\Program Files\Pure Networks\Network Magic\nmapp.exe
    F:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    F:\Program Files\Zune\ZuneLauncher.exe
    F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    F:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
    F:\Program Files\Microsoft IntelliPoint\ipoint.exe
    F:\Program Files\PowerISO\PWRISOVM.EXE
    F:\Program Files\Common Files\Java\Java Update\jusched.exe
    F:\Users\Kirk\Downloads\utorrent.exe
    F:\Program Files\TechSmith\Snagit 10\Snagit32.exe
    F:\Program Files\TechSmith\Snagit 10\TSCHelp.exe
    F:\Program Files\TechSmith\Snagit 10\snagiteditor.exe
    F:\Program Files\WinRAR\WinRAR.exe
    F:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    F:\Program Files\Mozilla Firefox\firefox.exe
    F:\Program Files\Mozilla Firefox\plugin-container.exe
    F:\Program Files\Common Files\Java\Java Update\jaucheck.exe
    F:\Windows\system32\conhost.exe
    F:\Windows\system32\notepad.exe
    F:\Users\Kirk\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qwest.live.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qwest.live.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Qwest
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - F:\Windows\System32\dvmurl.dll
    R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - F:\Program Files\uTorrentBar\tbuTor.dll
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - F:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - F:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - F:\Program Files\ConduitEngine\ConduitEngine.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - F:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - F:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - F:\Program Files\uTorrentBar\tbuTor.dll
    O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - F:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - F:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - F:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - F:\Program Files\uTorrentBar\tbuTor.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - F:\Program Files\ConduitEngine\ConduitEngine.dll
    O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - F:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
    O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - F:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll
    O4 - HKLM\..\Run: [EEventManager] F:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
    O4 - HKLM\..\Run: [RtHDVCpl] F:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    O4 - HKLM\..\Run: [JMB36X IDE Setup] F:\Windows\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [EasyTuneVI] F:\Program Files\GIGABYTE\ET6\ETcall.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [nmapp] "F:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [QwestTouchPointAgent] "F:\Program Files\Qwest\Desktop\QwestTouchPointAgent.exe" /autostart
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "F:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Zune Launcher] "f:\Program Files\Zune\ZuneLauncher.exe"
    O4 - HKLM\..\Run: [RemoteControl] "F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "F:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [LGODDFU] "F:\Program Files\lg_fwupdate\fwupdate.exe" blrun
    O4 - HKLM\..\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    O4 - HKLM\..\Run: [MSN Toolbar] "F:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe"
    O4 - HKLM\..\Run: [Microsoft Default Manager] "F:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [IntelliPoint] "f:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [PWRISOVM.EXE] F:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [BCSSync] "F:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [CarboniteSetupLite] "F:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
    O4 - HKCU\..\Run: [EPSON Artisan 710 Series] F:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFSA.EXE /FU "F:\Windows\TEMP\E_SCF21.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "F:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [EPSONF66253] F:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFSA.EXE /FU "F:\Windows\TEMP\E_S5237.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [uTorrent] "F:\Users\Kirk\Downloads\utorrent.exe"
    O4 - HKCU\..\Run: [Artisan 710(Network)] F:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFSA.EXE /FU "F:\Windows\TEMP\E_S9DC9.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [KIRKSPRINTER] F:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFSA.EXE /FU "F:\Windows\TEMP\E_SD8F1.tmp" /EF "HKCU"
    O4 - Global Startup: Logitech SetPoint.lnk = L:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Snagit 10.lnk = F:\Program Files\TechSmith\Snagit 10\Snagit32.exe
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://F:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: f:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: f:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://169.254.232.247/RtspVaPgDec.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{19E7AFA3-56A0-492B-96DA-22BDEE6B5FF2}: NameServer = 192.168.0.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{19E7AFA3-56A0-492B-96DA-22BDEE6B5FF2}: NameServer = 192.168.0.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{19E7AFA3-56A0-492B-96DA-22BDEE6B5FF2}: NameServer = 192.168.0.1
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - F:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - F:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - F:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: AMPingService - Unknown owner - F:\Users\Kirk\AppData\Local\Temp\AMPing.exe (file missing)
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - F:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - F:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - F:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Remote Connections Service (FlexService) - Unknown owner - F:\Program Files\RapidBIT\cisvc.exe (file missing)
    O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - F:\Windows\system32\fsproflt.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - F:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - F:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - F:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - F:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - F:\Windows\system32\nvvsvc.exe
    O23 - Service: Regina Stack - Unknown owner - F:\Regina\rxstack.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - F:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: RXAPI - Rexx Language Association - F:\Program Files\ooRexx\rxapi.exe
    O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - F:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - F:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - F:\Program Files\Common Files\supportsoft\bin\ssrc.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - F:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - F:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
    O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - F:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
    O23 - Service: wampapache - Unknown owner - L:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (file missing)
    O23 - Service: wampmysqld - Unknown owner - L:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe (file missing)
    O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - F:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - F:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - F:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 14996 bytes
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Welcome to TechSpot! Please describe the redirect? All browsers? All search engines?

    We don't 'screen' for malware with HijackThis. If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

    The AVG scan is clean. Malwarebytes is clean. Make sure you have the latest AVG update per this:
    http://www.techspot.com/vb/topic162350.html
  3. kirkv

    kirkv Newcomer, in training Topic Starter

    Bob,
    i read through the other posts and with what you posted in the other threads i was able to figure it out and fix the issue. Thank you much for the help man.

    Kirk
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    You should not be following directions given to someone else for cleaning malware infections.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.