Resolved Another google redirect

[kirkv]

AVG 8.5 Anti-Virus command line scanner
Copyright (c) 1992 - 2009 AVG Technologies
Program version 8.0.401, engine 8.0.406
Virus Database: Version 271.1.1/3505 2011-03-13

C:\Documents and Settings\Don\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\Don\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\Don\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\Don\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\LocalService\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\LocalService\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\Data\CatInfo.dat Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS025BC601-DA3A-4B83-8437-DE8AF4018B99.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS03243019-3B03-4DEE-B48C-D20D27489DA3.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS0735A5BF-8DAA-4BE5-84CC-7D215E73D567.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS086EB523-9DF5-46FD-BB7A-7936EF7B0F95.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS090AD54B-88C3-453E-ADF6-350F97B40352.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS0A02DF71-DC6F-4A68-BC76-771998FD4912.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS0C95BE4D-E8D1-44C0-94C8-DF40F7688996.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS1012782F-CD0C-469C-9059-082CFA4A9E90.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS126021E8-FDCC-4570-90BE-639795150C83.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS181401CF-AA9F-4A49-97AE-D56FE02CF4CE.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS18704F30-CFCD-4486-BEDD-997DB0C5AF6A.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS18DC6A5F-1391-49BC-8902-55D8CC5E4709.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS1BF71987-9024-48FE-AAAD-6EFC2D71F19A.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS1E64E2B8-ABF4-44DA-A073-F22C5180FF10.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS1EE2AB31-B3CF-4BA6-AAF0-96CF17EA25DA.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS204B94AB-FDB4-4146-972B-A1FB921ED6B5.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS23499A20-498C-4CB0-A444-9B5C147FB0F9.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS2652F93E-D4FC-4BB7-B34C-C5F09E38B337.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS282DB6B2-A72E-448E-B173-A3357148DB4F.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS2BDB0BB5-A10F-4E73-9B11-68CC7D7ACEC3.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS2D019CC3-D784-4FB7-8810-D887C1F73F46.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS2DB86374-29F7-40CA-8C8D-B10EBA32B6C5.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS2D74E466-AD95-4622-AF57-6E772241F3E7.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS2E504AF8-90B4-41A4-A6F8-5D2000BB0B5E.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS2E8A788D-018D-48AE-9779-7BF12FF37302.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS33F5F339-D1A2-4C6F-B403-F3286E8A8F5F.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS38E181EB-315E-45D4-980D-09795F9FB3CA.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS3CF2E4B0-E322-4813-9BB7-785542A5F0AC.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS3574E758-0405-434C-8015-3BBA5C925863.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS3D0D7E59-8AD3-46FD-88A2-8C47A356208F.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS3E4FBAAB-A20C-413B-82EB-CFF52FBF5384.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS40146C94-808E-4305-AF4A-87920EEC9BD4.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS4568AD59-DEF0-406F-AFFC-6E0488C2318D.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS4DD656D5-E47E-4B64-83F9-9097D1181D8E.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS4CBC5058-D996-40A9-A9B2-33E8E165A1E4.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS51F06759-B814-4787-BB8A-F06A3FD322BB.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS59A8ACCF-D415-4E0E-9500-7DB702C25D62.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS5B9C70A6-187A-4686-9E50-0B7DA17E951F.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS5EBA4E5D-4C74-4EE1-9F8E-AAAF855272BB.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS5E5F7076-5C5B-4901-829A-C3D158DFE2A8.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS60184B28-C4AB-4160-A0E4-825E1C0AFECF.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS60BB1C74-8C68-4DB3-AA40-E446B81AD1C2.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS645F364A-D456-45D6-AA8F-DC9B53822F22.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS67A815D0-4C5F-4188-972F-32F8D35C9A2E.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS684D0436-BA2E-450A-9CDB-4F09FAD44440.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS6F5EC169-1A22-4A2E-892E-BC02A5426297.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS7096A414-B09B-46A1-BE2E-299DB7476673.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS71ED0D17-E621-403A-8CF3-9AEA8BF50790.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS7221F263-739D-485D-8387-20EE7482561D.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS71A40081-D2DE-44F2-B5F8-840E35F3E56C.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS727F8900-3EF6-4F20-9EDD-C7DA4B112B93.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS7311FE73-AA98-46C7-BFFD-DBCF896C252A.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS738CF28F-1187-448E-809D-7ED6A705C9F5.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS742C2834-C516-4E40-8DD5-5532BED5EDEC.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS7CD9451F-9E97-4B79-A206-4EB25F6B3E37.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS7D3E59C4-D5BC-4DC9-8176-0B9594773F63.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS87CBF6FE-C67E-47D8-A892-6295ED453B1E.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS8BC5B111-61E2-4835-B695-333341D80113.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS8692C9A1-8665-4D1B-A65D-C8295DDF92A2.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS8C5A1DE9-15A5-4CB0-A9B1-23B21BBAEF5F.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS8DF3D713-F1D2-4EF9-94D7-49AB69BA27FA.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS8EA29C49-F448-49B0-9D4E-1D57CA593BA7.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS982012AC-5D3C-4C7C-A7B2-6A0E658CED1B.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS8F6DEA5A-0CA2-4580-9E44-D58E7BE9A97D.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS9AD8A4FB-BBE9-451A-B1E7-0C873B6A910A.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS9BB06348-0BC8-4671-9F75-AFB6346E9B81.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSA369B7BF-A336-494F-A1EE-3FCBA47B6AAE.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS9BF1B54A-FDA4-4476-856F-4A8F3CA36D9B.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSA605775A-6753-465D-8B43-C89DFC4D47D4.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSA685051F-4475-42D2-A8ED-A60DE86DE752.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSA83F1C16-E54B-4B14-B94F-DEB891D2309E.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSADA58576-92F9-4223-A01C-B7736D7A14DE.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSAECE05E4-38F2-49FD-A784-996FA0D9EFDE.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSB44AC200-1790-4EC5-918C-0B7E7FC8956A.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSB5630EFA-173C-49D1-BB16-D472969C98D4.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSB6749B49-3472-404E-B2EE-EE13AE2F794D.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSC1CE7E7D-7280-4E7C-A5C5-1E83C117D2CE.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSC29D45E5-176C-4171-A97B-5D52A6B78CF3.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSC54AE426-ABED-49FB-92D6-1B33B6F0CAB8.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSCA26689D-3623-4043-BE0B-5A4829EBE1A0.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSD1CFDF44-D95E-475D-9058-8E2262971709.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSD2770BD2-43DD-4DB3-A9F8-82176C5F804B.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSD37FE424-0E47-4A33-B011-86C7A2AD18B8.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSD381F0BC-0487-4868-8C7B-5227EBDF94DF.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSD638DEE0-85F7-4D78-8396-366EB3140BB3.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSDEE1138D-6227-4733-BBC6-634A0D6BB63B.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSE03778B8-6BF7-4E1C-A90B-B851AADCCA0A.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSE29296BC-1AA8-4E8D-BF2B-17977732FC71.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSE36AC690-E53C-4874-A767-CCE115B0675D.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSE53ABD34-A0FA-4393-B915-B4AF5CEDF9DE.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSE8B5CCA7-860C-47E0-B60B-A783DEDD5D5E.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSE8E27D62-8F95-40CC-9A9E-11B0BCCC3652.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSE9C28D0B-6DED-478A-9775-21A9527D77A6.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSEB40B72D-EEA6-4E74-8FBC-D23A0056ED4C.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSEC811B30-F2F0-4F96-B327-D38FA17E81EA.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSEE86CD52-92EC-48F8-B04D-5F6B82713187.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSEEA784E0-7E8F-4B60-8F2D-F3724245E288.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSEF986B76-7C4A-40DE-BA7B-79B123BF4E35.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSF09CB0DC-55AE-4E87-B05A-2136C2D4C6AB.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSF3027AE3-F3D8-4E49-8ABB-C6A36F3173A3.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSF4DF0E17-50B5-4905-87B8-2F82DCD1CA92.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSF703E10C-52BD-434D-BBD4-B9432222AB60.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSFCEF4EDB-F6BE-483C-B29D-5AE731BAA62F.tmp Locked file. Not tested.
C:\Program Files\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSFECBE84A-E218-4C62-902C-EC759E23D8DE.tmp Locked file. Not tested.
C:\System Volume Information\ Locked file. Not tested.
C:\WINDOWS\system32\config\default Locked file. Not tested.
C:\WINDOWS\system32\config\default.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SAM Locked file. Not tested.
C:\WINDOWS\system32\config\SAM.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\software Locked file. Not tested.
C:\WINDOWS\system32\config\software.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\system Locked file. Not tested.
C:\WINDOWS\system32\config\system.LOG Locked file. Not tested.
C:\WINDOWS\system32\nwwksh.dll Locked file. Not tested.
C:\WINDOWS\Tasks\MMBSKTW.job Locked file. Not tested.

------------------------------------------------------------
Objects scanned : 208864
Found infections : 0
Found PUPs : 0
Healed infections : 0
Healed PUPs : 0
Warnings : 0
------------------------------------------------------------
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6011

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

3/13/2011 9:53:00 PM
mbam-log-2011-03-13 (21-52-59).txt

Scan type: Full scan (C:\|)
Objects scanned: 198585
Time elapsed: 30 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:28:02 PM, on 3/13/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
F:\Program Files\TeamViewer\Version6\TeamViewer.exe
F:\Windows\system32\taskhost.exe
F:\Windows\system32\Dwm.exe
F:\Windows\Explorer.EXE
F:\Program Files\Epson Software\Event Manager\EEventManager.exe
F:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
F:\Program Files\AVG\AVG8\avgtray.exe
F:\Program Files\Pure Networks\Network Magic\nmapp.exe
F:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
F:\Program Files\Zune\ZuneLauncher.exe
F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
F:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
F:\Program Files\Microsoft IntelliPoint\ipoint.exe
F:\Program Files\PowerISO\PWRISOVM.EXE
F:\Program Files\Common Files\Java\Java Update\jusched.exe
F:\Users\Kirk\Downloads\utorrent.exe
F:\Program Files\TechSmith\Snagit 10\Snagit32.exe
F:\Program Files\TechSmith\Snagit 10\TSCHelp.exe
F:\Program Files\TechSmith\Snagit 10\snagiteditor.exe
F:\Program Files\WinRAR\WinRAR.exe
F:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Mozilla Firefox\plugin-container.exe
F:\Program Files\Common Files\Java\Java Update\jaucheck.exe
F:\Windows\system32\conhost.exe
F:\Windows\system32\notepad.exe
F:\Users\Kirk\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qwest.live.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qwest.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Qwest
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - F:\Windows\System32\dvmurl.dll
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - F:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - F:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - F:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - F:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - F:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - F:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - F:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - F:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - F:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - F:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - F:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - F:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - F:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - F:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll
O4 - HKLM\..\Run: [EEventManager] F:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [RtHDVCpl] F:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] F:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [EasyTuneVI] F:\Program Files\GIGABYTE\ET6\ETcall.exe
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [nmapp] "F:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [QwestTouchPointAgent] "F:\Program Files\Qwest\Desktop\QwestTouchPointAgent.exe" /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "F:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Zune Launcher] "f:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [RemoteControl] "F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "F:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "F:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
O4 - HKLM\..\Run: [MSN Toolbar] "F:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "F:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [IntelliPoint] "f:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] F:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BCSSync] "F:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [CarboniteSetupLite] "F:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
O4 - HKCU\..\Run: [EPSON Artisan 710 Series] F:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFSA.EXE /FU "F:\Windows\TEMP\E_SCF21.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "F:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [EPSONF66253] F:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFSA.EXE /FU "F:\Windows\TEMP\E_S5237.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [uTorrent] "F:\Users\Kirk\Downloads\utorrent.exe"
O4 - HKCU\..\Run: [Artisan 710(Network)] F:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFSA.EXE /FU "F:\Windows\TEMP\E_S9DC9.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [KIRKSPRINTER] F:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFSA.EXE /FU "F:\Windows\TEMP\E_SD8F1.tmp" /EF "HKCU"
O4 - Global Startup: Logitech SetPoint.lnk = L:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Snagit 10.lnk = F:\Program Files\TechSmith\Snagit 10\Snagit32.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://F:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: f:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: f:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://169.254.232.247/RtspVaPgDec.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{19E7AFA3-56A0-492B-96DA-22BDEE6B5FF2}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{19E7AFA3-56A0-492B-96DA-22BDEE6B5FF2}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{19E7AFA3-56A0-492B-96DA-22BDEE6B5FF2}: NameServer = 192.168.0.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - F:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - F:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - F:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AMPingService - Unknown owner - F:\Users\Kirk\AppData\Local\Temp\AMPing.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - F:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - F:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - F:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Remote Connections Service (FlexService) - Unknown owner - F:\Program Files\RapidBIT\cisvc.exe (file missing)
O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - F:\Windows\system32\fsproflt.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - F:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - F:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - F:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - F:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - F:\Windows\system32\nvvsvc.exe
O23 - Service: Regina Stack - Unknown owner - F:\Regina\rxstack.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - F:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RXAPI - Rexx Language Association - F:\Program Files\ooRexx\rxapi.exe
O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - F:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - F:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - F:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - F:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - F:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - F:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: wampapache - Unknown owner - L:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (file missing)
O23 - Service: wampmysqld - Unknown owner - L:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe (file missing)
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - F:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - F:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - F:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14996 bytes

 

[Bobbye]

Welcome to TechSpot! Please describe the redirect? All browsers? All search engines?

We don't 'screen' for malware with HijackThis. If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

The AVG scan is clean. Malwarebytes is clean. Make sure you have the latest AVG update per this:
https://www.techspot.com/vb/topic162350.html

 

[kirkv]

Bob,
i read through the other posts and with what you posted in the other threads i was able to figure it out and fix the issue. Thank you much for the help man.

Kirk

 

[Bobbye]

You should not be following directions given to someone else for cleaning malware infections.