B00kWyrm is correct in pointing out that you have two programs which contain an antivirus application.I have outlined the entries below for you and identified them so you will understand the contents of each:
Windows OneCare Live: #Antivirus, antispyware, and firewall, Wireless networking security, Online identity theft protection
Cost is $50.00
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe>>> Microsoft Windows Defender Antispyware, the engine used by both OneCare and Defender.
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe>>> OcHealthMon.exe is known as "Windows One Care Health Monitor":
OneCare is a suite from Microsoft that protects your computer against threats.
Also it manages backup stuffs.
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe>>> msfwsvc.exe is Windows OneCare firewall service.
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe">>> belongs to Windows OneCare Live.
Avira AntiVir PersonalEdition Classic >>> Free Antivirus 9.0.0.394
C:\Program Files\Avira\AntiVir Desktop\sched.exe>>> manages the scheduled virus scans for the Avira AntiVir PersonalEdition Classic antivirus program.
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe>>> Antivirus System Tray Tool.
C:\Program Files\Avira\AntiVir Desktop\avguard.exe>>> AntiVir Real-time Scanner service
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
Sine the presence of more than one antivirus program can potentially cause conflicts which could reduce their security protection, you should remove one of them. Since you have paid for WindowsLive OneCare- unless it offers a trail version-you might want to remove the free Avira instead.
Step 5 is for free Superantispyware. The link displayed for me with no problem:
https://www.techspot.com/downloads/2695-superantispyware.html
Here is the cause of your redirects: This entry and all of the following 01 entries:
O1 - Hosts: 94.247.2.216
www.google.com
This means that whenever the URL to the right of the entries (Google) above is entered, instead of taking you to that site, you are being redirected to IP 94.247.2.216. This IP belongs to:
role: DATORU EXPRESS SERVISS HostMaster
address: 18. novembra street 319C
address: Daugavpils, LV-5413
address: Latvia
So we need to remove these entries as follows:
Remove bad HijackThis entries
• Run HijackThis
• Click on the System Scan Only button
• Put a check beside all of the items listed below (if present):
O1 - Hosts: 94.247.2.216
www.google.com
O1 - Hosts: 94.247.2.216
www.google.de
O1 - Hosts: 94.247.2.216
www.google.fr
O1 - Hosts: 94.247.2.216
www.google.co.uk
O1 - Hosts: 94.247.2.216
www.google.com.br
O1 - Hosts: 94.247.2.216
www.google.it
O1 - Hosts: 94.247.2.216
www.google.es
O1 - Hosts: 94.247.2.216
www.google.co.jp
O1 - Hosts: 94.247.2.216
www.google.com.mx
O1 - Hosts: 94.247.2.216
www.google.ca
O1 - Hosts: 94.247.2.216
www.google.com.au
O1 - Hosts: 94.247.2.216
www.google.nl
O1 - Hosts: 94.247.2.216
www.google.co.za
O1 - Hosts: 94.247.2.216
www.google.be
O1 - Hosts: 94.247.2.216
www.google.gr
O1 - Hosts: 94.247.2.216
www.google.at
O1 - Hosts: 94.247.2.216
www.google.se
O1 - Hosts: 94.247.2.216
www.google.ch
O1 - Hosts: 94.247.2.216
www.google.pt
O1 - Hosts: 94.247.2.216
www.google.dk
O1 - Hosts: 94.247.2.216
www.google.fi
O1 - Hosts: 94.247.2.216
www.google.ie
O1 - Hosts: 94.247.2.216
www.google.no
O1 - Hosts: 94.247.2.216 search.yahoo.com
O1 - Hosts: 94.247.2.216 us.search.yahoo.com
O1 - Hosts: 94.247.2.216 uk.search.yahoo.com
• Close all open windows and browsers/email, etc...
• Click on the "Fix Checked" button
• When completed, close the application.
Please download ComboFixHERE:
With ComboFix, at the download window,
please rename it to Combo-Fix(.exe) before downloading it.
Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.
• Run Combo-Fix.exe and follow the prompts.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
• Wait for the scan to be completed.
• If it requires a reboot, please do it.
• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)
Do not click on the ComoboFix window, as it may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
When finished, please rescan with HijackThis and attach new log with Combofix report.
So the order you follow is:
1. Decide on which antivirus program you want to keep.
2. Uninstall the 'other AV program or the suite containing the AV program.
3. Open HJ, follow the removal entries.
4. Download and run Combofix.
5. Attach new HJ log and Combofix report.
NOTE on removing AV program,:
This is best done in Safe Mode:
Reboot the computer> let the logo load and then begin tapping the F8 key BEFORE Windows starts to load> continue tapping until Safe mode displays:
Start> Run> msconfig> enter> Selective Startup> Startup Menu> UNCHECK ALL entries for the AV/Security program you are NOT going to keep> Apply> OK.
IF you are removing Avira:
Start> Run> services.msc> find each Service below> double click to open> Change Startup type to Disabled> Stop the Service
Control Panel> Add/Remove Programs> highlight and then UNINSTALL THAT program.
Reboot into Normal Mode> ignore the nag message that come up and close it after checking 'don't show message again'. Stay in Selective Startup.
B00kWyrm, nice setup. thank you.