every browser redirects

I

iamthewalrus

New Member
Hi. Everytime i search for anything and click a link, i am redirected to another website. This happens on chrome, firefox, and ie. I have microsoft Security Essentials as my antivirus

Here is my hijack log


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:59:30 AM, on 7/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Documents and Settings\Administrator\Application Data\mjusbsp\magicJack.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: moviesjojoen Toolbar - {49cff400-872b-40fa-8e35-b7a426e596fd} - C:\Program Files\moviesjojoen\tbmov1.dll
R3 - URLSearchHook: Hunt TB Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbiso1.dll
O1 - Hosts: 89.149.249.195 www.google.com
O1 - Hosts: 89.149.249.195 www.google.de
O1 - Hosts: 89.149.249.195 www.google.fr
O1 - Hosts: 89.149.249.195 www.google.co.uk
O1 - Hosts: 89.149.249.195 www.google.com.br
O1 - Hosts: 89.149.249.195 www.google.it
O1 - Hosts: 89.149.249.195 www.google.es
O1 - Hosts: 89.149.249.195 www.google.co.jp
O1 - Hosts: 89.149.249.195 www.google.com.mx
O1 - Hosts: 89.149.249.195 www.google.ca
O1 - Hosts: 89.149.249.195 www.google.com.au
O1 - Hosts: 89.149.249.195 www.google.nl
O1 - Hosts: 89.149.249.195 www.google.co.za
O1 - Hosts: 89.149.249.195 www.google.be
O1 - Hosts: 89.149.249.195 www.google.gr
O1 - Hosts: 89.149.249.195 www.google.at
O1 - Hosts: 89.149.249.195 www.google.se
O1 - Hosts: 89.149.249.195 www.google.ch
O1 - Hosts: 89.149.249.195 www.google.pt
O1 - Hosts: 89.149.249.195 www.google.dk
O1 - Hosts: 89.149.249.195 www.google.fi
O1 - Hosts: 89.149.249.195 www.google.ie
O1 - Hosts: 89.149.249.195 www.google.no
O1 - Hosts: 89.149.249.195 search.yahoo.com
O1 - Hosts: 89.149.249.195 us.search.yahoo.com
O1 - Hosts: 89.149.249.195 uk.search.yahoo.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: moviesjojoen Toolbar - {49cff400-872b-40fa-8e35-b7a426e596fd} - C:\Program Files\moviesjojoen\tbmov1.dll
O2 - BHO: Hunt TB Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbiso1.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: moviesjojoen Toolbar - {49cff400-872b-40fa-8e35-b7a426e596fd} - C:\Program Files\moviesjojoen\tbmov1.dll
O3 - Toolbar: Hunt TB Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbiso1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Administrator\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1275057561031
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8410 bytes

And the malware


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/13/2010 9:12:14 AM
mbam-log-2010-07-13 (09-12-14).txt

Scan type: Quick scan
Objects scanned: 108831
Time elapsed: 5 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
And my combofix

ComboFix 10-07-12.06 - Administrator 07/13/2010 9:27.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.197 [GMT -7:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2010-06-13 to 2010-07-13 )))))))))))))))))))))))))))))))
.

2010-07-13 15:56 . 2010-07-13 15:56 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-13 15:56 . 2010-07-13 15:56 -------- d-----w- c:\program files\Trend Micro
2010-07-13 12:27 . 2010-02-26 23:51 6870864 ---ha-w- c:\documents and settings\Administrator\Application Data\mjusbsp\in00000\setup.exe
2010-07-13 12:26 . 2010-02-26 23:45 743872 ---ha-w- c:\documents and settings\Administrator\Application Data\mjusbsp\ar00000\install.exe
2010-07-13 05:13 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-13 05:13 . 2010-07-13 05:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-13 05:13 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-13 04:51 . 2010-07-13 04:51 -------- d-----w- c:\program files\CCleaner
2010-07-13 03:24 . 2010-07-13 04:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-13 03:24 . 2010-07-13 04:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-13 01:36 . 2010-07-13 01:38 -------- d-----w- C:\Win7
2010-07-13 01:33 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-13 01:10 . 2010-07-13 01:11 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-07-13 00:57 . 2001-08-17 19:19 3712 -c--a-w- c:\windows\system32\dllcache\ctljystk.sys
2010-07-13 00:57 . 2001-08-17 19:19 3712 ----a-w- c:\windows\system32\drivers\ctljystk.sys
2010-07-13 00:57 . 2008-04-14 07:15 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys
2010-07-13 00:57 . 2008-04-14 07:15 10624 ----a-w- c:\windows\system32\drivers\gameenum.sys
2010-07-13 00:56 . 2010-07-13 01:59 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-13 15:58 . 2010-05-28 14:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-07-13 12:28 . 2010-05-28 18:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\mjusbsp
2010-07-13 01:04 . 2010-05-28 06:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-01 17:37 . 2010-05-29 17:19 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-30 16:35 . 2010-05-30 16:35 -------- d-----w- c:\program files\SystemRequirementsLab
2010-05-30 16:35 . 2010-05-30 16:35 85504 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-05-30 16:35 . 2010-05-30 16:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab
2010-05-30 16:34 . 2010-05-30 16:34 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6896d611-n\msvcp71.dll
2010-05-30 16:34 . 2010-05-30 16:34 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6896d611-n\jmc.dll
2010-05-30 16:34 . 2010-05-30 16:34 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6896d611-n\msvcr71.dll
2010-05-30 16:34 . 2010-05-30 16:34 -------- d-----w- c:\program files\Common Files\Java
2010-05-30 16:34 . 2010-05-30 16:34 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3968d157-n\decora-sse.dll
2010-05-30 16:34 . 2010-05-30 16:34 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3968d157-n\decora-d3d.dll
2010-05-30 16:33 . 2010-05-30 16:34 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-30 16:33 . 2010-05-30 16:33 -------- d-----w- c:\program files\Java
2010-05-29 23:48 . 2010-05-29 23:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-29 23:47 . 2010-05-29 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-29 23:47 . 2010-05-29 23:47 -------- d-----w- c:\program files\7-Zip
2010-05-29 18:00 . 2010-05-29 18:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\Western Digital
2010-05-29 17:59 . 2010-05-29 17:59 -------- d-----w- c:\program files\Western Digital
2010-05-29 17:57 . 2010-05-28 06:48 -------- d-----w- c:\program files\isoHunt
2010-05-29 16:55 . 2010-05-28 06:12 12328 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-29 11:23 . 2010-05-29 11:23 -------- d-----w- c:\program files\MSBuild
2010-05-29 10:22 . 2010-05-28 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-05-28 16:41 . 2010-05-28 06:06 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-28 15:43 . 2010-05-28 15:43 -------- d-----w- c:\program files\VCOM
2010-05-28 15:43 . 2010-05-28 14:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-28 15:41 . 2010-05-28 14:58 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-28 15:38 . 2010-05-28 07:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\uniblue
2010-05-28 15:37 . 2010-05-28 07:01 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2010-05-28 15:31 . 2010-05-28 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-28 15:31 . 2010-05-28 15:17 -------- d-----w- c:\program files\Yahoo!
2010-05-28 15:30 . 2010-05-28 15:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yahoo!
2010-05-28 15:24 . 2010-05-28 15:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\MySpace
2010-05-28 15:24 . 2010-05-28 15:24 -------- d-----w- c:\program files\MySpace
2010-05-28 15:22 . 2010-05-28 15:19 7631232 ----a-w- c:\documents and settings\Administrator\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.823.0-static-A.exe
2010-05-28 15:22 . 2010-05-28 15:22 0 ----a-w- c:\windows\nsreg.dat
2010-05-28 15:07 . 2010-05-28 15:02 45568 ----a-w- c:\windows\system32\drivers\bcm4sbxp.sys
2010-05-28 15:07 . 2010-05-28 15:07 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-05-28 15:07 . 2010-05-28 15:07 130432 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys
2010-05-28 15:04 . 2010-05-28 14:54 -------- d-----w- c:\program files\Driver Checker
2010-05-28 15:02 . 2010-05-28 15:02 -------- d-----w- c:\program files\Broadcom
2010-05-28 14:59 . 2010-05-28 14:58 -------- d-----w- c:\program files\Analog Devices
2010-05-28 14:49 . 2010-05-28 14:49 -------- d-----w- c:\program files\uTorrent
2010-05-28 11:53 . 2010-05-28 11:53 1956808 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-05-28 07:25 . 2010-05-28 07:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Western Digital
2010-05-28 07:15 . 2010-05-28 07:03 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-28 07:09 . 2010-05-28 06:39 -------- d-----w- c:\program files\Google
2010-05-28 06:59 . 2010-05-28 06:59 -------- d-----w- c:\program files\Reference Assemblies
2010-05-28 06:45 . 2010-05-28 06:45 -------- d-----w- c:\program files\moviesjojoen
2010-05-28 06:45 . 2010-05-28 06:45 -------- d-----w- c:\program files\Conduit
2010-05-28 06:08 . 2010-05-28 06:08 -------- d-----w- c:\program files\microsoft frontpage
2010-05-28 06:04 . 2010-05-28 06:04 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-05-06 10:41 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2008-04-14 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 23:45 . 2010-05-28 15:29 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2010-04-20 05:30 . 2008-04-14 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{49cff400-872b-40fa-8e35-b7a426e596fd}"= "c:\program files\moviesjojoen\tbmov1.dll" [2010-07-13 2515552]
"{a6e4a4eb-d169-4e99-8988-250fcbafe767}"= "c:\program files\isoHunt\tbiso1.dll" [2010-07-13 2515552]

[HKEY_CLASSES_ROOT\clsid\{49cff400-872b-40fa-8e35-b7a426e596fd}]

[HKEY_CLASSES_ROOT\clsid\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{49cff400-872b-40fa-8e35-b7a426e596fd}]
2010-07-13 12:34 2515552 ----a-w- c:\program files\moviesjojoen\tbmov1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]
2010-07-13 12:34 2515552 ----a-w- c:\program files\isoHunt\tbiso1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{49cff400-872b-40fa-8e35-b7a426e596fd}"= "c:\program files\moviesjojoen\tbmov1.dll" [2010-07-13 2515552]
"{a6e4a4eb-d169-4e99-8988-250fcbafe767}"= "c:\program files\isoHunt\tbiso1.dll" [2010-07-13 2515552]

[HKEY_CLASSES_ROOT\clsid\{49cff400-872b-40fa-8e35-b7a426e596fd}]

[HKEY_CLASSES_ROOT\clsid\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{49CFF400-872B-40FA-8E35-B7A426E596FD}"= "c:\program files\moviesjojoen\tbmov1.dll" [2010-07-13 2515552]
"{A6E4A4EB-D169-4E99-8988-250FCBAFE767}"= "c:\program files\isoHunt\tbiso1.dll" [2010-07-13 2515552]

[HKEY_CLASSES_ROOT\clsid\{49cff400-872b-40fa-8e35-b7a426e596fd}]

[HKEY_CLASSES_ROOT\clsid\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-04-29 5248312]
"cdloader"="c:\documents and settings\Administrator\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-28 202256]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-12-01 6373376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-2-26 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-2-26 9136960]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\progra~1\VCOM\Partition Commander 10 Professional\bluescrn\bluescrn.exe\0\0e???????????\0\0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R0 hotcore2;hotcore2;c:\windows\system32\drivers\hotcore2.sys [5/28/2010 8:43 AM 30808]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/12/2010 10:13 PM 304464]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2/26/2010 8:58 AM 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 8:58 AM 20480]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/12/2010 10:13 PM 20952]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/28/2010 12:09 AM 136176]
S3 BioNT_BS;BioNT_BS;c:\program files\VCOM\Partition Commander 10 Professional\BlueScrn\biont_bs.sys [5/28/2010 8:43 AM 10028]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/29/2010 11:00 AM 11520]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMSERVICE
*Deregistered* - MBAMSwissArmy
.
Contents of the 'Scheduled Tasks' folder

2010-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 07:08]

2010-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 07:08]

2010-07-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 04:40]

2010-07-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-1897051121-1606980848-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-07-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-1897051121-1606980848-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9nzgm0nc.default\
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-13 09:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1708537768-1897051121-1606980848-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,06,ab,72,09,94,8d,b7,41,ad,3c,ac,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,06,ab,72,09,94,8d,b7,41,ad,3c,ac,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3928)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-07-13 09:36:25
ComboFix-quarantined-files.txt 2010-07-13 16:36

Pre-Run: 16,573,206,528 bytes free
Post-Run: 16,582,934,528 bytes free

- - End Of File - - 48009DA3C73C1808E01A0F07C1B0E9EF
 
Your malwarebytes definitions are way outdated. The latest version is 4309 and you are running 4052. Open malwarebytes and click on the update tab, then click on check for updates. Then rerun a quickscan and post new logs.

You have a few infections besides an infected hosts file.
 
i'd guess it was spyware, Yeah I would try FF too, or Opera, see what happens then.
Most likely you got one of those BS toolbars and its redirecting you
 
Ok here is everything. I put it into safe mode and ran everything including superantispyware. Plus i made sure everything was up to date. Thanks for the replies :)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:27:17 PM, on 7/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Hunt TB Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbiso1.dll
O1 - Hosts: 89.149.249.195 www.google.com
O1 - Hosts: 89.149.249.195 www.google.de
O1 - Hosts: 89.149.249.195 www.google.fr
O1 - Hosts: 89.149.249.195 www.google.co.uk
O1 - Hosts: 89.149.249.195 www.google.com.br
O1 - Hosts: 89.149.249.195 www.google.it
O1 - Hosts: 89.149.249.195 www.google.es
O1 - Hosts: 89.149.249.195 www.google.co.jp
O1 - Hosts: 89.149.249.195 www.google.com.mx
O1 - Hosts: 89.149.249.195 www.google.ca
O1 - Hosts: 89.149.249.195 www.google.com.au
O1 - Hosts: 89.149.249.195 www.google.nl
O1 - Hosts: 89.149.249.195 www.google.co.za
O1 - Hosts: 89.149.249.195 www.google.be
O1 - Hosts: 89.149.249.195 www.google.gr
O1 - Hosts: 89.149.249.195 www.google.at
O1 - Hosts: 89.149.249.195 www.google.se
O1 - Hosts: 89.149.249.195 www.google.ch
O1 - Hosts: 89.149.249.195 www.google.pt
O1 - Hosts: 89.149.249.195 www.google.dk
O1 - Hosts: 89.149.249.195 www.google.fi
O1 - Hosts: 89.149.249.195 www.google.ie
O1 - Hosts: 89.149.249.195 www.google.no
O1 - Hosts: 89.149.249.195 search.yahoo.com
O1 - Hosts: 89.149.249.195 us.search.yahoo.com
O1 - Hosts: 89.149.249.195 uk.search.yahoo.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Hunt TB Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbiso1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Hunt TB Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbiso1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Administrator\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1275057561031
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 6847 bytes

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4309

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

7/13/2010 2:12:36 PM
mbam-log-2010-07-13 (14-12-36).txt

Scan type: Quick scan
Objects scanned: 117640
Time elapsed: 7 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
ComboFix 10-07-12.06 - Administrator 07/13/2010 14:16:41.2.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.329 [GMT -7:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2010-06-13 to 2010-07-13 )))))))))))))))))))))))))))))))
.

2010-07-13 20:28 . 2010-07-13 20:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Intuit
2010-07-13 20:28 . 2010-07-13 20:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intuit
2010-07-13 20:22 . 2010-07-13 20:22 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2010-07-13 20:16 . 2010-07-13 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2010-07-13 20:16 . 2010-07-13 20:19 -------- d-----w- c:\program files\Common Files\Intuit
2010-07-13 20:12 . 2010-07-13 20:12 -------- d-----w- c:\program files\TurboTax
2010-07-13 20:10 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-07-13 19:24 . 2010-02-26 23:51 6870864 ---ha-w- c:\documents and settings\Administrator\Application Data\mjusbsp\in00000\setup.exe
2010-07-13 18:00 . 2010-07-13 18:00 63488 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-13 18:00 . 2010-07-13 18:00 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-13 18:00 . 2010-07-13 18:00 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-13 17:59 . 2010-07-13 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-13 17:59 . 2010-07-13 17:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-07-13 17:58 . 2010-07-13 17:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-13 15:56 . 2010-07-13 15:56 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-13 15:56 . 2010-07-13 15:56 -------- d-----w- c:\program files\Trend Micro
2010-07-13 12:26 . 2010-02-26 23:45 743872 ---ha-w- c:\documents and settings\Administrator\Application Data\mjusbsp\ar00000\install.exe
2010-07-13 05:13 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-13 05:13 . 2010-07-13 05:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-13 05:13 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-13 04:51 . 2010-07-13 04:51 -------- d-----w- c:\program files\CCleaner
2010-07-13 03:24 . 2010-07-13 04:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-13 03:24 . 2010-07-13 04:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-13 01:36 . 2010-07-13 01:38 -------- d-----w- C:\Win7
2010-07-13 01:33 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-13 01:10 . 2010-07-13 01:11 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-07-13 00:57 . 2001-08-17 19:19 3712 -c--a-w- c:\windows\system32\dllcache\ctljystk.sys
2010-07-13 00:57 . 2001-08-17 19:19 3712 ----a-w- c:\windows\system32\drivers\ctljystk.sys
2010-07-13 00:57 . 2008-04-14 07:15 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys
2010-07-13 00:57 . 2008-04-14 07:15 10624 ----a-w- c:\windows\system32\drivers\gameenum.sys
2010-07-13 00:56 . 2010-07-13 01:59 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-13 20:28 . 2010-05-28 06:12 14872 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-13 19:25 . 2010-05-28 18:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\mjusbsp
2010-07-13 16:47 . 2010-05-28 06:39 -------- d-----w- c:\program files\Google
2010-07-13 15:58 . 2010-05-28 14:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-07-13 01:04 . 2010-05-28 06:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-01 17:37 . 2010-05-29 17:19 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-30 16:35 . 2010-05-30 16:35 -------- d-----w- c:\program files\SystemRequirementsLab
2010-05-30 16:35 . 2010-05-30 16:35 85504 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-05-30 16:35 . 2010-05-30 16:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab
2010-05-30 16:34 . 2010-05-30 16:34 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6896d611-n\msvcp71.dll
2010-05-30 16:34 . 2010-05-30 16:34 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6896d611-n\jmc.dll
2010-05-30 16:34 . 2010-05-30 16:34 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6896d611-n\msvcr71.dll
2010-05-30 16:34 . 2010-05-30 16:34 -------- d-----w- c:\program files\Common Files\Java
2010-05-30 16:34 . 2010-05-30 16:34 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3968d157-n\decora-sse.dll
2010-05-30 16:34 . 2010-05-30 16:34 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3968d157-n\decora-d3d.dll
2010-05-30 16:33 . 2010-05-30 16:34 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-30 16:33 . 2010-05-30 16:33 -------- d-----w- c:\program files\Java
2010-05-29 23:48 . 2010-05-29 23:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-29 23:47 . 2010-05-29 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-29 23:47 . 2010-05-29 23:47 -------- d-----w- c:\program files\7-Zip
2010-05-29 18:00 . 2010-05-29 18:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\Western Digital
2010-05-29 17:59 . 2010-05-29 17:59 -------- d-----w- c:\program files\Western Digital
2010-05-29 17:57 . 2010-05-28 06:48 -------- d-----w- c:\program files\isoHunt
2010-05-29 11:23 . 2010-05-29 11:23 -------- d-----w- c:\program files\MSBuild
2010-05-29 10:22 . 2010-05-28 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-05-28 16:41 . 2010-05-28 06:06 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-28 15:43 . 2010-05-28 15:43 -------- d-----w- c:\program files\VCOM
2010-05-28 15:43 . 2010-05-28 14:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-28 15:41 . 2010-05-28 14:58 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-28 15:38 . 2010-05-28 07:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\uniblue
2010-05-28 15:37 . 2010-05-28 07:01 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2010-05-28 15:31 . 2010-05-28 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-28 15:31 . 2010-05-28 15:17 -------- d-----w- c:\program files\Yahoo!
2010-05-28 15:30 . 2010-05-28 15:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yahoo!
2010-05-28 15:24 . 2010-05-28 15:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\MySpace
2010-05-28 15:24 . 2010-05-28 15:24 -------- d-----w- c:\program files\MySpace
2010-05-28 15:22 . 2010-05-28 15:19 7631232 ----a-w- c:\documents and settings\Administrator\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.823.0-static-A.exe
2010-05-28 15:22 . 2010-05-28 15:22 0 ----a-w- c:\windows\nsreg.dat
2010-05-28 15:07 . 2010-05-28 15:02 45568 ----a-w- c:\windows\system32\drivers\bcm4sbxp.sys
2010-05-28 15:07 . 2010-05-28 15:07 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-05-28 15:07 . 2010-05-28 15:07 130432 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys
2010-05-28 15:04 . 2010-05-28 14:54 -------- d-----w- c:\program files\Driver Checker
2010-05-28 15:02 . 2010-05-28 15:02 -------- d-----w- c:\program files\Broadcom
2010-05-28 14:59 . 2010-05-28 14:58 -------- d-----w- c:\program files\Analog Devices
2010-05-28 14:49 . 2010-05-28 14:49 -------- d-----w- c:\program files\uTorrent
2010-05-28 11:53 . 2010-05-28 11:53 1956808 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-05-28 07:25 . 2010-05-28 07:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Western Digital
2010-05-28 07:15 . 2010-05-28 07:03 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-28 06:59 . 2010-05-28 06:59 -------- d-----w- c:\program files\Reference Assemblies
2010-05-28 06:45 . 2010-05-28 06:45 -------- d-----w- c:\program files\Conduit
2010-05-28 06:08 . 2010-05-28 06:08 -------- d-----w- c:\program files\microsoft frontpage
2010-05-28 06:04 . 2010-05-28 06:04 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-05-06 10:41 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2008-04-14 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 23:45 . 2010-05-28 15:29 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2010-04-20 05:30 . 2008-04-14 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-07-13_16.33.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-13 20:35 . 2010-07-13 20:35 44832 c:\windows\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_2.1.72.22_x-ww_c5eae641\Intuit.Spc.Esd.WinClient.Application.Update.exe
+ 2010-07-13 20:35 . 2010-07-13 20:35 40224 c:\windows\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_2.1.72.22_x-ww_a742e49\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2.exe
+ 2009-05-27 01:33 . 2009-05-27 01:33 18944 c:\windows\Installer\43b7ae.msp
+ 2009-03-20 02:35 . 2009-03-20 02:35 76288 c:\windows\Installer\43b7a7.msp
+ 2010-07-13 20:21 . 2010-07-13 20:21 20992 c:\windows\Installer\32c6ce.msi
+ 2010-07-13 20:21 . 2010-07-13 20:21 52736 c:\windows\Installer\32c6ca.msi
+ 2010-07-13 20:21 . 2010-07-13 20:21 61440 c:\windows\Installer\32c6c6.msi
+ 2010-07-13 20:20 . 2010-07-13 20:20 32256 c:\windows\Installer\32c6c2.msi
+ 2010-07-13 20:16 . 2010-07-13 20:16 22528 c:\windows\Installer\32c6ba.msi
+ 2010-07-13 20:18 . 2010-07-13 20:18 44320 c:\windows\assembly\temp\KTY49FLRX2\Intuit.Spc.Esd.WinClient.Application.Update.exe
+ 2010-07-13 20:18 . 2010-07-13 20:18 54560 c:\windows\assembly\temp\JRX3AGMRW2\Intuit.Spc.Esd.Client.DataAccess.XmlSerializers.dll
+ 2010-07-13 20:18 . 2010-07-13 20:18 72480 c:\windows\assembly\temp\5CINTY49FL\Intuit.Spc.Esd.Client.Common.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 57344 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Oip.Messaging.Client.ExternalApi\2.1.2.4__540d4816ead86321\Intuit.Spc.Oip.Messaging.Client.ExternalApi.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 16384 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.SharedUIToolkit\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.SharedUIToolkit.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 86016 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Core\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Core.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 47104 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.3rdParty.ObjectBuilder\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.3rdParty.ObjectBuilder.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 53248 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.3rdParty.MajesticHTMLParser\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.3rdParty.MajesticHTMLParser.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 45056 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.RestServices\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.RestServices.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 53248 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.Repository\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.Repository.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 69632 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.OrchestrationUtil\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.OrchestrationUtil.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 94208 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.Orchestration\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.Orchestration.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 45056 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.Installer\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.Installer.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 94208 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.DataAccessUtil\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.DataAccessUtil.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 53248 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.ClientUtil\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.ClientUtil.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 20480 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 45056 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Xml\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Xml.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 15360 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.VersionManager\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.VersionManager.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 65536 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Serialization\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Serialization.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 45056 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 65536 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 73728 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 10752 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.PortabilitySpecific30\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.PortabilitySpecific30.dll
+ 2010-07-13 20:35 . 2010-07-13 20:35 18720 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
+ 2010-07-13 20:35 . 2010-07-13 20:35 47392 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
+ 2010-07-13 20:18 . 2010-07-13 20:18 23840 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
+ 2010-07-13 20:18 . 2010-07-13 20:18 12064 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
+ 2010-07-13 20:35 . 2010-07-13 20:35 44832 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.Update.exe
+ 2010-07-13 20:35 . 2010-07-13 20:35 40224 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2.exe
+ 2010-07-13 20:35 . 2010-07-13 20:35 54560 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess.XmlSerializers\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.XmlSerializers.dll
+ 2010-07-13 20:35 . 2010-07-13 20:35 72992 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
+ 2010-07-13 20:18 . 2010-07-13 20:18 32768 c:\windows\assembly\GAC_MSIL\Iesi.Collections\1.0.0.3__aa95f207798dfdb4\Iesi.Collections.dll
+ 2010-07-13 20:18 . 2010-07-13 20:18 77824 c:\windows\assembly\GAC_MSIL\Castle.DynamicProxy\1.1.5.0__407dd0808d44fbdc\Castle.DynamicProxy.dll
+ 2010-07-13 20:18 . 2010-07-13 20:18 10240 c:\windows\assembly\GAC_MSIL\BackgroundCopyManager\1.0.0.0__9e3a83f3f863854b\BackgroundCopyManager.dll
+ 2010-07-13 20:18 . 2010-07-13 20:18 28672 c:\windows\assembly\GAC\Common.Logging\1.2.0.0__af08829b84f0328e\Common.Logging.dll
+ 2010-05-27 22:57 . 2010-07-13 21:03 101440 c:\windows\system32\FNTCACHE.DAT
+ 2009-05-27 01:32 . 2009-05-27 01:32 251904 c:\windows\Installer\43b7b9.msp
+ 2010-07-13 20:22 . 2010-07-13 20:22 201728 c:\windows\Installer\32c6d2.msi
+ 2010-07-13 20:35 . 2010-07-13 20:35 332552 c:\windows\Installer\{88214092-836F-4E22-A5AC-569AC9EE6A0F}\TurboTax.exe
+ 2010-07-13 20:18 . 2010-07-13 20:18 197920 c:\windows\assembly\temp\QY49FLRX3A\Intuit.Spc.Esd.Core.XmlSerializers.dll
+ 2010-07-13 20:18 . 2010-07-13 20:18 400672 c:\windows\assembly\temp\OV05AFKPV1\Intuit.Spc.Esd.WinClient.Api.Net.dll
+ 2010-07-13 20:18 . 2010-07-13 20:18 217376 c:\windows\assembly\temp\JQV17DJPUZ\Intuit.Spc.Esd.Core.dll
+ 2010-07-13 20:18 . 2010-07-13 20:19 341792 c:\windows\assembly\temp\CKPUZ49EKQ\Intuit.Spc.Esd.WinClient.Application.UX.dll
+ 2010-07-13 20:18 . 2010-07-13 20:18 130848 c:\windows\assembly\temp\AIOTY39FKQ\Intuit.Spc.Esd.Client.BusinessLogic.dll
+ 2010-07-13 20:18 . 2010-07-13 20:18 120608 c:\windows\assembly\temp\5CHMRW28DJ\Intuit.Spc.Esd.Client.DataAccess.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 602112 c:\windows\assembly\GAC_MSIL\Spring.Core\1.1.0.2__65e474d141e25e07\Spring.Core.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 143360 c:\windows\assembly\GAC_MSIL\Spring.Aop\1.1.0.2__65e474d141e25e07\Spring.Aop.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 884736 c:\windows\assembly\GAC_MSIL\Microsoft.Web.Services3\3.0.0.0__31bf3856ad364e35\Microsoft.Web.Services3.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 270336 c:\windows\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 221184 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Oip.Messaging.Client.Protocol\2.1.2.4__540d4816ead86321\Intuit.Spc.Oip.Messaging.Client.Protocol.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 114688 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Oip.Messaging.Client.Core\2.1.2.4__540d4816ead86321\Intuit.Spc.Oip.Messaging.Client.Core.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 108544 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Search\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Search.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 471040 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 162816 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Core.Plugin\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Core.Plugin.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 176128 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.3rdParty.SharpZipLib\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.3rdParty.SharpZipLib.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 397312 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.3rdParty.Lucene\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.3rdParty.Lucene.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 106496 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.Provider.PreferencesSpecific\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.Provider.PreferencesSpecific.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 217088 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.DataAccess\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.DataAccess.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 651264 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.DataAccess.Entity\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.DataAccess.Entity.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 458752 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 106496 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Component\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Component.dll
+ 2010-07-13 20:35 . 2010-07-13 20:35 342304 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UX\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UX.dll
+ 2010-07-13 20:35 . 2010-07-13 20:35 402208 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
+ 2010-07-13 20:35 . 2010-07-13 20:35 238368 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll
+ 2010-07-13 20:35 . 2010-07-13 20:35 202016 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Core.XmlSerializers\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.XmlSerializers.dll
+ 2010-07-13 20:35 . 2010-07-13 20:35 120608 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
+ 2010-07-13 20:35 . 2010-07-13 20:35 130848 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
+ 2010-07-13 20:18 . 2010-07-13 20:18 106496 c:\windows\assembly\GAC_MSIL\antlr.runtime\2.7.6.2__65e474d141e25e07\antlr.runtime.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 755712 c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.DLL
+ 2008-05-09 14:25 . 2008-05-09 14:25 1721712 c:\windows\system32\InetClnt.dll
+ 2009-05-27 01:30 . 2009-05-27 01:30 4838912 c:\windows\Installer\43bba8.msp
+ 2009-05-27 01:31 . 2009-05-27 01:31 5272576 c:\windows\Installer\43ba88.msp
+ 2009-07-09 21:25 . 2009-07-09 21:25 3554816 c:\windows\Installer\43b790.msp
+ 2010-07-13 20:19 . 2010-07-13 20:19 2230272 c:\windows\Installer\32c6be.msi
+ 2010-07-13 20:19 . 2010-07-13 20:19 1085440 c:\windows\assembly\GAC_MSIL\NHibernate\1.2.0.4000__aa95f207798dfdb4\NHibernate.dll
+ 2010-07-13 20:19 . 2010-07-13 20:19 1058304 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
.
-- Snapshot reset to current date --
.
 
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a6e4a4eb-d169-4e99-8988-250fcbafe767}"= "c:\program files\isoHunt\tbiso1.dll" [2010-07-13 2515552]

[HKEY_CLASSES_ROOT\clsid\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]
2010-07-13 12:34 2515552 ----a-w- c:\program files\isoHunt\tbiso1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a6e4a4eb-d169-4e99-8988-250fcbafe767}"= "c:\program files\isoHunt\tbiso1.dll" [2010-07-13 2515552]

[HKEY_CLASSES_ROOT\clsid\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A6E4A4EB-D169-4E99-8988-250FCBAFE767}"= "c:\program files\isoHunt\tbiso1.dll" [2010-07-13 2515552]

[HKEY_CLASSES_ROOT\clsid\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-04-29 5248312]
"cdloader"="c:\documents and settings\Administrator\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-28 202256]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-12-01 6373376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-2-26 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-2-26 9136960]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\progra~1\VCOM\Partition Commander 10 Professional\bluescrn\bluescrn.exe\0\0e???????????\0\0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\mjusbsp\\magicJack.exe"=

R0 hotcore2;hotcore2;c:\windows\system32\drivers\hotcore2.sys [5/28/2010 8:43 AM 30808]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/28/2010 12:09 AM 136176]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/12/2010 10:13 PM 304464]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2/26/2010 8:58 AM 110592]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 8:58 AM 20480]
S3 BioNT_BS;BioNT_BS;c:\program files\VCOM\Partition Commander 10 Professional\BlueScrn\biont_bs.sys [5/28/2010 8:43 AM 10028]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/12/2010 10:13 PM 20952]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/29/2010 11:00 AM 11520]
.
Contents of the 'Scheduled Tasks' folder

2010-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 07:08]

2010-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 07:08]

2010-07-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 04:40]

2010-07-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-1897051121-1606980848-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-07-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-1897051121-1606980848-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9nzgm0nc.default\
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-13 14:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1708537768-1897051121-1606980848-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,06,ab,72,09,94,8d,b7,41,ad,3c,ac,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,06,ab,72,09,94,8d,b7,41,ad,3c,ac,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(220)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\l3codeca.acm

- - - - - - - > 'explorer.exe'(1604)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\l3codeca.acm
.
Completion time: 2010-07-13 14:26:02
ComboFix-quarantined-files.txt 2010-07-13 21:26
ComboFix2.txt 2010-07-13 16:36

Pre-Run: 15,627,567,104 bytes free
Post-Run: 15,728,848,896 bytes free

- - End Of File - - 65D2D670DD9AEFD149EC90B5B8247CD3
 
Ok. see if you can actually have hijackthis fix these entries, sometimes it won't.

Rerun hijackthis and place checks next to the following entries.

O1 - Hosts: 89.149.249.195 www.google.com
O1 - Hosts: 89.149.249.195 www.google.de
O1 - Hosts: 89.149.249.195 www.google.fr
O1 - Hosts: 89.149.249.195 www.google.co.uk
O1 - Hosts: 89.149.249.195 www.google.com.br
O1 - Hosts: 89.149.249.195 www.google.it
O1 - Hosts: 89.149.249.195 www.google.es
O1 - Hosts: 89.149.249.195 www.google.co.jp
O1 - Hosts: 89.149.249.195 www.google.com.mx
O1 - Hosts: 89.149.249.195 www.google.ca
O1 - Hosts: 89.149.249.195 www.google.com.au
O1 - Hosts: 89.149.249.195 www.google.nl
O1 - Hosts: 89.149.249.195 www.google.co.za
O1 - Hosts: 89.149.249.195 www.google.be
O1 - Hosts: 89.149.249.195 www.google.gr
O1 - Hosts: 89.149.249.195 www.google.at
O1 - Hosts: 89.149.249.195 www.google.se
O1 - Hosts: 89.149.249.195 www.google.ch
O1 - Hosts: 89.149.249.195 www.google.pt
O1 - Hosts: 89.149.249.195 www.google.dk
O1 - Hosts: 89.149.249.195 www.google.fi
O1 - Hosts: 89.149.249.195 www.google.ie
O1 - Hosts: 89.149.249.195 www.google.no
O1 - Hosts: 89.149.249.195 search.yahoo.com
O1 - Hosts: 89.149.249.195 us.search.yahoo.com
O1 - Hosts: 89.149.249.195 uk.search.yahoo.com

Then click on fix checked at the bottom.

Reboot the computer and then post a fresh hijackthis log.
 
Hey that worked! I am no longer being redirected. Thanks a lot! Heres my hijack anyways


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:47:26 PM, on 7/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Application Data\mjusbsp\magicJack.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Hunt TB Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbiso1.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Hunt TB Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbiso1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Hunt TB Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbiso1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Administrator\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1275057561031
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 6840 bytes

Thanks again to everyone for their help
 
Thats good.

However, in your logs I have seen that you are running isohunt and utorrent and possible othe p2p file sharing software. This is most likely how you are getting infected. I highly recommend discontinue using it and get things legally or you will end up in this situation or something bigger again.
 
This isn't my computer! Haha. But really this is my friends dads comp. I was just helping him out. I will tell him what you said though
 
You must log in or register to reply here.
Back
Top