[Killazys]

This is a very new computer (came to my friend's house a few days ago) and it recently began acting strangely: browsers would redirect to an "error" page when anything with *google* in it was typed in. Before, by simply changing the browser, the problem could be solved but now it happens everywhere. I am currently scanning with Panda ActiveScan and it's found 6 things so far; I will post back with information when it is done. Here is an HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:36 AM, on 2/25/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Windows\vVX3000.exe
C:\Program Files (x86)\AIM6\aim6.exe
C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AIM6\aolsoftware.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\ooVoo\ooVoo.exe
C:\Users\Administrator\temp\TeamViewer\Version4\TeamViewer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Administrator\Documents\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PCMService] "C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Google Update] "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MI1933~1\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Unknown owner - C:\Windows\system32\AERTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\MapleStory\npkcmsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\vistasrv.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9298 bytes

[Killazys]

Here is a PandaScan log, the computer is unable to connect through the AIM program to AIM (but can connect through services such as meebo) as well as the Google thing:

;************************************************************************** *************************************************************************** ******************************
ANALYSIS: 2009-02-25 23:06:33
PROTECTIONS: 1
MALWARE: 10
SUSPECTS: 4
;************************************************************************** *************************************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;========================================================================== =========================================================================== ==============================
Windows Defender 1.1.1505.0 No Yes
;========================================================================== =========================================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;========================================================================== =========================================================================== ==============================
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administra tor@atdmt[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No F:\winnie\Documents and Settings\Winnie Lau\Cookies\winnie_lau@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No F:\winnie\Documents and Settings\Winnieee\Application Data\Mozilla\Firefox\Profiles\0xko194k.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No F:\winnie\Documents and Settings\Winnie Lau\Cookies\winnie_lau@apmebf[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No F:\winnie\LOSTFILE\DIR33\_228_d8bfa0aa5d4054a30f324d5b2d306e00
00169190 Cookie/Advertising TrackingCookie No 0 Yes No F:\winnie\Documents and Settings\Winnieee\Application Data\Mozilla\Firefox\Profiles\0xko194k.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No F:\winnie\Documents and Settings\Winnieee\Application Data\Mozilla\Firefox\Profiles\0xko194k.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No F:\winnie\LOSTFILE\DIR23\_13_ea72e7b24a4a93ad1dc0f52cc19ccd13
00169190 Cookie/Advertising TrackingCookie No 0 Yes No F:\winnie\Documents and Settings\Winnieee\Application Data\Mozilla\Firefox\Profiles\0xko194k.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No F:\winnie\Documents and Settings\Winnieee\Application Data\Mozilla\Firefox\Profiles\0xko194k.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No F:\winnie\Documents and Settings\Winnieee\Application Data\Mozilla\Firefox\Profiles\0xko194k.default\cookies.txt[.advertising.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administra tor@ads.pointroll[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administra tor@questionmarket[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No F:\winnie\Documents and Settings\Winnieee\Application Data\Mozilla\Firefox\Profiles\0xko194k.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No F:\winnie\Documents and Settings\Winnieee\Cookies\winnieee@go[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administra tor@atwola[1].txt
00278769 Application/PRScheduler HackTools No 0 Yes No F:\winnie\Documents and Settings\Winnie Lau\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe
00278769 Application/PRScheduler HackTools No 0 Yes No F:\winnie\Documents and Settings\Winnie Lau\Start Menu\Programs\Startup\PowerReg Scheduler.exe
03666291 Spyware/MarketScore Spyware No 1 No No F:\winnie\Documents and Settings\Winnie Lau\Application Data\Mozilla\Firefox\Profiles\90dqoe4s.default\extensions\{32c1ae0f-a1ed-4128-b922-7e83a47d79b7}\prinstaller.msi[unk_0022][prmrsr]
03703215 Spyware/MarketScore Spyware No 1 No No F:\winnie\Documents and Settings\Winnie Lau\Application Data\Mozilla\Firefox\Profiles\90dqoe4s.default\extensions\{32c1ae0f-a1ed-4128-b922-7e83a47d79b7}\prinstaller.msi[unk_0022][prls]
;========================================================================== =========================================================================== ==============================
SUSPECTS
Sent Location yW�F��) 39
;========================================================================== =========================================================================== ==============================
No F:\winnie\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll yW�F��) 39
No F:\winnie\Documents and Settings\Winnie Lau\My Documents\Azureus Downloads\SVM Studio 9.0a Build 85\SVM Studio 9.0a Build 85.part1.rar[SVM Studio 9.0a Build 85\Patch\patch.exe]
No F:\winnie\Documents and Settings\Winnie Lau\My Documents\Azureus Downloads\SVM Studio 9.0a Build 85\SVM Studio 9.0a Build 85\SVM Studio 9.0a Build 85\Patch\patch.exe
No F:\winnie\Documents and Settings\Winnie Lau\My Documents\Azureus Downloads\Particle Illusion 3.01a\pIllusion 3.01a.rar[pIllusion 3.01a\Particle_Illusion_v3.0.1A_Update_CRACKED\pIllusionRender.exe]
;========================================================================== =========================================================================== ==============================
VULNERABILITIES
Id Severity Description yW�F��) 39

;========================================================================== =========================================================================== ==============================
;========================================================================== =========================================================================== ==============================

[Killazys]

bump?