Whenever I try to use Yahoo! with Chrome, I get redirected to a site about thebflix.info. I do not have this problem when I use Safari. Malwarebyte didn't find the virus and neither did Zone Alarm.
Thanks
Matt
GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-06-11 16:49:49
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GT00 596.17GB
Running: gmer.exe; Driver: C:\Users\dresbamr\AppData\Local\Temp\fwtoipow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1360] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1360] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe[2748] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe[2748] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4028] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4028] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
.text ... * 2
.text C:\Users\dresbamr\AppData\Roaming\Google\Google Talk\googletalk.exe[4468] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
.text C:\Users\dresbamr\AppData\Roaming\Google\Google Talk\googletalk.exe[4468] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
.text ... * 2
.text C:\Users\dresbamr\AppData\Roaming\SearchProtect\bin\cltmng.exe[4516] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
.text C:\Users\dresbamr\AppData\Roaming\SearchProtect\bin\cltmng.exe[4516] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
.text ... * 2
.text C:\Users\dresbamr\AppData\Roaming\Dropbox\bin\Dropbox.exe[4616] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
.text C:\Users\dresbamr\AppData\Roaming\Dropbox\bin\Dropbox.exe[4616] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
.text ... * 2
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4924] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4924] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{4F899CEE-D810-40A0-BFF3-2626EC39F72F}\Connection@Name isatap.{FAA8BD7C-876E-4A8C-ABE3-8EF597F3175D}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{4F899CEE-D810-40A0-BFF3-2626EC39F72F}?\Device\{FAF16281-B077-4498-9F0D-AD1E466BB9B2}?\Device\{E02C720B-7FDC-440E-84C6-8A3A750C2BD1}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{4F899CEE-D810-40A0-BFF3-2626EC39F72F}"?"{FAF16281-B077-4498-9F0D-AD1E466BB9B2}"?"{E02C720B-7FDC-440E-84C6-8A3A750C2BD1}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{4F899CEE-D810-40A0-BFF3-2626EC39F72F}?\Device\TCPIP6TUNNEL_{FAF16281-B077-4498-9F0D-AD1E466BB9B2}?\Device\TCPIP6TUNNEL_{E02C720B-7FDC-440E-84C6-8A3A750C2BD1}?
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{4F899CEE-D810-40A0-BFF3-2626EC39F72F}@InterfaceName isatap.{FAA8BD7C-876E-4A8C-ABE3-8EF597F3175D}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{4F899CEE-D810-40A0-BFF3-2626EC39F72F}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{FAA8BD7C-876E-4A8C-ABE3-8EF597F3175D}@EnableDHCP 0
---- Files - GMER 2.1 ----
File C:\Windows\SoftwareDistribution\Download\2c3721345bbd91a1656f36aab80ab5ea 0 bytes
File C:\Windows\SoftwareDistribution\Download\2c3721345bbd91a1656f36aab80ab5ea\BIT5D72.tmp 0 bytes
File C:\Windows\SoftwareDistribution\Download\2c3721345bbd91a1656f36aab80ab5ea\cbshandler 0 bytes
File C:\Windows\SoftwareDistribution\Download\2c3721345bbd91a1656f36aab80ab5ea\cbshandler\state 12 bytes
---- EOF - GMER 2.1 ----
Thanks
Matt
GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-06-11 16:49:49
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GT00 596.17GB
Running: gmer.exe; Driver: C:\Users\dresbamr\AppData\Local\Temp\fwtoipow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1360] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1360] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe[2748] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe[2748] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4028] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4028] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
.text ... * 2
.text C:\Users\dresbamr\AppData\Roaming\Google\Google Talk\googletalk.exe[4468] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
.text C:\Users\dresbamr\AppData\Roaming\Google\Google Talk\googletalk.exe[4468] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
.text ... * 2
.text C:\Users\dresbamr\AppData\Roaming\SearchProtect\bin\cltmng.exe[4516] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
.text C:\Users\dresbamr\AppData\Roaming\SearchProtect\bin\cltmng.exe[4516] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
.text ... * 2
.text C:\Users\dresbamr\AppData\Roaming\Dropbox\bin\Dropbox.exe[4616] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
.text C:\Users\dresbamr\AppData\Roaming\Dropbox\bin\Dropbox.exe[4616] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
.text ... * 2
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4924] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4924] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{4F899CEE-D810-40A0-BFF3-2626EC39F72F}\Connection@Name isatap.{FAA8BD7C-876E-4A8C-ABE3-8EF597F3175D}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{4F899CEE-D810-40A0-BFF3-2626EC39F72F}?\Device\{FAF16281-B077-4498-9F0D-AD1E466BB9B2}?\Device\{E02C720B-7FDC-440E-84C6-8A3A750C2BD1}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{4F899CEE-D810-40A0-BFF3-2626EC39F72F}"?"{FAF16281-B077-4498-9F0D-AD1E466BB9B2}"?"{E02C720B-7FDC-440E-84C6-8A3A750C2BD1}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{4F899CEE-D810-40A0-BFF3-2626EC39F72F}?\Device\TCPIP6TUNNEL_{FAF16281-B077-4498-9F0D-AD1E466BB9B2}?\Device\TCPIP6TUNNEL_{E02C720B-7FDC-440E-84C6-8A3A750C2BD1}?
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{4F899CEE-D810-40A0-BFF3-2626EC39F72F}@InterfaceName isatap.{FAA8BD7C-876E-4A8C-ABE3-8EF597F3175D}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{4F899CEE-D810-40A0-BFF3-2626EC39F72F}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{FAA8BD7C-876E-4A8C-ABE3-8EF597F3175D}@EnableDHCP 0
---- Files - GMER 2.1 ----
File C:\Windows\SoftwareDistribution\Download\2c3721345bbd91a1656f36aab80ab5ea 0 bytes
File C:\Windows\SoftwareDistribution\Download\2c3721345bbd91a1656f36aab80ab5ea\BIT5D72.tmp 0 bytes
File C:\Windows\SoftwareDistribution\Download\2c3721345bbd91a1656f36aab80ab5ea\cbshandler 0 bytes
File C:\Windows\SoftwareDistribution\Download\2c3721345bbd91a1656f36aab80ab5ea\cbshandler\state 12 bytes
---- EOF - GMER 2.1 ----