Inactive [InActive] Google Redirect Progrlem - Hijack Log Included

Hello everybody. For the past few days now I've been having some trouble with Google.com. Whenever I click on a link, it sends me to a website that isn't the link I click on. If I back my browser out from it, nothing happends so I click on the arrow and select the google page that I searched on and it brings me back to the search results. I have no clue what is going on, but I would like for this problem to be resolved. Any help is appreciated, and thank you in advance. Below is my HijackThis Log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:43 PM, on 11/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\TEMP\tempo-893.tmp
C:\Documents and Settings\Owner\Desktop\Runescape.exe
C:\Documents and Settings\Owner\Desktop\Runescape.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdhpj.exe] C:\WINDOWS\system32\kdhpj.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JS...2/&filename=jinstall-6u10-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E05983BE-A335-4D25-9013-E0808BA94C71}: NameServer = 85.255.112.114;85.255.112.14
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA01F030-D55D-45CD-AA9B-1D5BA16F7B0F}: NameServer = 85.255.112.114;85.255.112.14
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Dynex Wireless G Enhanced Adapter Service (Dynex DX-WGPUSB WLService) - Unknown owner - C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

--
End of file - 5076 bytes


Could somebody tell me how to fix this problem? PLease and Thank You! =]

 

Please temporarily disable real-time protection applications as they sometimes interfere with running some of the programs needed to eradicate infections. Check the list in How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs for any programs you have.

~~~~
Next, download SmitfraudFix
Save to the Desktop
Right-click the file and select: Extract all…
Follow the prompts

~~~~
Boot to Safe Mode as follows:

• Restart the computer
• Before the Windows appears, tap F8
• The Windows XP Advanced Options menu appears
• Select the option for Safe Mode using the arrow keys.

Open SmitfraudFix

• Double-click smitfraudfix.cmd
• Select Option 2 - Clean by typing 2 and press Enter (Deletes infected files)
• You are prompted: Do you want to clean the registry? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.

The tool also checks if a relevant file, wininet.dll, is infected.
You may be prompted to replace the infected file (if found).
Replace infected file? Answer Y (yes) and hit Enter to restore a clean file.

Restart the computer to complete the removal process.

~~~~
Next, download Malwarebytes' Anti-Malware (MBAM)
Save the program to the Desktop
Close all Windows, including this one. (Print the instructions first)

On the Desktop, double-click mbam-setup.exe to install the program, and follow the prompts

• If an update is found, MBAM will download and install the latest.
• Click OK

At the main program window

• Make sure the following is checked: Perform Quick Scan
• Click: Scan (The scan may take some time to finish, so please be patient.)
• When the scan completes, a message box appears, click OK

At the main Scanner screen:

• Click on: Show Results
• A screen displaying the malware found shows
• Make sure everything found is checked, and click: Remove Selected
• When the disinfection is complete, you may be prompted to Restart. Please do so.
• When MBAM finishes removing the malware, a log opens in Notepad
• The log is automatically saved and can be viewed by clicking the Logs tab.

~~~~
Download Random's System Information Tool (RSIT)

• Save it to the Desktop
• Double click on RSIT.exe to run the programRSIT
• Click Continue at the disclaimer screen
• Once the tool finishes, two logs open. Log.txt is maximized , and info.txt is minimized.(The logs are also contained in C:\rsit

~~~~
Please provide the following in your reply:
The SmitFraudFix report located at C:\rapport.txt
The MBAM report
The RSIT: Log.txt and info.txt logs.


You may need to do consecutive posts (one after the other), if the logs are too long.