[Inactive] Can't remove Google redirect

jhenri23 · May 18, 2011

ComboFix 11-05-17.02 - Justin 05/18/2011 9:49.2.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.1018 [GMT -4:00]
Running from: c:\users\Justin\Downloads\ComboFix.exe
Command switches used :: c:\users\Justin\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\system32\drivers\klmdb.sys"
"c:\windows\system32\drivers\rbqqhnar.sys"
"c:\windows\system32\drivers\urswjtkg.sys"
"c:\windows\system32\drivers\vocgymoq.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\HPPDEVX.DLL.log
.
----- BITS: Possible infected sites -----
.
hxxp://updates.swarmcast.net
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_klmdb
-------\Service_rbqqhnar
-------\Service_urswjtkg
-------\Service_vocgymoq
.
.
((((((((((((((((((((((((( Files Created from 2011-04-18 to 2011-05-18 )))))))))))))))))))))))))))))))
.
.
2011-05-18 14:09 . 2011-05-18 14:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-18 13:43 . 2011-05-18 13:43 -------- d-----w- C:\32788R22FWJFW
2011-05-17 12:46 . 2011-04-18 13:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9314D409-C0EA-4B1F-AFF6-C578E881CD99}\mpengine.dll
2011-05-16 18:49 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-13 17:46 . 2011-05-13 17:46 -------- d-----w- c:\program files\CCleaner
2011-05-13 17:31 . 2011-05-13 17:31 -------- d-----w- C:\!KillBox
2011-05-13 16:37 . 2011-05-13 16:37 388096 ----a-r- c:\users\Justin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-13 16:30 . 2011-05-13 16:31 -------- d-----w- c:\program files\HJT
2011-05-12 18:40 . 2011-05-12 18:40 -------- d-----w- c:\users\Justin\AppData\Roaming\FixTDSS
2011-05-12 18:40 . 2011-05-12 18:42 20472 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2011-05-12 18:22 . 2008-11-06 06:03 -------- d-----w- C:\SDFix
2011-05-12 18:09 . 2011-05-12 18:09 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-05-12 14:45 . 2011-05-18 12:39 -------- dc----w- c:\users\Justin\AppData\Local\MigWiz
2011-05-11 12:43 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-11 12:43 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-04 13:57 . 2011-05-04 13:57 -------- d-----w- c:\program files\iPod
2011-05-04 13:57 . 2011-05-04 13:58 -------- d-----w- c:\program files\iTunes
2011-05-04 13:52 . 2011-05-04 13:52 -------- d-----w- c:\program files\Bonjour
2011-04-27 17:50 . 2011-02-18 05:39 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-27 17:50 . 2011-03-11 05:39 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-04-27 17:50 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\system32\esent.dll
2011-04-27 17:50 . 2011-03-11 05:39 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2011-04-27 17:50 . 2011-03-11 05:39 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-04-27 17:50 . 2011-03-11 05:38 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-04-27 17:50 . 2011-03-11 05:38 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-04-27 17:50 . 2011-03-11 05:39 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-04-27 17:50 . 2011-03-11 05:38 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-04-27 17:50 . 2011-03-11 05:31 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-04-27 17:50 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer.exe
2011-04-25 12:52 . 2009-08-20 03:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-04-19 20:42 . 2011-05-03 12:39 -------- d-----w- c:\users\Justin\AppData\Roaming\Box Desktop
2011-04-19 20:42 . 2011-04-19 20:42 -------- d-----w- c:\program files\Box Sync
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-01 12:34 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-15 16:15 . 2011-03-15 16:15 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-15 16:15 . 2011-03-15 16:15 161792 ----a-w- c:\windows\system32\msls31.dll
2011-03-15 16:15 . 2011-03-15 16:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-03-15 16:15 . 2011-03-15 16:15 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-15 16:15 . 2011-03-15 16:15 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-15 16:15 . 2011-03-15 16:15 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-15 16:15 . 2011-03-15 16:15 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-03-15 16:15 . 2011-03-15 16:15 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-15 16:15 . 2011-03-15 16:15 367104 ----a-w- c:\windows\system32\html.iec
2011-03-15 16:15 . 2011-03-15 16:15 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-03-15 16:15 . 2011-03-15 16:15 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-15 16:15 . 2011-03-15 16:15 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-15 16:15 . 2011-03-15 16:15 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-15 16:15 . 2011-03-15 16:15 152064 ----a-w- c:\windows\system32\wextract.exe
2011-03-15 16:15 . 2011-03-15 16:15 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-03-15 16:15 . 2011-03-15 16:15 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-15 16:15 . 2011-03-15 16:15 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-15 16:15 . 2011-03-15 16:15 11776 ----a-w- c:\windows\system32\mshta.exe
2011-03-15 16:15 . 2011-03-15 16:15 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-03-15 16:15 . 2011-03-15 16:15 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-03-15 16:15 . 2011-03-15 16:15 101888 ----a-w- c:\windows\system32\admparse.dll
2011-03-12 11:23 . 2011-04-15 01:42 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-11 05:33 . 2011-04-15 01:42 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:33 . 2011-04-15 01:42 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-08 05:28 . 2011-04-15 01:42 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 05:38 . 2011-04-15 01:43 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:36 . 2011-04-15 01:43 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:42 . 2011-04-15 01:42 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-02-24 05:38 . 2011-04-15 01:42 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-23 22:21 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-23 04:48 . 2011-04-15 01:43 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-23 04:48 . 2011-04-15 01:43 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-23 04:47 . 2011-04-15 01:43 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-23 04:47 . 2011-04-15 01:42 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 04:47 . 2011-04-15 01:42 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 04:47 . 2011-04-15 01:42 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 04:47 . 2011-04-15 01:42 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-02-19 06:30 . 2011-03-09 18:48 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:30 . 2011-03-09 18:48 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:30 . 2011-03-09 18:48 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 06:30 . 2011-04-15 01:42 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 04:34 . 2011-04-15 01:42 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-02-18 21:36 . 2011-02-18 21:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 21:36 . 2011-02-18 21:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-03-15 13:46 . 2011-03-15 13:46 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 17:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2010-12-09 17:51 3911776 ----a-w- c:\program files\BitTorrentBar\tbBitT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BoxDesktopFileLocked]
@="{C253B817-3A00-475f-A5A3-6F2DD704B48D}"
[HKEY_CLASSES_ROOT\CLSID\{C253B817-3A00-475f-A5A3-6F2DD704B48D}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BoxDesktopNotSynced]
@="{19ACC806-F7AA-46AA-A80A-726A07CA6637}"
[HKEY_CLASSES_ROOT\CLSID\{19ACC806-F7AA-46AA-A80A-726A07CA6637}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BoxDesktopNotSyncedCollabs]
@="{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}"
[HKEY_CLASSES_ROOT\CLSID\{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BoxDesktopSynced]
@="{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}"
[HKEY_CLASSES_ROOT\CLSID\{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BoxDesktopSyncedCollab]
@="{9E48C232-F601-4E41-BB3E-16CBAF317AA4}"
[HKEY_CLASSES_ROOT\CLSID\{9E48C232-F601-4E41-BB3E-16CBAF317AA4}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-11-05 6174008]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-24 68856]
"Aim"="c:\program files\AIM\aim.exe" [2011-01-05 4321112]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2011-03-28 400760]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-04-08 405504]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-31 38840]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2008-05-07 36864]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2008-04-02 53248]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-03-15 30192]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-03-28 1910152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
.
c:\users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MLB.TV NexDef Plug-in.lnk - c:\users\Justin\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe [2009-4-1 801032]
outback - Shortcut.lnk - C:\outback.bat [2010-2-9 1158]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Box Sync.lnk - c:\program files\Box Sync\BoxSync.exe [2011-3-31 6901760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BoxSyncHelper]
2011-03-31 20:56 385024 ----a-w- c:\program files\Box Sync\BoxSyncHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\users\Justin\AppData\Roaming\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-08-11 17:41 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
.
R1 MpKsl12e4e7f1;MpKsl12e4e7f1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74DE7361-ABE0-412F-8766-E3404F917A59}\MpKsl12e4e7f1.sys [x]
R1 MpKsl18a3d230;MpKsl18a3d230;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72855BA7-617A-40E2-84EB-B011A721FE11}\MpKsl18a3d230.sys [x]
R1 MpKsl36861016;MpKsl36861016;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{18E3F757-C571-44C0-A2A4-CE0EC5B45844}\MpKsl36861016.sys [x]
R1 MpKsl390e6972;MpKsl390e6972;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B2F94111-9AF1-4305-A760-28C1F19D1409}\MpKsl390e6972.sys [x]
R1 MpKsl3e6df976;MpKsl3e6df976;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B135CC70-F605-4632-96A7-9DC96DDBA803}\MpKsl3e6df976.sys [x]
R1 MpKsl4416ed94;MpKsl4416ed94;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7CD70504-E706-4C6F-9183-4B129BE44401}\MpKsl4416ed94.sys [x]
R1 MpKsl62421179;MpKsl62421179;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{46D552D8-063F-48C4-AB0F-081B482E53BD}\MpKsl62421179.sys [x]
R1 MpKsl743ae810;MpKsl743ae810;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{906A96FB-A29B-48BA-815A-C48F0363AFE7}\MpKsl743ae810.sys [x]
R1 MpKsl7d84b6f3;MpKsl7d84b6f3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D4F32C13-1D84-4906-B9F4-F6A46FACCEF0}\MpKsl7d84b6f3.sys [x]
R1 MpKsl9462b72e;MpKsl9462b72e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FF0D12DB-9776-4285-BB16-D8074FE8E196}\MpKsl9462b72e.sys [x]
R1 MpKsl9ea04dce;MpKsl9ea04dce;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12E37EA4-56A4-49B7-905B-06818FFA5731}\MpKsl9ea04dce.sys [x]
R1 MpKsla8a6fbe6;MpKsla8a6fbe6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{767F5F5E-FB9D-4016-B57D-F2C269D084FC}\MpKsla8a6fbe6.sys [x]
R1 MpKsld5d4b01a;MpKsld5d4b01a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6522326-ECE0-481B-AE17-9D47F131B867}\MpKsld5d4b01a.sys [x]
R1 MpKsle2e8bd86;MpKsle2e8bd86;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12E37EA4-56A4-49B7-905B-06818FFA5731}\MpKsle2e8bd86.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-03-15 30192]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-01 1343400]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys [2011-05-12 20472]
S2 8704pdateService;Box Sync Auto-updater;c:\program files\Box Sync\UpdateService.exe [2011-03-31 8704]
S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-12 79432]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-03-28 1242504]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-08-11 12856]
S2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2008-07-10 218136]
S2 MSSQL$INFLOWSQL;SQL Server (INFLOWSQL);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [2011-01-12 196928]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-01-12 68928]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2009-03-30 1113448]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-07-10 31256]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - AvgTdiX
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-744172185-87971296-2539405451-1002Core.job
- c:\users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-28 14:21]
.
2011-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-744172185-87971296-2539405451-1002UA.job
- c:\users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-28 14:21]
.
2011-03-07 c:\windows\Tasks\RegInOut Scheduled Scan - Justin.job
- c:\program files\RegInOut\RegInOut.exe [2011-02-07 21:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Se&nd to OneNote - /105
Trusted Zone: aetna.com\www
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {F8E691A0-C92E-4E42-9CDA-62FC07A9483B} - hxxp://actiftp.hosting4less.com/ACTIGENERAL/AP&Manual/Live%20Demo/nvUnifiedControl.ocx
FF - ProfilePath - c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\ngysdz70.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=15-06-2009&tb_mrud=12-05-2010
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=100000000000000002&tb_oid=15-06-2009&tb_mrud=12-05-2010&query=
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1456)
c:\windows\System32\pnidui.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
c:\windows\system32\taskhost.exe
c:\program files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
c:\windows\system32\conhost.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-05-18 10:26:55 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-18 14:26
ComboFix2.txt 2011-05-16 20:19
.
Pre-Run: 283,779,559,424 bytes free
Post-Run: 283,481,886,720 bytes free
.
- - End Of File - - 87756CCB8B06FF843C26409787F51124

Broni · May 18, 2011

Looks good

How is redirection?

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:

On completion of the scan click "Save log", save it to your desktop and post in your next reply:

jhenri23 · May 19, 2011

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-19 09:12:36
-----------------------------
09:12:36.180 OS Version: Windows 6.1.7601 Service Pack 1
09:12:36.181 Number of processors: 1 586 0x7F02
09:12:36.183 ComputerName: JUSTINS-PC UserName: Justin
09:12:38.199 Initialize success
09:12:39.939 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000074
09:12:39.942 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
09:12:41.958 Disk 0 MBR read successfully
09:12:41.961 Disk 0 MBR scan
09:12:41.964 Disk 0 Windows 7 default MBR code
09:12:43.968 Disk 0 scanning sectors +976768065
09:12:43.998 Disk 0 scanning C:\Windows\system32\drivers
09:12:51.178 Service scanning
09:12:53.069 Disk 0 trace - called modules:
09:12:53.085 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
09:12:53.090 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8638d030]
09:12:53.097 3 CLASSPNP.SYS[8b39259e] -> nt!IofCallDriver -> [0x861ab3e8]
09:12:53.102 5 ACPI.sys[8ae3b3d4] -> nt!IofCallDriver -> \Device\00000074[0x861ab030]
09:12:53.107 Scan finished successfully
09:13:00.192 Disk 0 MBR has been saved successfully to "C:\Users\Justin\Desktop\MBR.dat"
09:13:00.198 The log file has been saved successfully to "C:\Users\Justin\Desktop\aswMBR.txt"

Broni · May 19, 2011

You didn't say:

How is redirection?

TechSpot

[Inactive] Can't remove Google redirect

jhenri23 Newcomer, in training

Broni Malware Annihilator

jhenri23 Newcomer, in training

Broni Malware Annihilator