Google redirect - Trojan.Vundo .log/.txt attatched

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  Code:

  :OTL
  SRV - File not found [Auto | Stopped] --  -- (winbackupdumper-id1906Xv2Ej1zt)
  SRV - File not found [Auto | Stopped] --  -- (acrosysbackup_ex06Xv2Ej1zt)
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2787EA8E-8D87-48AF-88AD-B30246C917AB} - No CLSID value found.
  O4 - HKLM..\Run: [Acronis Toolbar Helper]  File not found
  O4 - HKLM..\Run: [vtuvstsys]  File not found
  O4 - HKCU..\Run: [ddbbyasys]  File not found
  O4 - HKCU..\Run: [Desktop Cleanup Wizard]  File not found
  O4 - HKCU..\Run: [P2kAutostart]  File not found
  O4 - HKCU..\Run: [winjwws92] C:\Users\Administrator\AppData\Roaming\winjwws92\winjwws93.exe File not found
  O4 - HKLM..\RunOnce: []  File not found
  O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -Mozilla\5.0 ( File not found
  O30 - LSA: Authentication Packages - (bywuut.dll) -  File not found
  O33 - MountPoints2\{56614c7d-5f00-11df-88cb-806e6f6e6963}\Shell\AutoRun\command - "" = E:\hbcd\wintools\autorun.exe -- File not found
  O33 - MountPoints2\{56614c7d-5f00-11df-88cb-806e6f6e6963}\Shell\Option1\Command - "" = E:\hbcd\wintools\autorun.exe -- File not found
  [2010/05/06 17:39:16 | 000,037,888 | ---- | M] () -- C:\Windows\System32\b_syspol32.dll
  [2010/05/05 16:39:03 | 000,000,002 | ---- | M] () -- C:\Users\Administrator\tenmy.ini
  [2010/05/05 16:38:58 | 000,372,061 | ---- | M] () -- C:\Users\Administrator\winjwws93.exe
  [2010/05/05 16:38:56 | 000,145,920 | ---- | M] () -- C:\Users\Administrator\pod932.exe
  @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
  
  :Services
  winbackupdumper-id1906Xv2Ej1zt
  acrosysbackup_ex06Xv2Ej1zt
  
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [resethosts]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

If you can, yes.

It looks much better

Now, delete broni.com, download fresh copy of Combofix, rename it again to broni.com and see, if it'll run.

By all means ...
I don't consider yourself as my prisoner....LOL

What does exactly happen?

Hold on...

Run those fixes through MBAM. Post the log.

Download RootRepeal.zip (Mirror1, Mirror2) and unzip it to your Desktop.

• Double click RootRepeal.exe to start the program
• Click on the Report tab at the bottom of the program window
• Click the Scan button
• In the Select Scan dialog, check:
  • 
    [*]Drivers
    [*]Files
    [*]Processes
    [*]SSDT
    [*]Stealth Objects
    [*]Hidden Services
• Click the OK button
• In the next dialog, select all drives showing
• Click OK to start the scan
  
  Note: The scan can take some time. DO NOT run any other programs while the scan is running
• When the scan is complete, the Save Report button will become available
• Click this and save the report to your Desktop as RootRepeal.txt
• Go to File, then Exit to close the program

Open RootRepeal.txt file with Notepad, copy, and paste all content into your next reply.

If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

==================================================================

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
When it is done, a log file should be created on your C: drive called TDSSKiller.txt please copy and paste the contents of that file here.

OK....good luck

OK.........