Inactive Another google Redirect Problem

wealthymike · 2010/04/09

[Inactive] Another google Redirect Problem

Hey guys, I have a bad google redirect problem and I was told by a friend to run Combofix and post the log here. I'd greatly appreciate anyone's help. Thank you in advance!!

ComboFix 10-04-08.06 - Sampson 04/09/2010 17:46:48.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.479 [GMT -4:00]
Running from: c:\documents and settings\Sampson\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
PEV Error: LocalSettingsFile

((((((((((((((((((((((((( Files Created from 2010-03-09 to 2010-04-09 )))))))))))))))))))))))))))))))
.

2010-04-09 16:17 . 2010-04-09 16:17 53088 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-04-09 16:17 . 2010-04-09 16:17 30280 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-04-09 16:17 . 2010-04-09 16:17 24368 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-04-09 15:54 . 2010-04-09 15:54 28880 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1E6A47E8-FFF8-426F-A009-7C2EDED19234}\MpKslcb734e66.sys
2010-04-08 17:36 . 2010-04-09 14:34 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-04-08 17:30 . 2010-04-09 20:57 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-08 17:30 . 2010-04-08 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-04-08 17:30 . 2010-04-08 17:30 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-04-08 15:47 . 2010-04-09 15:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-08 15:43 . 2010-04-08 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-08 12:17 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-08 12:16 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-07 21:01 . 2010-04-07 21:01 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-05 07:58 . 2010-04-05 07:58 -------- d-----w- c:\documents and settings\Sampson\Local Settings\Application Data\PCHealth
2010-03-27 18:17 . 2010-03-27 18:25 -------- d-----w- c:\documents and settings\Sampson\Local Settings\Application Data\ctrxmt
2010-03-27 01:45 . 2010-03-27 01:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2010-03-11 08:03 . 2010-03-11 08:03 31648712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{9D85C76A-1F9E-A22B-971A-80DD87C7B4EF}-MRT.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-09 15:53 . 2008-04-14 20:00 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys
2010-04-09 15:44 . 2010-04-09 15:44 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys4E5EA5B4
2010-04-08 15:43 . 2009-01-20 19:22 -------- d-----w- c:\program files\Google
2010-04-08 12:17 . 2010-01-09 19:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-07 21:01 . 2009-08-24 16:06 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-04 01:53 . 2009-09-06 12:29 -------- d-----w- c:\program files\AKProg
2010-03-31 07:26 . 2009-08-02 07:15 -------- d-----w- c:\documents and settings\Sampson\Application Data\uTorrent
2010-03-11 12:38 . 2008-10-16 20:38 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2008-04-14 20:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2008-04-14 20:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-11 08:06 . 2009-01-20 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-11 08:05 . 2010-01-09 20:41 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-03-08 03:58 . 2010-03-08 03:58 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-03-06 05:18 . 2010-03-05 20:50 256 ----a-w- c:\windows\system32\pool.bin
2010-03-05 20:56 . 2010-03-05 20:56 -------- d-----w- c:\documents and settings\Sampson\Application Data\Blackberry Desktop
2010-03-05 20:49 . 2010-03-05 20:49 -------- d-----w- c:\documents and settings\Sampson\Application Data\Research In Motion
2010-03-05 20:47 . 2010-03-05 20:47 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-03-05 20:47 . 2010-03-05 20:47 -------- d-----w- c:\program files\Research In Motion
2010-02-24 14:16 . 2010-01-09 20:43 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 16:25 . 2010-02-22 16:25 -------- d-----w- c:\documents and settings\Sampson\Application Data\UltraVNC
2010-02-05 15:39 . 2010-02-05 15:39 251376 ----a-w- c:\documents and settings\Sampson\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-01-12 21:38 . 2009-07-24 08:07 60592 ----a-w- c:\documents and settings\Sampson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-24 68856]
"Google Update "= "c:\documents and settings\Sampson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-09-16 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"AzMixerSel "= "c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-18 53248]
"LManager "= "c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]
"PLFSetL "= "c:\windows\PLFSetL.exe" [2007-07-05 94208]
"MSSE "= "c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"BlackBerryAutoUpdate "= "c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"HitmanPro35 "= "c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-04-08 5650240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 10:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 23:20 57344 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2008-10-03 19:18 294544 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2008-09-04 05:46 425984 ----a-w- c:\acer\Empowering Technology\eRecovery\eRAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-01-20 19:22 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-09-16 16:05 133104 ----atw- c:\documents and settings\Sampson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 20:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-03 06:41 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 20:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 20:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 20:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-12-30 21:58 18082304 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-09 20:50 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-07-24 08:14 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-04-25 16:32 1044480 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\Documents and Settings\\Sampson\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll "=
"c:\\Documents and Settings\\Sampson\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Documents and Settings\\Sampson\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5910:TCP "= 5910:TCP:vnc5910

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [4/9/2010 12:17 PM 30280]
R1 MpKslcb734e66;MpKslcb734e66;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1E6A47E8-FFF8-426F-A009-7C2EDED19234}\MpKslcb734e66.sys [4/9/2010 11:54 AM 28880]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [4/9/2010 12:17 PM 53088]
R2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\QDLService\QDLService.exe [11/10/2008 2:43 AM 345336]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [4/9/2010 12:17 PM 24368]
S1 aisggsig;aisggsig;\??\c:\windows\system32\drivers\aisggsig.sys --> c:\windows\system32\drivers\aisggsig.sys [?]
S1 cpoxzgoh;cpoxzgoh;\??\c:\windows\system32\drivers\cpoxzgoh.sys --> c:\windows\system32\drivers\cpoxzgoh.sys [?]
S1 dwttwlcm;dwttwlcm;\??\c:\windows\system32\drivers\dwttwlcm.sys --> c:\windows\system32\drivers\dwttwlcm.sys [?]
S1 keagzpqu;keagzpqu;\??\c:\windows\system32\drivers\keagzpqu.sys --> c:\windows\system32\drivers\keagzpqu.sys [?]
S1 leuaoesr;leuaoesr;\??\c:\windows\system32\drivers\leuaoesr.sys --> c:\windows\system32\drivers\leuaoesr.sys [?]
S1 oewprgpm;oewprgpm;\??\c:\windows\system32\drivers\oewprgpm.sys --> c:\windows\system32\drivers\oewprgpm.sys [?]
S1 vrmxrfzv;vrmxrfzv;\??\c:\windows\system32\drivers\vrmxrfzv.sys --> c:\windows\system32\drivers\vrmxrfzv.sys [?]
S2 CrossLoopService;CrossLoop Service;c:\documents and settings\Sampson\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [2/22/2010 10:11 AM 560792]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/20/2009 3:22 PM 30192]
S3 QCFilterGAD;Gobi AD USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterGAD.sys [7/24/2009 4:08 AM 5248]
S3 qcusbnetGAD;Gobi AD USB-NDIS miniport;c:\windows\system32\drivers\qcusbnetGAD.sys [7/24/2009 4:08 AM 115200]
S3 qcusbserGAD;Gobi AD USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserGAD.sys [2/17/2009 12:42 AM 103680]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 uvnc_service;uvnc_service;c:\documents and settings\Sampson\Local Settings\Application Data\CrossLoop\winvnc.exe [2/22/2010 10:11 AM 1590216]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CSISCANNER
*NewlyCreated* - MPKSLCB734E66
*NewlyCreated* - PXKBF
*NewlyCreated* - PXRTS
*NewlyCreated* - PXSCAN
*Deregistered* - CSIScanner
.
Contents of the 'Scheduled Tasks' folder

2010-04-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-24 15:43]

2010-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776817393-1407352519-815249355-1006Core.job
- c:\documents and settings\Sampson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-16 16:05]

2010-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776817393-1407352519-815249355-1006UA.job
- c:\documents and settings\Sampson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-16 16:05]

2010-04-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 23:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0709&m=aoa150
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0709&m=aoa150
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Sampson\Application Data\Mozilla\Firefox\Profiles\l85e7cm8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com
FF - plugin: c:\documents and settings\Sampson\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Sampson\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\Sampson\Application Data\Mozilla\Firefox\Profiles\l85e7cm8.default\extensions\justintvpublisher@justin.tv\platform\WINNT_x86-msvc\plugins\npjustintvpublish.dll
FF - plugin: c:\documents and settings\Sampson\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Sampson\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1908.5032\npCIDetect14.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-09 17:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86125AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf76ebf28
\Driver\ACPI -> ACPI.sys @ 0xf765ecb8
\Driver\atapi -> atapi.sys @ 0xf7616852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
SecurityProcedure -> ntoskrnl.exe @ 0x805d96a1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
SecurityProcedure -> ntoskrnl.exe @ 0x805d96a1
NDIS: Atheros AR5007EG Wireless Network Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf7523bd4
PacketIndicateHandler -> NDIS.sys @ 0xf752fa21
SendHandler -> NDIS.sys @ 0xf7523d44
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(780)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1456)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-04-09 18:03:39
ComboFix-quarantined-files.txt 2010-04-09 22:03

Pre-Run: 135,025,762,304 bytes free
Post-Run: 135,443,763,200 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 20B1CD8CD51791159F5D28D2189C9A26

Admin. · 2010/04/09

Hi,

Read this post as indicated at the top of this forum & follow the instructions.

Log in or Sign up

Inactive Another google Redirect Problem

wealthymike Inactive Thread Starter

Admin. Administrator Administrator Staff

Share This Page

Log in or Sign up

Inactive Another google Redirect Problem

wealthymike Inactive Thread Starter

Admin. Administrator Administrator Staff

Share This Page

Useful Searches