Google-redirect virus

I ran combofix and here is the log report. Let me know what I should do from here. Thanks!

ComboFix 09-06-01.03 - HP_Administrator 06/03/2009 9:55.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.580 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\DriveCleaner
c:\documents and settings\All Users\Application Data\DriveCleaner\Data\Abbr
c:\documents and settings\All Users\Application Data\DriveCleaner\Data\ActivationCode
c:\documents and settings\All Users\Application Data\DriveCleaner\Data\CustomerEmail
c:\documents and settings\All Users\Application Data\DriveCleaner\Data\CustomerName
c:\documents and settings\All Users\Application Data\DriveCleaner\Data\OID
c:\documents and settings\All Users\Application Data\DriveCleaner\Data\ProductCode
c:\documents and settings\All Users\Application Data\DriveCleaner\Data\Suspicious
c:\documents and settings\HP_Administrator\Application Data\DriveCleaner Free
c:\documents and settings\HP_Administrator\Application Data\DriveCleaner
c:\documents and settings\HP_Administrator\Application Data\DriveCleaner\activator_info.txt
c:\documents and settings\HP_Administrator\Application Data\DriveCleaner\Logs\Activate.log
c:\documents and settings\HP_Administrator\Application Data\DriveCleaner\Logs\update.log
c:\documents and settings\HP_Administrator\err.log
c:\documents and settings\HP_Administrator\protect.dll
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ChkDisk.dll
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ChkDisk.lnk
c:\documents and settings\LocalService\protect.dll
c:\documents and settings\NetworkService\protect.dll
c:\windows\IE4 Error Log.txt
c:\windows\system32\autochk.dll
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\drivers\kungsfctnsxcnk.sys
c:\windows\system32\kungsfektfkmpk.dll
c:\windows\system32\kungsfewutvnov.dat
c:\windows\system32\kungsflhhmhfmu.dat
c:\windows\system32\kungsfvymxoyou.dll
c:\windows\tmark2.dat
D:\Autorun.inf
D:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kungsfjnalxbrk

((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 )))))))))))))))))))))))))))))))
.

2009-06-03 16:31 . 2009-06-03 16:32 -------- d-----w- C:\32788R22FWJFW
2009-06-03 04:23 . 2009-06-03 16:18 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\CyberDefender
2009-06-02 23:09 . 2009-06-03 17:01 4128 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-02 23:09 . 2009-06-03 16:53 3992608 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-02 23:05 . 2009-06-02 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
2009-06-02 23:03 . 2009-06-02 23:03 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Downloaded Installations
2009-06-02 22:17 . 2009-06-02 22:17 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\ParetoLogic
2009-06-02 22:17 . 2009-06-02 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-06-02 22:17 . 2009-06-02 22:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-06-02 22:09 . 2009-06-02 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Spyware
2009-06-02 22:09 . 2009-06-02 23:05 -------- d-----w- c:\program files\ParetoLogic
2009-06-02 22:09 . 2009-06-02 23:05 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-06-02 21:50 . 2009-06-02 22:07 -------- d-----w- c:\program files\RegCure
2009-06-02 21:06 . 2009-06-02 21:06 -------- d-sh--w- c:\documents and settings\HP_Administrator\IECompatCache
2009-06-02 21:05 . 2009-06-02 21:05 -------- d-sh--w- c:\documents and settings\HP_Administrator\PrivacIE
2009-06-02 21:03 . 2009-06-02 21:03 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-02 21:03 . 2009-06-02 21:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-02 21:03 . 2009-06-02 21:03 -------- d-sh--w- c:\documents and settings\HP_Administrator\IETldCache
2009-06-02 21:00 . 2009-06-02 21:00 -------- d-----w- c:\windows\ie8updates
2009-06-02 21:00 . 2009-05-12 05:11 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-06-02 20:58 . 2009-06-02 20:59 -------- dc-h--w- c:\windows\ie8
2009-06-02 20:21 . 2009-06-02 20:21 -------- d-----w- c:\windows\system32\scripting
2009-06-02 20:21 . 2009-06-02 20:21 -------- d-----w- c:\windows\l2schemas
2009-06-02 20:21 . 2009-06-02 20:21 -------- d-----w- c:\windows\system32\en
2009-06-02 20:21 . 2009-06-02 20:21 -------- d-----w- c:\windows\system32\bits
2009-06-02 20:19 . 2009-06-02 20:21 -------- d-----w- c:\windows\ServicePackFiles
2009-05-29 10:09 . 2009-06-03 03:36 -------- d-----w- c:\windows\system32\NtmsData
2009-05-19 15:12 . 2009-05-08 16:50 2051864 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-05-19 15:12 . 2009-05-08 16:50 354584 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-05-19 15:12 . 2009-05-08 16:50 424472 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll
2009-05-19 15:12 . 2009-05-08 16:50 177432 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll
2009-05-19 15:12 . 2009-05-08 16:50 312088 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll
2009-05-19 15:12 . 2009-05-08 16:50 3288344 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-05-19 15:12 . 2009-05-08 16:50 486168 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2009-05-19 15:11 . 2009-05-08 16:49 1437464 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-05-19 15:11 . 2009-05-08 16:49 755992 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-05-14 16:11 . 2009-05-08 16:50 2302232 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-05-14 16:11 . 2009-05-08 16:50 3399960 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-05-08 17:56 . 2009-05-08 17:56 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-08 13:30 . 2009-05-08 14:53 -------- d-----w- c:\documents and settings\HP_Administrator\ZipForm
2009-05-08 13:26 . 2009-05-08 13:27 -------- d--h--w- c:\program files\Zero G Registry
2009-05-08 13:26 . 2009-05-08 13:26 -------- d-----w- c:\program files\ZipLogix
2009-05-08 13:25 . 2009-05-08 17:56 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-08 13:19 . 2009-05-08 13:19 -------- d--h--w- c:\documents and settings\HP_Administrator\InstallAnywhere
2009-05-05 00:54 . 2009-05-05 00:54 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\MSNInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-03 17:03 . 2006-12-11 15:49 -------- d-----w- c:\program files\GE Security Supra
2009-06-03 16:53 . 2009-06-02 23:09 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-03 16:53 . 2009-06-02 23:09 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-03 16:31 . 2009-02-10 19:43 256 ----a-w- c:\windows\system32\pool.bin
2009-06-03 16:26 . 2008-05-23 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-03 16:18 . 2006-12-27 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
2009-06-02 22:20 . 2007-08-09 19:24 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LimeWire
2009-06-02 22:20 . 2006-12-11 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2009-06-02 22:10 . 2006-08-01 02:25 73776 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-02 20:24 . 2005-08-31 04:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-02 20:24 . 2009-06-02 20:24 208896 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2009-06-02 20:24 . 2009-06-02 20:24 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2009-06-02 20:24 . 2009-06-02 20:24 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2009-06-02 20:24 . 2009-06-02 20:24 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2009-06-02 20:24 . 2009-06-02 20:24 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2009-06-02 20:24 . 2009-06-02 20:24 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2009-06-02 20:24 . 2009-06-02 20:24 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2009-06-02 20:24 . 2009-06-02 20:24 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2009-06-02 20:24 . 2009-06-02 20:24 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2009-05-08 17:56 . 2006-08-01 01:55 -------- d-----w- c:\program files\Java
2009-05-05 22:07 . 2008-05-18 00:13 16535736 ----a-w- c:\documents and settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\Installers\SetupGamesClient.exe
2009-05-04 23:37 . 2008-03-22 18:39 -------- d-----w- c:\program files\Common Files\Adobe
2009-04-30 17:50 . 2006-08-01 02:29 -------- d-----w- c:\program files\Microsoft Works
2009-04-30 17:44 . 2008-02-20 04:40 -------- d-----w- c:\program files\MSECache
2009-04-30 14:28 . 2009-04-30 14:28 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Template
2009-03-29 18:55 . 2009-03-29 18:54 65 ----a-w- c:\windows\system32\bd7340.dat
2009-03-29 18:51 . 2009-03-29 18:51 10134 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}\ARPPRODUCTICON.exe
2009-03-08 11:34 . 2004-08-10 04:00 914944 ----a-w- c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2004-08-10 04:00 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2004-08-10 04:00 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2004-08-10 04:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2004-08-10 04:00 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2004-08-10 04:00 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 11:31 . 2004-08-10 04:00 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2004-08-10 04:00 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2004-08-10 04:00 45568 ----a-w- c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2004-08-10 04:00 156160 ----a-w- c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-10 04:00 284160 ----a-w- c:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}]
2009-06-03 04:22 3962184 ----a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\CyberDefender\cdmyidd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1207080]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ParetoLogic Anti-Spyware"="c:\program files\ParetoLogic\Anti-Spyware\Pareto_AS.exe" [2009-05-27 2643312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2006-05-04 507904]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-11 98304]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 228088]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-06 741376]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-08 148888]
"ParetoLogic Anti-Virus PLUS"="c:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe" [2009-02-18 2659664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-07 8720384]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2007-10-2 1283608]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{51C55F9E-C308-4c95-89AB-8858D8AFD819}"= "c:\program files\ParetoLogic\Anti-Spyware\PASShlExt.dll" [2009-05-27 98304]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0daila

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BIGDOGPATH326.lnk]
backup=c:\windows\pss\BIGDOGPATH326.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DisplayKEY eSYNC Info.lnk]
backup=c:\windows\pss\DisplayKEY eSYNC Info.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Domino.lnk]
backup=c:\windows\pss\Domino.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=
"c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R2 WMP300NSvc;WMP300NSvc;c:\program files\Wireless-N PCI Adapter\WLService.exe [12/18/2006 11:16 AM 53307]
R2 ZeppelinService;plasservice;c:\program files\Common Files\ParetoLogic\PLAS\plasservice.exe [2/18/2009 2:40 PM 587216]
R3 usbvm328;FlexiCAM USB 2.0 with sound;c:\windows\system32\drivers\usbvm326.sys [1/15/2007 5:07 PM 235136]
R3 vmfilter326;326 MRD filter service;c:\windows\system32\drivers\vmfilter326.sys [1/15/2007 5:08 PM 476800]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]

2009-06-02 c:\windows\Tasks\ParetoLogic Anti-Spyware.job
- c:\program files\ParetoLogic\Anti-Spyware\Pareto_AS.exe [2009-05-27 13:20]

2009-06-02 c:\windows\Tasks\ParetoLogic Anti-Virus PLUS.job
- c:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe [2009-02-18 21:43]

2009-06-03 c:\windows\Tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
- c:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe [2009-02-18 21:43]

2009-06-03 c:\windows\Tasks\ParetoLogic Privacy Controls_{8944702E-5059-11DE-9433-0018F3956794}.job
- c:\program files\ParetoLogic\Privacy Controls\Pareto_PC.exe [2008-11-25 18:29]

2009-06-03 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 19:25]

2009-06-02 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 19:25]

2009-06-02 c:\windows\Tasks\ParetoLogic Update.job
- c:\program files\Common Files\ParetoLogic\UUS\Pareto_Update.exe [2009-05-27 20:39]

2009-06-03 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]

2009-06-02 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-autochk - c:\docume~1\LOCALS~1\protect.dll
SafeBoot-procexp90.Sys

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm265MFUS&fl=0&ptb=w6cM16pGbvk_qhGxQPeKHQ&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\windows\system32\INetHTTPFilter.dll
Trusted Zone: infusionsoft.com\cjr
TCP: {275C8A36-05EC-4D79-B898-C215D4CB6DF2} = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-03 10:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1068)
c:\windows\system32\INetHTTPFilter.dll
.
Completion time: 2009-06-03 10:06
ComboFix-quarantined-files.txt 2009-06-03 17:05

Pre-Run: 208,327,254,016 bytes free
Post-Run: 208,355,213,312 bytes free

275 --- E O F --- 2009-06-02 21:00

Here is the Malwarebytes log.

Malwarebytes' Anti-Malware 1.37
Database version: 2224
Windows 5.1.2600 Service Pack 3

6/3/2009 11:49:28 AM
mbam-log-2009-06-03 (11-49-28).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 235352
Time elapsed: 1 hour(s), 10 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 8
Files Infected: 27

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\program files\common files\DriveCleaner (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\DriveCleaner (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\MacroVirus (Rogue.MacroVirus) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Administrator\Application Data\MacroVirus (Rogue.MacroVirus) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\application data\macrovirus\Log (Rogue.MacroVirus) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\application data\macrovirus\Quarantine (Rogue.MacroVirus) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\application data\macrovirus\Registry Backups (Rogue.MacroVirus) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\application data\macrovirus\Settings (Rogue.MacroVirus) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\online services\PeoplePC\ISP5900\utilities\AtlBrowser.exe (Dialer) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\documents and settings\hp_administrator\protect.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\documents and settings\hp_administrator\start menu\Programs\Startup\ChkDisk.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\documents and settings\localservice\protect.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\documents and settings\networkservice\protect.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\autochk.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\config\systemprofile\protect.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP1045\A0110455.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP1045\A0110456.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP1045\A0110459.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP1045\A0110460.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP1045\A0110462.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP1045\A0110463.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\cpnprt2.cid (Adware.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\config\systemprofile\start menu\Programs\Startup\ChkDisk.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\program files\common files\drivecleaner\err.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner\msvcp71.dll (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner\msvcr71.dll (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\application data\macrovirus\Log\2007 Jun 06 - 01_35_14 PM.log (Rogue.MacroVirus) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\application data\macrovirus\Log\2007 Jun 06 - 01_35_16 PM.log (Rogue.MacroVirus) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\application data\macrovirus\Settings\CustomScan.stg (Rogue.MacroVirus) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\application data\macrovirus\Settings\IgnoreList.stg (Rogue.MacroVirus) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\application data\macrovirus\Settings\ScanInfo.stg (Rogue.MacroVirus) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\application data\macrovirus\Settings\ScanResults.stg (Rogue.MacroVirus) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\application data\macrovirus\Settings\SelectedFolders.stg (Rogue.MacroVirus) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\application data\macrovirus\Settings\Settings.stg (Rogue.MacroVirus) -> Quarantined and deleted successfully.
c:\WINDOWS\t55ft3495f44.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

#1
chadman125

Posted 03 June 2009 - 11:25 AM

Advertisements

#2
chadman125

Posted 03 June 2009 - 01:07 PM

#3
chadman125

Posted 03 June 2009 - 02:51 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us