Google redirects

**BooBoo** · 2010-02-04, 20:44

Found it. Wonder why windows search did not find it. Oh well here it is.

Volume in drive C has no label.
Volume Serial Number is 5C36-5238

Directory of c:\

02/04/2010 09:28 AM 32,435 ComboFix.txt
1 File(s) 32,435 bytes

Directory of c:\Qoobox

02/04/2010 09:28 AM 57,809 ComboFix-quarantined-files.txt
01/26/2010 08:15 PM 27,996 ComboFix2.txt
01/26/2010 07:42 PM 28,237 ComboFix3.txt
01/22/2010 08:38 PM 27,947 ComboFix4.txt
01/27/2010 05:39 PM 1,065,479 ComboFix5.txt
5 File(s) 1,207,468 bytes

Total Files Listed:
6 File(s) 1,239,903 bytes
0 Dir(s) 43,639,119,872 bytes free

ComboFix 10-01-21.08 - Mike 01/22/2010 20:22:13.9.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2039.1183 [GMT -7:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((( Files Created from 2009-12-23 to 2010-01-23 )))))))))))))))))))))))))))))))
.

2010-01-23 03:32 . 2010-01-23 03:33 -------- d-----w- c:\users\Mike\AppData\Local\temp
2010-01-23 03:32 . 2010-01-23 03:32 -------- d-----w- c:\users\The McNabs\AppData\Local\temp
2010-01-23 03:32 . 2010-01-23 03:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-23 03:32 . 2010-01-23 03:32 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-01-23 03:32 . 2010-01-23 03:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-22 10:12 . 2010-01-22 08:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000507\maindata.sys
2010-01-21 10:12 . 2010-01-21 08:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000506\maindata.sys
2010-01-20 10:11 . 2010-01-20 08:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000505\maindata.sys
2010-01-19 10:08 . 2010-01-19 08:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000504\maindata.sys
2010-01-18 10:09 . 2010-01-18 08:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000503\maindata.sys
2010-01-17 10:07 . 2010-01-17 08:01 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000502\maindata.sys
2010-01-16 10:45 . 2010-01-16 08:05 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000501\maindata.sys
2010-01-15 11:21 . 2010-01-15 08:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000500\maindata.sys
2010-01-14 10:52 . 2010-01-14 08:06 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000499\maindata.sys
2010-01-13 11:35 . 2010-01-13 08:01 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000498\maindata.sys
2010-01-13 01:05 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 01:05 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 10:12 . 2010-01-12 08:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000497\maindata.sys
2010-01-11 10:12 . 2010-01-11 08:01 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000496\maindata.sys
2010-01-10 10:12 . 2010-01-10 08:01 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000495\maindata.sys
2010-01-09 11:13 . 2010-01-09 08:06 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000494\maindata.sys
2010-01-08 11:22 . 2010-01-08 08:02 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000493\maindata.sys
2010-01-07 10:59 . 2010-01-07 08:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000492\maindata.sys
2010-01-06 12:04 . 2010-01-06 08:05 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000491\maindata.sys
2010-01-05 10:54 . 2010-01-05 08:06 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000490\maindata.sys
2010-01-04 10:14 . 2010-01-04 08:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000489\maindata.sys
2010-01-03 10:15 . 2010-01-03 08:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000488\maindata.sys
2010-01-02 10:07 . 2010-01-02 08:01 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000487\maindata.sys
2010-01-01 10:08 . 2010-01-01 08:02 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000486\maindata.sys
2009-12-31 10:14 . 2009-12-31 08:04 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000485\maindata.sys
2009-12-28 11:25 . 2009-12-28 08:04 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000484\maindata.sys
2009-12-27 11:12 . 2009-12-27 08:05 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000483\maindata.sys
2009-12-26 11:19 . 2009-12-26 08:04 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000482\maindata.sys
2009-12-25 10:18 . 2009-12-25 08:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000481\maindata.sys
2009-12-24 10:10 . 2009-12-24 08:02 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000480\maindata.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-23 03:17 . 2007-12-11 02:23 -------- d-----w- c:\program files\Weather Watcher
2010-01-23 02:08 . 2009-05-21 19:54 -------- d-----w- c:\program files\GE Security Supra
2010-01-23 02:05 . 2009-08-10 01:10 -------- d-----w- c:\users\Mike\AppData\Roaming\uTorrent
2010-01-22 21:22 . 2009-02-26 15:01 -------- d-----w- c:\users\Mike\AppData\Roaming\SolidDocuments
2010-01-22 21:19 . 2007-10-10 14:53 -------- d-----w- c:\programdata\Google Updater
2010-01-22 10:21 . 2008-07-20 15:42 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-16 18:58 . 2008-02-15 21:00 -------- d-----w- c:\users\Mike\AppData\Roaming\CoreFTP
2010-01-16 16:37 . 2009-07-30 17:03 -------- d-----w- c:\program files\Citrix
2010-01-16 16:37 . 2007-10-08 22:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-14 18:12 . 2009-10-03 08:40 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 10:08 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-02 06:38 . 2010-01-21 23:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 23:20 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-21 23:20 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-21 23:20 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-23 08:02 . 2009-12-23 10:07 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000479\maindata.sys
2009-12-22 08:01 . 2009-12-22 10:04 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000478\maindata.sys
2009-12-21 08:01 . 2009-12-21 10:01 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000477\maindata.sys
2009-12-20 17:43 . 2009-03-16 02:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-20 17:40 . 2009-03-16 02:10 -------- d-----w- c:\program files\Java
2009-12-20 08:04 . 2009-12-20 10:11 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000476\maindata.sys
2009-12-19 23:17 . 2007-10-10 14:53 -------- d-----w- c:\program files\Google
2009-12-19 08:03 . 2009-12-19 10:13 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000475\maindata.sys
2009-12-19 03:49 . 2009-12-19 03:47 -------- d-----w- c:\program files\PokerStars
2009-12-18 08:03 . 2009-12-18 10:06 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000474\maindata.sys
2009-12-17 08:03 . 2009-12-17 10:15 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000473\maindata.sys
2009-12-16 08:03 . 2009-12-16 10:13 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000472\maindata.sys
2009-12-15 08:02 . 2009-12-15 10:08 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000471\maindata.sys
2009-12-14 08:01 . 2009-12-14 10:06 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000470\maindata.sys
2009-12-13 08:04 . 2009-12-13 10:06 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000469\maindata.sys
2009-12-12 08:03 . 2009-12-12 10:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000468\maindata.sys
2009-12-11 08:02 . 2009-12-11 10:00 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000467\maindata.sys
2009-12-10 08:01 . 2009-12-10 10:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000466\maindata.sys
2009-12-09 08:01 . 2009-12-09 09:45 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000465\maindata.sys
2009-12-08 08:01 . 2009-12-08 09:57 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000464\maindata.sys
2009-12-07 08:00 . 2009-12-07 09:54 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000463\maindata.sys
2009-12-06 08:01 . 2009-12-06 09:54 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000462\maindata.sys
2009-12-05 08:01 . 2009-12-05 09:58 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000461\maindata.sys
2009-12-04 08:00 . 2009-12-04 09:55 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000460\maindata.sys
2009-12-03 08:03 . 2009-12-03 10:50 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000459\maindata.sys
2009-12-02 08:02 . 2009-12-02 10:53 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000458\maindata.sys
2009-12-01 08:03 . 2009-12-01 11:06 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000457\maindata.sys
2009-11-30 08:03 . 2009-11-30 10:54 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000456\maindata.sys
2009-11-29 08:06 . 2009-11-29 10:57 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000455\maindata.sys
2009-11-28 17:50 . 2009-09-21 17:50 3695616 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-28 08:07 . 2009-11-28 10:40 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000454\maindata.sys
2009-11-27 08:05 . 2009-11-27 10:06 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000453\maindata.sys
2009-11-26 08:03 . 2009-11-26 10:02 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000452\maindata.sys
2009-11-25 08:02 . 2009-11-25 09:59 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000451\maindata.sys
2009-11-25 02:40 . 2009-11-25 02:40 975648 ----a-w- c:\programdata\Intuit\QuickBooks 2010\Components\DownloadQB20\Patch\qbpatch.exe
2009-11-25 02:40 . 2009-11-25 02:40 499712 ----a-w- c:\programdata\Intuit\QuickBooks 2010\Components\DownloadQB20\Patch\msvcp71.dll
2009-11-25 02:40 . 2009-11-25 02:40 348160 ----a-w- c:\programdata\Intuit\QuickBooks 2010\Components\DownloadQB20\Patch\msvcr71.dll
2009-11-24 08:04 . 2009-11-24 10:05 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000450\maindata.sys
2009-11-23 21:46 . 2007-10-08 21:09 229352 ----a-w- c:\users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-21 08:03 . 2009-11-21 10:05 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000449\maindata.sys
2009-11-20 08:04 . 2009-11-20 10:10 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000448\maindata.sys
2009-11-19 15:18 . 2009-11-19 15:18 1745 ----a-w- c:\programdata\Intuit\QuickBooks 2010\qbbackup.sys
2009-11-19 08:03 . 2009-11-19 10:02 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000447\maindata.sys
2009-11-18 08:01 . 2009-11-18 09:58 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000446\maindata.sys
2009-11-17 08:04 . 2009-11-17 10:05 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000445\maindata.sys
2009-11-16 08:02 . 2009-11-16 10:06 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000444\maindata.sys
2009-11-15 08:03 . 2009-11-15 10:08 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000443\maindata.sys
2009-11-14 08:01 . 2009-11-14 10:00 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000442\maindata.sys
2009-11-13 08:02 . 2009-11-13 11:41 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000441\maindata.sys
2009-11-12 08:03 . 2009-11-12 10:00 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000440\maindata.sys
2009-11-11 08:03 . 2009-11-11 10:01 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000439\maindata.sys
2009-11-10 08:03 . 2009-11-10 10:10 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000438\maindata.sys
2009-11-09 12:31 . 2009-12-09 23:58 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-09 23:58 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-09 23:58 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-09 08:03 . 2009-11-09 09:56 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000437\maindata.sys
2009-11-09 00:01 . 2009-11-09 00:01 79052 ----a-w- c:\windows\system32\drivers\AFS.SYS
2009-11-08 08:02 . 2009-11-08 09:54 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000436\maindata.sys
2009-11-07 08:03 . 2009-11-07 09:55 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000435\maindata.sys
2009-11-06 08:04 . 2009-11-06 09:55 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000434\maindata.sys
2009-11-05 08:01 . 2009-11-05 09:51 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000433\maindata.sys
2009-11-04 08:01 . 2009-11-04 09:51 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000432\maindata.sys
2009-11-03 10:12 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-02 08:01 . 2009-11-02 10:04 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000431\maindata.sys
2009-11-01 08:03 . 2009-11-01 10:01 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000430\maindata.sys
2009-10-31 08:02 . 2009-10-31 10:00 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000429\maindata.sys
2009-10-30 08:03 . 2009-10-30 10:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000428\maindata.sys
2009-10-29 09:17 . 2009-11-25 01:42 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-29 08:04 . 2009-10-29 10:04 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000427\maindata.sys
2009-10-28 08:03 . 2009-10-28 10:09 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000426\maindata.sys
2009-10-27 08:03 . 2009-10-27 10:07 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000425\maindata.sys
2009-10-26 23:24 . 2009-10-26 23:24 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-10-26 08:02 . 2009-10-26 09:55 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000424\maindata.sys
2009-10-25 08:02 . 2009-10-25 09:53 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000423\maindata.sys
.

((((((((((((((((((((((((((((( SnapShot_2010-01-23_01.58.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-08 21:43 . 2010-01-23 02:10 50432 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-01-23 02:10 56496 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-10-08 21:10 . 2010-01-23 02:10 13630 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1304129043-3560768821-2314269622-1000_UserData.bin
+ 2009-02-07 18:00 . 2009-09-21 17:51 15688 c:\windows\System32\lsdelete.exe
- 2009-02-07 18:00 . 2009-06-01 17:51 15688 c:\windows\System32\lsdelete.exe
+ 2006-11-02 13:02 . 2010-01-23 03:08 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2010-01-23 01:12 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2010-01-23 03:08 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 13:02 . 2010-01-23 01:12 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-04 00:42 . 2010-01-22 20:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-04 00:42 . 2010-01-23 02:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-04 00:42 . 2010-01-22 20:12 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-04 00:42 . 2010-01-23 02:08 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-04 00:42 . 2010-01-23 02:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-04 00:42 . 2010-01-22 20:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-23 02:08 . 2010-01-23 02:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-01-22 10:21 . 2010-01-22 20:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-01-22 10:21 . 2010-01-22 20:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-01-23 02:08 . 2010-01-23 02:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-29 16:02 . 2010-01-23 03:08 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-05-29 16:02 . 2010-01-23 01:12 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2006-11-02 13:02 . 2010-01-23 01:12 409600 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2010-01-23 03:08 409600 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherWatcher"="c:\program files\Weather Watcher\ww.exe" [2007-09-24 1024000]
"HeavyWeatherPublisher"="c:\heavyweather\HeavyWeatherPublisher.exe" [2004-02-23 1302528]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-10 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-12-18 622592]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-21 520024]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-08-31 996616]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-20 149280]

c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
heavy weather.lnk - c:\heavyweather\heavy weather.exe [2008-5-29 781312]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2007-10-16 267520]
DisplayKEY eSYNC Info.lnk - c:\program files\GE Security Supra\SyncInfoApp.exe [2009-5-21 102400]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-12-25 66864]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-3 1153824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):d6,05,a9,7a,15,33,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1304129043-3560768821-2314269622-1000]
"EnableNotificationsRef"=dword:00000002

R0 AFS;AFS;c:\windows\System32\drivers\AFS.SYS [11/8/2009 5:01 PM 79052]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [4/25/2009 10:51 AM 64160]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [11/4/2007 11:31 AM 1153368]
R2 SPDFCreatorPlusReadSpool;SolidPDFPlusCreatorReadSpool;c:\windows\Installer\MSIF8BC.tmp [2/26/2009 8:00 AM 189696]
R2 SPDFToolsReadSpool;SolidPDFToolsCreatorReadSpool;c:\windows\Installer\MSIEE5E.tmp [2/26/2009 8:18 AM 189696]
S2 CSHelper;CopySafe Helper Service;c:\windows\System32\CSHelper.exe [3/15/2009 6:58 PM 192512]
S2 gupdate1c9bca6f4ea33cd;Google Update Service (gupdate1c9bca6f4ea33cd);c:\program files\Google\Update\GoogleUpdate.exe [4/13/2009 7:16 PM 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [6/5/2008 8:46 AM 21504]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 2:34 PM 1028432]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KXLDYPOW
*Deregistered* - kxldypow

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-01-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 17:50]

2010-01-22 c:\windows\Tasks\GBM - Backup Job-Full.job
- c:\program files\Genie-Soft\GBMHome8\GBM8.exe [2007-10-08 12:28]

2010-01-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-10 06:07]

2010-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-14 02:15]

2010-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-14 02:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: bing.com
Trusted Zone: doccentral.com
Trusted Zone: fnismls.com
Trusted Zone: getmedianow.com
Trusted Zone: live.com
Trusted Zone: rdesk.com
Trusted Zone: rexplorer.net
Trusted Zone: safemls.net
Trusted Zone: showingtime.com
Trusted Zone: sitexdata.com
Trusted Zone: spellchecker.net
Trusted Zone: superior-host.com
Trusted Zone: transactionpoint.com
Trusted Zone: trpoint.com
Trusted Zone: virtualearth.net
Trusted Zone: xmlsweb.com
TCP: {30BBADAE-3AF0-48DB-BFFA-9AD645AF925A} = 208.67.220.220,208.67.222.222
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
DPF: ImageUploader - hxxp://www.assetval.com/app/ImageUploader.CAB
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {0CE0F418-1010-442D-871C-3454827DD539} - hxxp://facefun.com/FaceFun_webinstall/FaceFun.cab
DPF: {97770E5B-2028-48AC-B4DA-1F991376D2B6} - hxxp://download.copysafe.net/plugins5/installers/Copysafe.cab
DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://pro.realquest.com/mapviewer/mapviewer.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-22 20:32
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys >>UNKNOWN [0x85E058C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x87da2d24
\Driver\ACPI -> acpi.sys @ 0x82495d68
\Driver\atapi -> atapi.sys @ 0x825a79b0
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SPDFCreatorPlusReadSpool]
"ImagePath"="c:\windows\Installer\MSIF8BC.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SPDFToolsReadSpool]
"ImagePath"="c:\windows\Installer\MSIEE5E.tmp"
.
Completion time: 2010-01-22 20:38:49
ComboFix-quarantined-files.txt 2010-01-23 03:38
ComboFix2.txt 2010-01-23 02:04
ComboFix3.txt 2009-11-03 05:01
ComboFix4.txt 2009-09-03 21:53
ComboFix5.txt 2010-01-23 03:20

Pre-Run: 43,886,989,312 bytes free
Post-Run: 43,837,460,480 bytes free

- - End Of File - - 585A0A4BC6739D3F96C89F249A26C187

Thread: Google redirects

Thread Tools

Display

Threaded View

Posting Permissions