[RESOLVED] Google redirect

[Drs Orders]

ComboFix 10-08-14.02 - Paul 08/14/2010 19:17:37.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3710.3155 [GMT -4:00]
Running from: c:\documents and settings\Paul\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\settings.reg
c:\windows\system32\Data
c:\windows\system32\syoepk_lib0.dll

.
((((((((((((((((((((((((( Files Created from 2010-07-14 to 2010-08-14 )))))))))))))))))))))))))))))))
.

2010-08-14 12:13 . 2010-08-14 23:12 8136704 ---ha-w- c:\windows\system32\SecSigDB.BIN
2010-08-14 12:13 . 2010-08-14 23:12 450000 ---ha-w- c:\windows\system32\NameDB.BIN
2010-08-14 12:13 . 2010-08-14 12:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2010-08-14 12:09 . 2010-08-14 13:13 -------- d-----w- c:\program files\Max Spyware Detector
2010-08-13 00:00 . 2010-08-13 00:02 -------- d-----w- C:\6a90c1337582c2e567f20e
2010-08-12 10:45 . 2010-08-12 10:45 -------- d-----w- c:\program files\Trend Micro
2010-08-12 03:10 . 2010-08-12 03:10 433384 ------w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-11 18:25 . 2010-08-11 18:40 -------- d-----w- c:\documents and settings\Paul\Application Data\GARMIN
2010-08-11 18:25 . 2010-08-11 18:25 -------- d-----w- c:\program files\Garmin GPS Plugin
2010-08-11 13:04 . 2010-08-11 13:04 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-08-10 04:17 . 2010-08-10 04:17 -------- d-----w- c:\program files\Pure Networks
2010-08-10 04:16 . 2010-08-10 03:52 34226736 ------w- c:\documents and settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe
2010-08-10 02:03 . 2010-08-10 02:03 16384 ------w- C:\SZKGFS.dat
2010-08-10 02:01 . 2010-08-10 02:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-08-10 01:59 . 2010-08-10 01:59 -------- d-----w- c:\program files\Common Files\iS3
2010-08-10 01:59 . 2010-08-10 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-08-04 03:01 . 2010-08-04 03:04 -------- d-----w- c:\program files\Windows Live Safety Center
2010-08-03 13:47 . 2010-08-03 13:54 -------- d-----w- c:\documents and settings\Paul\Application Data\SafeReturner
2010-08-03 13:47 . 2010-08-05 04:31 -------- d-----w- c:\program files\Safe Returner
2010-07-18 16:27 . 2010-07-18 16:27 65536 ------w- c:\documents and settings\Paul\Application Data\Microsoft\Installer\{A4C7096C-DB17-4B31-BBDB-E805513AA637}\FotoCanvasLitePMFolderShortcut.exe
2010-07-18 16:27 . 2010-07-18 16:27 65536 ------w- c:\documents and settings\Paul\Application Data\Microsoft\Installer\{A4C7096C-DB17-4B31-BBDB-E805513AA637}\FotoCanvasLiteDesktopShortcut.exe
2010-07-18 16:27 . 2010-07-18 16:27 61440 ------w- c:\documents and settings\Paul\Application Data\Microsoft\Installer\{A4C7096C-DB17-4B31-BBDB-E805513AA637}\ACDSeePMFolderShortcut.exe
2010-07-18 16:27 . 2010-07-18 16:27 61440 ------w- c:\documents and settings\Paul\Application Data\Microsoft\Installer\{A4C7096C-DB17-4B31-BBDB-E805513AA637}\ACDSeeDesktopShortcut.exe
2010-07-18 16:27 . 2010-07-18 16:27 15150 ------w- c:\documents and settings\Paul\Application Data\Microsoft\Installer\{A4C7096C-DB17-4B31-BBDB-E805513AA637}\PowerPackNow.exe
2010-07-18 16:27 . 2010-07-18 16:27 15150 ------w- c:\documents and settings\Paul\Application Data\Microsoft\Installer\{A4C7096C-DB17-4B31-BBDB-E805513AA637}\ACDSeeNowShortcut.exe
2010-07-18 16:27 . 2010-07-18 16:27 12062 ------w- c:\documents and settings\Paul\Application Data\Microsoft\Installer\{A4C7096C-DB17-4B31-BBDB-E805513AA637}\ARPPRODUCTICON.exe
2010-07-18 16:27 . 2010-07-18 16:27 -------- d-----w- c:\program files\ACD Systems
2010-07-18 02:52 . 2010-07-18 02:52 -------- d-----w- c:\program files\OSS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-14 23:12 . 2010-02-09 13:30 123 ----a-w- c:\documents and settings\All Users\Application Data\Max Secure\Max Spyware Detector\SysSD.dll
2010-08-13 17:13 . 2010-02-19 23:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-13 17:13 . 2010-06-20 23:38 -------- d-----w- c:\program files\Spyware Doctor
2010-08-11 18:25 . 2010-02-21 16:54 -------- d-----w- c:\program files\Garmin
2010-08-11 00:21 . 2010-06-27 16:25 201649 ------w- c:\windows\Photo Pos Pro Uninstaller.exe
2010-08-11 00:21 . 2010-06-27 16:25 -------- d-----w- c:\program files\Photo Pos Pro
2010-08-11 00:05 . 2010-02-09 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-10 23:58 . 2010-02-08 21:04 75872 ------w- c:\documents and settings\Paul\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-10 23:36 . 2010-02-09 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-10 23:36 . 2010-02-09 04:33 -------- d-----w- c:\program files\CCleaner
2010-08-10 04:17 . 2010-02-09 13:17 8892928 ------w- c:\documents and settings\All Users\Application Data\atscie.msi
2010-08-10 03:53 . 2010-02-28 20:56 -------- d-----w- c:\program files\ClocX
2010-08-07 13:43 . 2010-02-08 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-08-05 04:31 . 2010-06-13 23:08 -------- d-----r- c:\program files\Skype
2010-08-04 05:05 . 2010-02-08 18:46 -------- d-----w- c:\program files\Common Files\Webroot Shared
2010-07-23 21:38 . 2010-06-13 23:09 -------- d-----w- c:\documents and settings\Paul\Application Data\Skype
2010-07-23 21:37 . 2010-06-13 23:11 -------- d-----w- c:\documents and settings\Paul\Application Data\skypePM
2010-07-18 16:27 . 2010-02-09 12:12 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-07-18 03:26 . 2010-02-19 20:37 -------- d-----w- c:\program files\Uniblue
2010-07-18 03:12 . 2010-02-19 20:37 -------- d-----w- c:\documents and settings\Paul\Application Data\Uniblue
2010-07-17 17:48 . 2010-04-11 17:33 -------- d-----w- c:\program files\RegCure
2010-07-05 13:47 . 2010-02-09 01:33 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-30 12:31 . 2006-02-28 12:00 149504 ------w- c:\windows\system32\schannel.dll
2010-06-27 16:25 . 2010-06-27 16:25 -------- d-----w- c:\program files\Common Files\Thraex Software
2010-06-24 12:22 . 2006-02-28 12:00 916480 ------w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2006-02-28 12:00 1851904 ------w- c:\windows\system32\win32k.sys
2010-06-22 19:23 . 2010-02-08 19:45 243024 ------w- c:\windows\system32\drivers\avgtdix.sys
2010-06-22 19:23 . 2010-06-22 19:23 12536 ------w- c:\windows\system32\avgrsstx.dll
2010-06-22 19:23 . 2010-02-08 19:45 216400 ------w- c:\windows\system32\drivers\avgldx86.sys
2010-06-21 15:27 . 2006-02-28 12:00 354304 ------w- c:\windows\system32\drivers\srv.sys
2010-06-20 23:39 . 2010-06-20 23:38 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-20 23:38 . 2010-06-20 23:38 -------- d-----w- c:\documents and settings\Paul\Application Data\PC Tools
2010-06-20 23:38 . 2010-06-20 23:38 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-06-20 03:08 . 2010-06-20 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-06-20 02:57 . 2010-06-20 02:57 -------- d-----w- c:\program files\Adobe Media Player
2010-06-20 02:55 . 2010-06-20 02:55 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-20 02:52 . 2010-06-20 02:52 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-06-19 10:38 . 2010-06-19 10:38 -------- d-----w- c:\program files\Canon
2010-06-17 14:03 . 2006-02-28 12:00 80384 ------w- c:\windows\system32\iccvid.dll
2010-06-17 13:51 . 2010-02-20 04:10 117760 ------w- c:\documents and settings\Paul\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-16 13:23 . 2010-06-16 13:23 -------- d-----w- c:\program files\Reference Assemblies
2010-06-14 14:31 . 2010-02-08 20:39 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 09:57 . 2010-04-06 10:10 528384 ------w- c:\windows\system32\PosGRP.dll
2010-06-14 07:41 . 2006-02-28 12:00 1172480 ------w- c:\windows\system32\msxml3.dll
2010-06-13 23:11 . 2010-06-13 23:11 56 ------w- c:\windows\system32\ezsidmv.dat
2010-06-01 19:58 . 2010-02-08 19:45 29584 ------w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-01 15:58 . 2010-04-06 10:10 53248 ------w- c:\windows\system32\PosTBsknLib.dll
2010-05-27 15:44 . 2010-05-27 15:44 237320 ------w- c:\windows\system32\PDBoot.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"MyGarminAgent"="c:\program files\Garmin\MyGarminAgent\MyGarminAgent.exe" [2010-03-16 337256]
"SDActiveMonitor"="c:\program files\Max Spyware Detector\MaxSDTray.exe" [2010-08-05 718520]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-2-8 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ------w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-22 19:23 12536 ------w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 17:28 72208 ------w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MaxDSrv]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Firefox Preloader.lnk]
backup=c:\windows\pss\Firefox Preloader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Paul^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Paul^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 11:58 611712 ------w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2007-04-04 19:41 970752 ------w- c:\program files\Common Files\Adobe\Updater\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-06-22 19:23 2065760 ------w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-10-09 16:28 139264 ------w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2005-10-31 18:51 57344 ------w- c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ------w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24 54840 ------w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2001-11-07 18:36 196608 ------w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 14:54 150016 ------w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCalendar]
2008-03-16 00:23 2774528 ------w- c:\program files\Desksware\Desktop iCal\Calendar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2006-07-25 20:55 1043968 ------w- c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2010-06-20 23:57 1287120 ------w- c:\program files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
2002-12-10 23:32 155648 ------w- c:\program files\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
2002-12-10 23:31 61440 ------w- c:\program files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
2002-12-10 22:54 127022 ------w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-04-29 19:39 437584 ------w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 21:40 155648 ------w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2009-07-07 19:48 647216 ------w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-16 22:01 86016 ------w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ------w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDActiveMonitor]
2010-08-05 03:00 718520 ------w- c:\program files\Max Spyware Detector\MaxSDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 20:21 246504 ------w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-03-29 12:29 2012912 ------w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
2003-08-04 13:00 196096 ------w- c:\program files\Webroot\Washer\wwDisp.exe