Search engine redirect issue (solved?)

Hi,

I've been reading many informative posts about how to rid my computer of this Google search redirect issue. I ran the latest Malwarebytes scanner and it found no infections (log posted below). I than ran Combofix and it deleted several files and seems to have cured the problem (log posted below). I'm hoping that you'll have the time to examine my Combofix log and let me know if there are any other steps I need to take to complete this process.

Thanks for your time,

Steve

Malwarebytes log
-------------------------

Malwarebytes' Anti-Malware 1.39
Database version: 2424
Windows 5.1.2600 Service Pack 2

7/13/2009 7:43:36 PM
mbam-log-2009-07-13 (19-43-36).txt

Scan type: Full Scan (C:\|)
Objects scanned: 243643
Time elapsed: 59 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-----------------------------------------------------------------------------------------------

Combofix log
------------------

ComboFix 09-07-13.01 - Lee 07/13/2009 19:57.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894.630 [GMT -7:00]
Running from: F:\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\System\Uninstall
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\recycler\S-1-5-21-3203435343-114941850-2664112879-500
C:\test.txt
c:\windows\kb913800.exe
c:\windows\system32\drivers\SKYNETqmkqaakk.sys
c:\windows\system32\SKYNETkndmxkih.dll
c:\windows\system32\SKYNETudiyeivi.dat
c:\windows\system32\SKYNETuovxwysf.dat
c:\windows\system32\SKYNETwxpyfssg.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETuyoqmrin


((((((((((((((((((((((((( Files Created from 2009-06-14 to 2009-07-14 )))))))))))))))))))))))))))))))
.

2009-07-13 00:41 . 2009-07-13 00:41 -------- d--h--w- c:\windows\PIF
2009-07-13 00:02 . 2009-07-13 00:02 -------- d-----w- c:\program files\Synametrics Technologies
2009-07-10 15:11 . 2009-07-10 15:11 -------- d-----w- c:\program files\Seagate
2009-07-10 15:11 . 2009-07-10 15:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
2009-06-15 01:15 . 2009-06-15 01:16 -------- d-----w- c:\documents and settings\Steve\Application Data\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-14 02:44 . 2009-02-01 19:56 -------- d-----w- c:\documents and settings\Lee\Application Data\U3
2009-07-14 01:41 . 2009-03-13 02:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-14 01:41 . 2009-04-02 04:15 3775176 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-13 20:36 . 2009-03-13 02:16 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 20:36 . 2009-03-13 02:16 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-10 22:00 . 2008-01-04 21:59 -------- d-----w- c:\program files\Norton Security Scan
2009-07-10 14:57 . 2007-12-01 23:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-09 19:02 . 2007-12-08 23:34 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-07-05 16:53 . 2007-12-09 03:03 -------- d-----w- c:\documents and settings\Lee\Application Data\ZoomBrowser EX
2009-07-04 22:59 . 2007-12-09 03:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-06-16 00:20 . 2009-06-13 18:40 -------- d-----w- c:\program files\RealArcade
2009-06-13 18:44 . 2009-06-13 18:44 -------- d-----w- c:\documents and settings\Jacob\Application Data\iWin
2009-06-13 18:42 . 2009-06-13 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\RealArcade
2009-05-16 17:07 . 2009-05-16 17:07 -------- d-----w- c:\program files\YouTube Downloader
2009-05-10 18:49 . 2008-08-31 17:52 256 ----a-w- c:\windows\system32\pool.bin
2009-05-07 15:44 . 2007-12-01 20:40 344064 ------w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2006-06-17 09:23 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2007-12-01 20:38 78336 ------w- c:\windows\system32\ieencode.dll
2009-04-17 09:58 . 2006-06-17 09:23 1846656 ------w- c:\windows\system32\win32k.sys
2009-04-15 15:26 . 2007-12-01 20:42 583168 ----a-w- c:\windows\system32\rpcrt4.dll
2007-11-28 19:12 . 2007-12-09 01:53 67696 ------w- c:\program files\mozilla firefox\components\jar50.dll
2007-11-28 19:12 . 2007-12-09 01:53 54376 ------w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-11-28 19:12 . 2007-12-09 01:53 34952 ------w- c:\program files\mozilla firefox\components\myspell.dll
2007-11-28 19:12 . 2007-12-09 01:53 46720 ------w- c:\program files\mozilla firefox\components\spellchk.dll
2007-11-28 19:12 . 2007-12-09 01:53 172144 ------w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-30 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-11-12 1236992]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 228088]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-02-14 282624]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2006-01-20 544768]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BounceBack Launcher.lnk - c:\program files\CMS Products\BounceBack Express\BBLauncher.exe [2007-12-8 90112]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

R2 DeltaCopyService;DeltaCopy Server;c:\program files\Synametrics Technologies\DeltaCopy\DCServce.exe [2/4/2009 9:28 AM 681984]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [5/1/2009 2:35 PM 181544]
R2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [12/8/2007 8:07 PM 7424]
.
Contents of the 'Scheduled Tasks' folder

2009-07-13 c:\windows\Tasks\FullC.job
- c:\program files\Synametrics Technologies\DeltaCopy\FullC.dcp [2009-07-13 00:44]

2009-07-12 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-04-20 06:42]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mSearch Bar = hxxp://www.google.com/
mSearchMigratedDefaultURL = hxxp://www.google.com/
mSearchURL = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Lee\Application Data\Mozilla\Firefox\Profiles\kjwqv5dc.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-13 20:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2009-07-14 20:09
ComboFix-quarantined-files.txt 2009-07-14 03:09

Pre-Run: 18,518,007,808 bytes free
Post-Run: 22,569,381,888 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

137 --- E O F --- 2009-06-10 10:07

Hi Steve, welcome to Lockergnome.

Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.