PDA

View Full Version : Search Redirect Issue



randbiswe
2011-08-01, 20:10
I have never used one of these forums for a issue so please go easy on this nOOb. I have been a long time user of sbsd, but i failed recently when i reformated my hd on my work computer. I was in a hury to get back to my project and failed to load....ANY protection. Time to pay the piper.

Think i have read through and done the proper steps outlined.


I have run several cleaners, spywear, anti-virus.. hell anything i could ge my hands on.

hope you still feel like helping me.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Brian at 9:50:27 on 2011-08-01
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2942.1853 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Starfield\offSyncService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.foxnews.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll__BHODemonDisabled
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll__BHODemonDisabled
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://quotesoft.webex.com/client/T27LC/support/ieatgpc1.cab
TCP: DhcpNameServer = 192.168.1.97
TCP: Interfaces\{63134491-27DF-4B82-B165-08C614989FF1} : NameServer = 209.206.160.254,209.206.160.253
TCP: Interfaces\{63134491-27DF-4B82-B165-08C614989FF1} : DhcpNameServer = 192.168.1.97
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-7-28 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-7-28 194264]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-7-28 103384]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-28 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-28 309848]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-28 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-7-28 54104]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2011-1-28 119608]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-28 42184]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2011-7-28 121000]
R2 File Backup;File Backup Service;c:\program files\starfield\offSyncService.exe [2011-1-5 1212144]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-1-27 21504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
R3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;c:\windows\system32\drivers\AVer88xHD.sys [2011-2-28 401408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-7-22 1153368]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-08-01 16:25:13 -------- d-----w- c:\program files\SpywareBlaster
2011-07-28 20:42:29 103384 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-07-28 20:42:20 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-28 20:42:20 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-28 20:42:20 194264 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-07-28 20:41:45 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2011-07-28 20:41:44 40112 ----a-w- c:\windows\avastSS.scr
2011-07-28 20:41:28 -------- d-----w- c:\programdata\AVAST Software
2011-07-28 20:41:28 -------- d-----w- c:\program files\AVAST Software
2011-07-28 20:13:05 574 ----a-w- C:\cleanup.bat
2011-07-28 20:13:05 135168 ----a-w- C:\zip.exe
2011-07-28 15:30:39 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-07-27 19:37:39 -------- d-----w- c:\windows\pss
2011-07-27 15:55:01 -------- d-----w- c:\program files\Trend Micro
2011-07-26 20:49:45 -------- d-----w- c:\program files\common files\xing shared
2011-07-26 20:36:00 -------- d-----w- c:\programdata\FreeRIP
2011-07-22 20:43:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 20:43:53 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-07-22 20:43:52 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 20:33:26 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-07-22 19:55:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-07-22 19:55:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-21 18:15:52 64512 --sha-r- c:\windows\system32\unbcll.dll
.
==================== Find3M ====================
.
2011-07-26 20:49:34 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-07-26 20:49:34 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-07-21 18:13:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 13:34:49 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-05-25 02:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 9:51:22.32 ===============

shelf life
2011-08-12, 00:46
hi randbiswe,

Your post is a few days old, if you still need help simply reply back.

randbiswe
2011-08-15, 22:42
Thanks for asking... i do still have the re-direct issue. Any help would be great.

shelf life
2011-08-16, 00:05
ok. We will start with combofix. There is a guide to read first. Read through the guide then apply the directions on your own machine. Post the combofix log.

Guide to using Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

randbiswe
2011-08-16, 19:09
ComboFix 11-08-16.02 - Brian 08/16/2011 8:48.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2942.2010 [GMT -7:00]
Running from: c:\users\Brian\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\zip.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-16 to 2011-08-16 )))))))))))))))))))))))))))))))
.
.
2011-08-16 15:57 . 2011-08-16 15:57 -------- d-----w- c:\users\Brian\AppData\Local\temp
2011-08-16 15:57 . 2011-08-16 15:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-15 19:03 . 2011-08-15 21:28 -------- d-----w- C:\## aswSnx private storage
2011-08-11 17:39 . 2011-08-11 17:39 -------- d-----w- c:\users\UpdatusUser
2011-08-11 17:38 . 2011-08-03 11:50 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-08-11 17:30 . 2011-08-03 11:50 6613096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-08-11 17:30 . 2011-08-03 11:50 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-11 17:30 . 2011-08-03 11:50 16595560 ----a-w- c:\windows\system32\nvoglv32.dll
2011-08-11 17:30 . 2011-08-03 11:50 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-08-11 17:30 . 2011-08-03 11:50 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-08-11 17:30 . 2011-08-03 11:50 5404776 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-11 17:30 . 2011-08-03 11:50 2391656 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-11 17:30 . 2011-08-03 11:50 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-11 17:30 . 2011-08-03 11:50 17193576 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-11 17:30 . 2011-08-03 11:50 12636776 ----a-w- c:\windows\system32\nvd3dum.dll
2011-08-11 17:30 . 2011-08-03 11:50 10304104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-08-11 16:43 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-11 16:33 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-11 16:33 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-11 16:33 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-11 16:33 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-11 16:33 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-05 14:31 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-05 14:31 . 2011-08-05 14:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-05 14:31 . 2011-07-07 02:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-03 10:31 . 2011-08-03 10:31 311912 ----a-w- c:\windows\system32\nvStreaming.exe
2011-08-01 16:40 . 2011-08-01 16:41 -------- d-----w- c:\program files\ERUNT
2011-08-01 16:25 . 2011-08-05 14:19 -------- d-----w- c:\program files\SpywareBlaster
2011-07-28 20:41 . 2011-08-16 15:31 -------- d-----w- c:\programdata\AVAST Software
2011-07-28 20:41 . 2011-07-28 20:41 -------- d-----w- c:\program files\AVAST Software
2011-07-28 20:13 . 2011-07-28 20:13 574 ----a-w- C:\cleanup.bat
2011-07-28 15:30 . 2011-08-01 15:36 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-07-27 15:55 . 2011-07-27 15:55 -------- d-----w- c:\program files\Trend Micro
2011-07-26 20:49 . 2011-07-26 20:49 -------- d-----w- c:\program files\Common Files\xing shared
2011-07-26 20:49 . 2011-07-27 20:26 -------- d-----w- c:\program files\Real
2011-07-26 20:36 . 2011-07-26 20:36 -------- d-----w- c:\programdata\FreeRIP
2011-07-22 20:26 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-22 20:26 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-22 20:26 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-07-22 20:26 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-07-22 20:26 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-07-22 20:26 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-07-22 20:26 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-22 20:26 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-07-22 20:26 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-07-22 20:26 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-22 20:26 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-07-22 19:55 . 2011-08-16 15:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-07-22 19:55 . 2011-07-22 19:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-21 18:15 . 2011-07-21 18:15 64512 --sha-r- c:\windows\system32\unbcll.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-03 11:50 . 2011-04-13 17:22 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-03 11:50 . 2011-04-13 17:22 3730024 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:50 . 2011-01-26 18:49 2412136 ----a-w- c:\windows\system32\nvapi.dll
2011-08-03 11:50 . 2010-10-16 20:42 599144 ----a-w- c:\windows\system32\nvvsvc.exe
2011-08-03 11:50 . 2010-10-16 20:42 2558568 ----a-w- c:\windows\system32\nvsvc.dll
2011-08-03 11:50 . 2010-10-08 09:57 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-07-26 20:49 . 2011-02-07 18:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-07-26 20:49 . 2011-02-07 18:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-07-21 18:13 . 2011-05-16 15:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-25 02:14 . 2011-01-26 21:30 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 19:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 22:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-07-26 20:49 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1844090555-32039923-1334992163-1000]
"EnableNotificationsRef"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-16 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-01-26 15:26]
.
2011-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844090555-32039923-1334992163-1000Core.job
- c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-05 20:43]
.
2011-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844090555-32039923-1334992163-1000UA.job
- c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-05 20:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: bxwa.com\www
TCP: DhcpNameServer = 192.168.1.97
TCP: Interfaces\{63134491-27DF-4B82-B165-08C614989FF1}: NameServer = 209.206.160.254,209.206.160.253
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-16 08:57
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-08-16 09:00:31
ComboFix-quarantined-files.txt 2011-08-16 16:00
.
Pre-Run: 371,162,034,176 bytes free
Post-Run: 371,067,527,168 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 3812EEE6CE0D7004A8582A0FBD288CB2

shelf life
2011-08-16, 23:51
We will get another download for you to use:

Please download TDSS Killer.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your desktop

Double click to launch the utility. Vista and Windows 7 right click and "run as admin.." After it initializes click the start scan button.


"The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."


If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.


A report can also be found in your Root drive Local Disk (C) as TDSSKiller.2.4.12.0_02.01.2011_17.32.21_log.txt (name, version, date, time, log.txt)

Please post the log report