Results 1 to 6 of 6

Thread: Search Redirect Issue

  1. #1
    Junior Member
    Join Date
    Aug 2011
    Posts
    3

    Default Search Redirect Issue

    I have never used one of these forums for a issue so please go easy on this nOOb. I have been a long time user of sbsd, but i failed recently when i reformated my hd on my work computer. I was in a hury to get back to my project and failed to load....ANY protection. Time to pay the piper.

    Think i have read through and done the proper steps outlined.


    I have run several cleaners, spywear, anti-virus.. hell anything i could ge my hands on.

    hope you still feel like helping me.

    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by Brian at 9:50:27 on 2011-08-01
    Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2942.1853 [GMT -7:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Program Files\AVAST Software\Avast\afwServ.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\LSI SoftModem\agrsmsvc.exe
    C:\Windows\system32\atashost.exe
    C:\Program Files\Starfield\offSyncService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\RUNDLL32.EXE
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.foxnews.com/
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll__BHODemonDisabled
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll__BHODemonDisabled
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://quotesoft.webex.com/client/T27LC/support/ieatgpc1.cab
    TCP: DhcpNameServer = 192.168.1.97
    TCP: Interfaces\{63134491-27DF-4B82-B165-08C614989FF1} : NameServer = 209.206.160.254,209.206.160.253
    TCP: Interfaces\{63134491-27DF-4B82-B165-08C614989FF1} : DhcpNameServer = 192.168.1.97
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-7-28 12112]
    R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-7-28 194264]
    R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-7-28 103384]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-28 441176]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-28 309848]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-28 19544]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-7-28 54104]
    R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2011-1-28 119608]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-28 42184]
    R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2011-7-28 121000]
    R2 File Backup;File Backup Service;c:\program files\starfield\offSyncService.exe [2011-1-5 1212144]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-1-27 21504]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]
    R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
    R3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;c:\windows\system32\drivers\AVer88xHD.sys [2011-2-28 401408]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-7-22 1153368]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-08-01 16:25:13 -------- d-----w- c:\program files\SpywareBlaster
    2011-07-28 20:42:29 103384 ----a-w- c:\windows\system32\drivers\aswFW.sys
    2011-07-28 20:42:20 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-07-28 20:42:20 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-07-28 20:42:20 194264 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
    2011-07-28 20:41:45 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
    2011-07-28 20:41:44 40112 ----a-w- c:\windows\avastSS.scr
    2011-07-28 20:41:28 -------- d-----w- c:\programdata\AVAST Software
    2011-07-28 20:41:28 -------- d-----w- c:\program files\AVAST Software
    2011-07-28 20:13:05 574 ----a-w- C:\cleanup.bat
    2011-07-28 20:13:05 135168 ----a-w- C:\zip.exe
    2011-07-28 15:30:39 -------- d-----w- c:\program files\Emsisoft Anti-Malware
    2011-07-27 19:37:39 -------- d-----w- c:\windows\pss
    2011-07-27 15:55:01 -------- d-----w- c:\program files\Trend Micro
    2011-07-26 20:49:45 -------- d-----w- c:\program files\common files\xing shared
    2011-07-26 20:36:00 -------- d-----w- c:\programdata\FreeRIP
    2011-07-22 20:43:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-07-22 20:43:53 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
    2011-07-22 20:43:52 1797632 ----a-w- c:\windows\system32\jscript9.dll
    2011-07-22 20:33:26 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2011-07-22 19:55:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-07-22 19:55:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-07-21 18:15:52 64512 --sha-r- c:\windows\system32\unbcll.dll
    .
    ==================== Find3M ====================
    .
    2011-07-26 20:49:34 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-07-26 20:49:34 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-07-21 18:13:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-02 13:34:49 2043392 ----a-w- c:\windows\system32\win32k.sys
    2011-05-25 02:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
    .
    ============= FINISH: 9:51:22.32 ===============

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi randbiswe,

    Your post is a few days old, if you still need help simply reply back.
    How Can I Reduce My Risk?

  3. #3
    Junior Member
    Join Date
    Aug 2011
    Posts
    3

    Default Help still needed

    Thanks for asking... i do still have the re-direct issue. Any help would be great.

  4. #4
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    ok. We will start with combofix. There is a guide to read first. Read through the guide then apply the directions on your own machine. Post the combofix log.

    Guide to using Combofix
    How Can I Reduce My Risk?

  5. #5
    Junior Member
    Join Date
    Aug 2011
    Posts
    3

    Default ComboFix Log

    ComboFix 11-08-16.02 - Brian 08/16/2011 8:48.1.2 - x86
    Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2942.2010 [GMT -7:00]
    Running from: c:\users\Brian\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\zip.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-16 to 2011-08-16 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-16 15:57 . 2011-08-16 15:57 -------- d-----w- c:\users\Brian\AppData\Local\temp
    2011-08-16 15:57 . 2011-08-16 15:57 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-08-15 19:03 . 2011-08-15 21:28 -------- d-----w- C:\## aswSnx private storage
    2011-08-11 17:39 . 2011-08-11 17:39 -------- d-----w- c:\users\UpdatusUser
    2011-08-11 17:38 . 2011-08-03 11:50 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll
    2011-08-11 17:30 . 2011-08-03 11:50 6613096 ----a-w- c:\windows\system32\nvwgf2um.dll
    2011-08-11 17:30 . 2011-08-03 11:50 57960 ----a-w- c:\windows\system32\OpenCL.dll
    2011-08-11 17:30 . 2011-08-03 11:50 16595560 ----a-w- c:\windows\system32\nvoglv32.dll
    2011-08-11 17:30 . 2011-08-03 11:50 914024 ----a-w- c:\windows\system32\nvdispco32.dll
    2011-08-11 17:30 . 2011-08-03 11:50 875112 ----a-w- c:\windows\system32\nvgenco32.dll
    2011-08-11 17:30 . 2011-08-03 11:50 5404776 ----a-w- c:\windows\system32\nvcuda.dll
    2011-08-11 17:30 . 2011-08-03 11:50 2391656 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-08-11 17:30 . 2011-08-03 11:50 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-08-11 17:30 . 2011-08-03 11:50 17193576 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-08-11 17:30 . 2011-08-03 11:50 12636776 ----a-w- c:\windows\system32\nvd3dum.dll
    2011-08-11 17:30 . 2011-08-03 11:50 10304104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2011-08-11 16:43 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-08-11 16:33 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-08-11 16:33 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-08-11 16:33 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
    2011-08-11 16:33 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-08-11 16:33 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-08-05 14:31 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-08-05 14:31 . 2011-08-05 14:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-08-05 14:31 . 2011-07-07 02:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-03 10:31 . 2011-08-03 10:31 311912 ----a-w- c:\windows\system32\nvStreaming.exe
    2011-08-01 16:40 . 2011-08-01 16:41 -------- d-----w- c:\program files\ERUNT
    2011-08-01 16:25 . 2011-08-05 14:19 -------- d-----w- c:\program files\SpywareBlaster
    2011-07-28 20:41 . 2011-08-16 15:31 -------- d-----w- c:\programdata\AVAST Software
    2011-07-28 20:41 . 2011-07-28 20:41 -------- d-----w- c:\program files\AVAST Software
    2011-07-28 20:13 . 2011-07-28 20:13 574 ----a-w- C:\cleanup.bat
    2011-07-28 15:30 . 2011-08-01 15:36 -------- d-----w- c:\program files\Emsisoft Anti-Malware
    2011-07-27 15:55 . 2011-07-27 15:55 -------- d-----w- c:\program files\Trend Micro
    2011-07-26 20:49 . 2011-07-26 20:49 -------- d-----w- c:\program files\Common Files\xing shared
    2011-07-26 20:49 . 2011-07-27 20:26 -------- d-----w- c:\program files\Real
    2011-07-26 20:36 . 2011-07-26 20:36 -------- d-----w- c:\programdata\FreeRIP
    2011-07-22 20:26 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
    2011-07-22 20:26 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-07-22 20:26 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-07-22 20:26 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-07-22 20:26 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
    2011-07-22 20:26 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
    2011-07-22 20:26 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
    2011-07-22 20:26 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2011-07-22 20:26 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-07-22 20:26 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-22 20:26 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
    2011-07-22 19:55 . 2011-08-16 15:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-07-22 19:55 . 2011-07-22 19:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-07-21 18:15 . 2011-07-21 18:15 64512 --sha-r- c:\windows\system32\unbcll.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-03 11:50 . 2011-04-13 17:22 111208 ----a-w- c:\windows\system32\nvmctray.dll
    2011-08-03 11:50 . 2011-04-13 17:22 3730024 ----a-w- c:\windows\system32\nvcpl.dll
    2011-08-03 11:50 . 2011-01-26 18:49 2412136 ----a-w- c:\windows\system32\nvapi.dll
    2011-08-03 11:50 . 2010-10-16 20:42 599144 ----a-w- c:\windows\system32\nvvsvc.exe
    2011-08-03 11:50 . 2010-10-16 20:42 2558568 ----a-w- c:\windows\system32\nvsvc.dll
    2011-08-03 11:50 . 2010-10-08 09:57 66664 ----a-w- c:\windows\system32\nvshext.dll
    2011-07-26 20:49 . 2011-02-07 18:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-07-26 20:49 . 2011-02-07 18:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-07-21 18:13 . 2011-05-16 15:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-25 02:14 . 2011-01-26 21:30 222080 ------w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-06-06 19:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
    2010-03-13 22:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2011-07-26 20:49 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1844090555-32039923-1334992163-1000]
    "EnableNotificationsRef"=dword:00000001
    .
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-08-16 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2011-01-26 15:26]
    .
    2011-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844090555-32039923-1334992163-1000Core.job
    - c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-05 20:43]
    .
    2011-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844090555-32039923-1334992163-1000UA.job
    - c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-05 20:43]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.foxnews.com/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    Trusted Zone: bxwa.com\www
    TCP: DhcpNameServer = 192.168.1.97
    TCP: Interfaces\{63134491-27DF-4B82-B165-08C614989FF1}: NameServer = 209.206.160.254,209.206.160.253
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-LSI Soft Modem - c:\windows\agrsmdel
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-08-16 08:57
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    Completion time: 2011-08-16 09:00:31
    ComboFix-quarantined-files.txt 2011-08-16 16:00
    .
    Pre-Run: 371,162,034,176 bytes free
    Post-Run: 371,067,527,168 bytes free
    .
    Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
    - - End Of File - - 3812EEE6CE0D7004A8582A0FBD288CB2

  6. #6
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    We will get another download for you to use:

    Please download TDSS Killer.exe and save it to your desktop

    Double click to launch the utility. Vista and Windows 7 right click and "run as admin.." After it initializes click the start scan button.


    "The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."


    If an infected file is detected, the default action will be Cure, click on Continue.

    If a suspicious file is detected, the default action will be Skip, click on Continue.

    It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.


    A report can also be found in your Root drive Local Disk (C) as TDSSKiller.2.4.12.0_02.01.2011_17.32.21_log.txt (name, version, date, time, log.txt)

    Please post the log report
    How Can I Reduce My Risk?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •