Happy to try to help!

There seem to be a lot of different variations of this redirecting malware going around these days. Usually MBAM will detect and remove some of the rootkit components, but I...

I do not think so - that log is clean.... This is the first time I've seen the new version of GooredFix, so maybe I'm misreading it.

I had been leaning toward a rootkitted malware being...

OK - Let's do this before breaking out the big guns:

Please download jpshortstuff's GooredFix.exe (http://jpshortstuff.247fixes.com/GooredFix.exe) to your Desktop.
-- Make sure all browsers are...

Sorry for the late reply - busy weekend.

I do not see much there - A few things I do not recognize, but that doesn't make them baddies...

-- You do need to update your Java and Adobe Reader...

You're welcome! :)

Happy to help :)

-- I need to see the DDS.txt
Run it again and copy and paste that into your reply.
I don't need another attach.txt. Just the DDS.txt.

I will check back as time permits over...

Honestly, I would need to see a scanlog or two from the combofix runs. Too many different possibilities to speculate....

Lots of nasties with rootkit components these days - that makes them hard...

Happy to help :)

I really haven't had time to look closely at your logs, but at quick glance they look OK - nothing really jumps out at me.

How are things running?

-- You should update your...

Please do the following:

Download Malwarebytes' Anti-Malware (MBA-M) ( http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button) to your...

Repairs/resets currentcontrolset registry values.

PP :)

Happy to help :)

More often than not, this is due to malware. I have seen a lot of compys issued by schools and businesses restrict this sort of access as well.
Some solid "real time" protection...

I am not particularly familiar with Norton, but I would imagine that if you RightClick your Norton tray icon you'd have the option to disable it.

I understand that some Norton has "software tamper...

Please download FixIt.reg (http://forum.networktechs.com/attachment.php?attachmentid=1918&d=1256845865) to your Desktop.
DoubleClick on FixIt.reg and allow it to merge into the registry.

Reboot...

Happy to help.

-- That is a bit worrisome. Did you run chkdsk?
-- Do you know what this is ---> ByakkoDriver Gaming related, perhaps?

PP:)

Happy to help.

Nothing particularly evil jumps out at me from those logs. Just looks like a little minor registry alteration.

I'd like to take a more thorough look before posting the fix:...

I do not know what that means.

If you need a sample of that particular malware, I can't help you.

Google it - see what the AV sites have to say about it.

Are you infected with it? If so, let us know and we can advise you further.

PP :)

No worries.

Your combofix log is incomplete - we are missing an important part.
Please edit your post and post the entire log!

Also, run another GMER scan:

-- Make sure the Rootkit/Malware...

This is an old one from wng_z3r0's Blog (http://spyware-free.us/2006/07/gmer_07.html) A good deal has changed since then - a lot less intimidating.
Also, there is info on GMER site FAQ:...

Update your MBAM via the "Update" Tab and run it again and post me the log.

REBOOT and then:

-- Download DDS by sUBs (http://download.bleepingcomputer.com/sUBs/dds.scr) and save it to your...

It's probably not much of a "malware attack." Most likely a simple script running, but let's have a closer look just to be certain:

Please download Malwarebytes' Anti-Malware (MBA-M) (...

I am not clear as to what your problem is.

Let's go ahead and do this:
Please download Malwarebytes' Anti-Malware (MBA-M) (...

Not anywhere close to being solved! All that step does is bypass the poisoned DNS cache.

You have a large infestation with rootkit components. Hang in there for crunchie to post back - I don't...

While you are waiting for crunchie to check back, please give this a go:

Please download GMER Rootkit Scanner:
http://www.gmer.net/download.php

-- DoubleClick the .exe file and, if asked, ...

Please download Malwarebytes' Anti-Malware (MBA-M) ( http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button) to your Desktop.
DoubleClick...

Please understand that this forum, as with the majority of Security Forums, is "staffed" by volunteers who donate a bit of their free time to helping others. Most of these forums have few regular...

You're welcome - Happy to help! :)

Let's remove Combofix and the files/folders it created:
• Click Start > Run
• Type or Copy&Paste Combofix /u into the Run box. (Be sure there is a...

That looks OK to me - A couple items I do not know, but doubt they are bad.

Well . . . At this point I believe we have gotten your computer as clean as we possibly can in a Forum setting. :cool:
...

OK - DDS looks OK (not including outdated stuff).

I would like to run one more tool - couple things I want to double-check from Root Repeal log. I'd hate to have you update Windows while a...

These are the easiest to work with + they are good to have handy:

ubcd411.iso (http://ubcd2.myubcd.com/ubcd411.iso)
KAV Rescue...

Great - another step forward.

We need to make sure this machine is as clean as we can get it before undertaking the patching process. You have a ton of Windows updates to download and install...

If you have your Windows CD, we can boot from that and poke around. Possibly repair the startup issue.
Likewise, if you are able to burn some ISOs such as one of the many bootable Rescue disks (TRK...

Well . . . for some reason it is not getting at the malware I think is responsible for poisoning DNS.

Time to get a bit medieval on it....

Please Download The Avenger v2 by Swandog46 if it is...

OK - We'll rip the visible baddies out with a different tool. Seeing as it's pretty late, I'll post the steps Monday evening.

PP :)

EDIT: Maybe won't need to manually rip them out after all . ....

Yeah . . . But if we don't get them all, they'll come right back.
The thing is, those scans we already ran should've been more effective.

-- Did you disable DNS Client service (a few posts...

As long as the baddies were removed, we are good to continue.
-- See if you can now run MBAM and update via the Update tab.
Then, run the full scan. Remove what it finds and post the log. Reboot...

Did you get an error message?
If not, we can try this:
START > Run >type services.msc and Stop / Disable the DNS Client service. Maybe that will help in the short term.

That is what it should...

You are using an outdated version of HijackThis. You should delete it.
No need for new version at this time.

--- You have some dangerous malware running. Please follow Step #8 in the linky below...

This sounds a lot like conficker - of course lots of other malware have done this as well. I'm surprised none of the tools we ran addressed this.

Let's check a few things:
-- Navigate to...

I attached the CFScript.txt for my previous post.

PP :)