PDA

View Full Version : Keep getting redirected/Jumped..please help!



Musicsgood
2010-10-23, 07:45
DDS (Ver_10-10-21.02) - NTFSx86
Run by jones family at 21:33:27.96 on Fri 10/22/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1104 [GMT -7:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\dfshim32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\bitsprx232.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\system32\lxdmcoms.exe
C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\cofiredm32.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DllHost.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Lexmark 5000 Series\lxdmmon.exe
C:\Program Files\Lexmark 5000 Series\lxdmamon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\System32\wpcumi.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\jones family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVRBHENY\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uDefault_Page_URL = hxxp://www.msn.com
uWindow Title = Internet Explorer, optimized for Bing and MSN
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Presario&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Presario&pf=cndt
uInternet Settings,ProxyOverride = *.local
BHO: {0205224a-e1c6-4132-a4bc-9defedaeb974} - c:\windows\system32\AUDIOKSE32.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.1.0.37\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.1.0.37\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows

live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: 24da7ef6: {ae0e083c-76e3-3bdb-9e60-0c1fd26846b8} - c:\windows\system32\colorui32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.1.0.37\coIEPlg.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn

toolbar\platform\5.0.1449.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [RTHDBPL] c:\windows\lsass.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [lxdmmon.exe] "c:\program files\lexmark 5000 series\lxdmmon.exe"
mRun: [lxdmamon] "c:\program files\lexmark 5000 series\lxdmamon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [RTHDBPL] c:\windows\lsass.exe
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1449.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [SpybotDeletingA2891] command.com /c del "c:\windows\lsass.exe_old"
mRunOnce: [SpybotDeletingC4995] cmd.exe /c del "c:\windows\lsass.exe_old"
dRun: [RTHDBPL] c:\windows\lsass.exe
StartupFolder: c:\users\jonesf~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\picturemover\bin\PictureMover.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
AppInit_DLLs: c:\windows\system32\bitsigd32.dll
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1201000.025\SymDS.sys [2010-10-13 339504]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1201000.025\SymEFA.sys [2010-10-13 666672]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20101001.001\BHDrvx86.sys [2010-8-31

692272]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20101020.001\IDSvix86.sys [2010-10-19

353840]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1201000.025\Ironx86.sys [2010-10-13 134704]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1201000.025\symtdiv.sys [2010-10-13 331312]
R2 AeLookupSvc32;Application Experience ;c:\windows\system32\dfshim32.exe [2010-10-12 1345536]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-27 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-5-31 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-10-10 47640]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.1.0.37\ccSvcHst.exe [2010-10-13 126904]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-10-16 1153368]
R2 SysMain32;Superfetch ;c:\windows\system32\cofiredm32.exe [2010-10-12 1345536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-27 102448]
R3 HSXHWBS3;HSXHWBS3;c:\windows\system32\drivers\HSXHWBS3.sys [2009-7-15 207360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18

753504]

=============== Created Last 30 ================

2010-10-22 22:44:32 162304 --sha-w- c:\windows\lsass.exe
2010-10-22 20:45:35 -------- d-----w- c:\progra~2\ThumbnailCache4R
2010-10-22 09:28:09 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{cdecbfef-7330-40bd-9ab3-35b3d6b86e42}\mpengine.dll
2010-10-21 20:39:30 162304 ------w- c:\windows\lsass.exe_old
2010-10-21 20:37:44 171008 ----a-w- c:\windows\system32\eapp3hst32.dll.exe
2010-10-21 20:37:34 171008 ----a-w- c:\windows\system32\dpnhupnp32.dll.exe
2010-10-20 20:26:00 372736 ----a-w- c:\windows\system32\AUDIOKSE32.dll
2010-10-18 23:25:19 -------- d-----w- c:\program files\Safer Networking
2010-10-18 20:22:53 171008 ----a-w- c:\windows\system32\dskquoui32.dll.exe
2010-10-18 20:09:14 -------- d-----w- c:\program files\MSN Toolbar
2010-10-18 20:08:04 -------- d-----w- c:\program files\Bing Bar Installer
2010-10-17 20:04:08 1345536 ----a-w- c:\windows\system32\bitsprx232.exe
2010-10-17 20:04:07 253952 ----a-w- c:\windows\system32\bitsigd32.dll
2010-10-17 20:02:46 171008 ----a-w- c:\windows\system32\d3dxof32.dll.exe
2010-10-17 07:25:03 171008 ----a-w- c:\windows\system32\cmlua32.dll.exe
2010-10-17 06:24:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-17 06:24:31 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-10-16 16:34:20 171008 ----a-w- c:\windows\system32\devmgr32.dll.exe
2010-10-16 16:13:47 -------- d-----w- c:\progra~2\STOPzilla!
2010-10-15 09:08:21 359936 ----a-w- c:\windows\system32\cmutil32.dll
2010-10-15 03:07:48 1345536 ----a-w- c:\windows\system32\dhcpcsvc632.exe
2010-10-14 18:47:40 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-10-14 18:47:40 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-10-14 18:45:51 -------- d-----w- c:\windows\system32\drivers\nbrtwizard\0301000.00B
2010-10-14 18:45:51 -------- d-----w- c:\windows\system32\drivers\NBRTWizard
2010-10-14 18:45:36 -------- d-----w- c:\program files\Norton Bootable Recovery Tool Wizard
2010-10-14 17:51:37 -------- d-----w- c:\users\jonesf~1\appdata\local\NPE
2010-10-14 06:30:44 171008 ----a-w- c:\windows\system32\ds16gt32.dll.exe
2010-10-14 06:10:35 666672 ----a-r- c:\windows\system32\drivers\nis\1201000.025\SymEFA.sys
2010-10-14 06:10:35 50096 ----a-r- c:\windows\system32\drivers\nis\1201000.025\srtspx.sys
2010-10-14 06:10:35 489008 ----a-r- c:\windows\system32\drivers\nis\1201000.025\srtsp.sys
2010-10-14 06:10:35 339504 ----a-r- c:\windows\system32\drivers\nis\1201000.025\SymDS.sys
2010-10-14 06:10:35 331312 ----a-r- c:\windows\system32\drivers\nis\1201000.025\symtdiv.sys
2010-10-14 06:10:35 294448 ----a-r- c:\windows\system32\drivers\nis\1201000.025\symnets.sys
2010-10-14 06:10:35 134704 ----a-r- c:\windows\system32\drivers\nis\1201000.025\Ironx86.sys
2010-10-14 06:10:24 -------- d-----w- c:\windows\system32\drivers\nis\1201000.025
2010-10-14 06:00:28 -------- d-----w- c:\users\jonesf~1\appdata\roaming\Tific
2010-10-13 10:25:21 171008 ----a-w- c:\windows\system32\d3dim32.dll.exe
2010-10-13 10:25:11 171008 ----a-w- c:\windows\system32\corpol32.dll.exe
2010-10-13 00:32:00 -------- d-----w- c:\program files\iPod
2010-10-13 00:31:59 -------- d-----w- c:\program files\iTunes
2010-10-13 00:19:35 171008 ----a-w- c:\windows\system32\dfshim32.dll.exe
2010-10-13 00:19:35 1345536 ----a-w- c:\windows\system32\dfshim32.exe
2010-10-13 00:17:52 -------- d-sh--w- c:\progra~2\SysWoW32
2010-10-13 00:17:41 203776 --sh--w- c:\progra~2\unrar.exe
2010-10-13 00:17:41 -------- d-----w- c:\progra~2\1721452996
2010-10-13 00:17:15 1345536 ----a-w- c:\windows\system32\comdlg3232.exe
2010-10-13 00:17:15 -------- d-sh--w- c:\users\jonesf~1\appdata\roaming\SysWin
2010-10-13 00:17:14 253952 ----a-w- c:\windows\system32\colorui32.dll
2010-10-13 00:17:13 1345536 ----a-w- c:\windows\system32\cofiredm32.exe
2010-10-12 21:58:14 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-12 21:58:13 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-11 00:44:50 -------- d-----w- c:\users\jonesf~1\appdata\local\LogMeIn Hamachi
2010-10-11 00:30:57 -------- d-----w- c:\users\jonesf~1\appdata\local\LogMeIn
2010-10-11 00:30:57 -------- d-----w- c:\progra~2\LogMeIn
2010-10-11 00:30:16 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2010-10-11 00:30:16 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-10-11 00:30:15 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2010-10-11 00:30:15 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-10-11 00:30:15 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2010-10-11 00:30:09 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-10-11 00:29:14 -------- d-----w- c:\program files\LogMeIn
2010-10-11 00:26:22 -------- d-----w- c:\users\jonesf~1\appdata\local\Apps
2010-10-11 00:26:21 -------- d-----w- c:\users\jonesf~1\appdata\local\Deployment
2010-10-01 00:22:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-10-01 00:22:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-10-01 00:22:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-10-01 00:22:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-10-01 00:22:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-10-01 00:22:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-10-01 00:22:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-10-01 00:16:36 -------- d-----w- c:\program files\Bonjour
2010-09-29 08:05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 08:05:02 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-09-23 14:28:35 2074729 ----a-w- c:\progra~2\SPL2473.tmp
2010-09-23 06:38:48 902668 ----a-w- c:\progra~2\SPLACE.tmp

==================== Find3M ====================

2010-10-19 18:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-08 18:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll
2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44:31 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-20 16:05:07 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-14 00:48:30 1568631 ----a-w- c:\progra~2\SPL8155.tmp
2010-08-14 00:44:34 1568631 ----a-w- c:\progra~2\SPLE966.tmp
2010-08-10 15:53:15 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-06 00:06:45 284298 ----a-w- c:\progra~2\SPL4F71.tmp
2010-08-06 00:02:57 284298 ----a-w- c:\progra~2\SPLD10F.tmp
2010-08-04 03:10:07 228261 ----a-w- c:\progra~2\SPL4175.tmp
2010-08-04 03:08:02 228261 ----a-w- c:\progra~2\SPL593F.tmp
2010-07-28 01:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-28 01:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-28 01:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-26 17:47:44 176840 ----a-w- c:\progra~2\SPL890C.tmp

============= FINISH: 21:34:49.36 ===============

This is the Spybot results..could not post to the clip board it would not run for some reason.

CN.wAQdN: [SBI $ABCAF88C] Executable (File, nothing done)
C:\WINDOWS\lsass.exe
Properties.size=162304
Properties.md5=6353DB67981FD55F7C18F05F13077391
Properties.filedate=1287787471
Properties.filedatetext=2010-10-22 15:44:30

Internet Explorer: [SBI $1E8157BE] Typed URL list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2614237343-615573927-4018152048-1000\Software\Microsoft\Internet Explorer\TypedURLs

Internet Explorer: [SBI $FF589D0C] Download directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2614237343-615573927-4018152048-1000\Software\Microsoft\Internet Explorer\Download Directory

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Users\jones family\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H3WEDXTA\as1.suitesmart.com\6thElement.sol
Properties.size=152
Properties.md5=437E346AF5A576844ADCA4DE419C8B98
Properties.filedate=1287627488
Properties.filedatetext=2010-10-20 19:18:08

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Users\jones family\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H3WEDXTA\c3metrics.com\480-SM.sol
Properties.size=83
Properties.md5=FECB44CD098540B3F1ED7400921C43ED
Properties.filedate=1287627507
Properties.filedatetext=2010-10-20 19:18:27

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Users\jones family\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H3WEDXTA\c3metrics.com\480-VT.sol
Properties.size=80
Properties.md5=713DD9C0CF22A23C768121A183CBBB28
Properties.filedate=1287627507
Properties.filedatetext=2010-10-20 19:18:27

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Users\jones family\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H3WEDXTA\d.yimg.com\VolumePrefs.sol
Properties.size=55
Properties.md5=680CC18183453BA30B3B748933B29AE7
Properties.filedate=1287726944
Properties.filedatetext=2010-10-21 22:55:44

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Users\jones family\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H3WEDXTA\d.yimg.com\YEPBWPrefs.sol
Properties.size=71
Properties.md5=9E4AF29325FE25FD2FCF86717EC57C3B
Properties.filedate=1287726801
Properties.filedatetext=2010-10-21 22:53:21

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Users\jones family\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H3WEDXTA\msnbcmedia.msn.com\varo_varoDefault.sol
Properties.size=44
Properties.md5=1D678A046FA699044633AA7E9F4C7919
Properties.filedate=1287772315
Properties.filedatetext=2010-10-22 11:31:55

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Users\jones family\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H3WEDXTA\p.ooyala.com\auth.sol
Properties.size=70
Properties.md5=5879BB04CF694678EA64E6A6DB1C9524
Properties.filedate=1287726299
Properties.filedatetext=2010-10-21 22:44:58

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Users\jones family\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H3WEDXTA\p.ooyala.com\auth2.sol
Properties.size=679
Properties.md5=04E980F68EDF9EBB4FDD1C9613E127D8
Properties.filedate=1287726301
Properties.filedatetext=2010-10-21 22:45:00

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Users\jones family\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H3WEDXTA\s.ytimg.com\soundData.sol
Properties.size=49
Properties.md5=F2945B8419B125F71FC8FD7CDDB59948
Properties.filedate=1287693041
Properties.filedatetext=2010-10-21 13:30:40

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Users\jones family\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H3WEDXTA\s.ytimg.com\videostats.sol
Properties.size=85
Properties.md5=8C560A755D9C75197B1483945E3BCD2D
Properties.filedate=1287693044
Properties.filedatetext=2010-10-21 13:30:44

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Users\jones family\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H3WEDXTA\us.mg4.mail.yahoo.com\cookies.sol
Properties.size=67
Properties.md5=703F196989C8E131AFDD521B6A377C71
Properties.filedate=1287806425
Properties.filedatetext=2010-10-22 21:00:24

Adobe FlashPlayer Cookies: [SBI $E17C7B50] Text file () (File, nothing done)
C:\Users\jones family\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H3WEDXTA\core.videoegg.com\#ve\admanager.sol
Properties.size=73
Properties.md5=C639D9F832E5A4E3152A3559787383E5
Properties.filedate=1287726297
Properties.filedatetext=2010-10-21 22:44:56

Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Users\jones family\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H3WEDXTA\core.videoegg.com\#com\videoegg\Demo.sol
Properties.size=59
Properties.md5=4663E4C4D3ACC338D3FE20A2E9C00372
Properties.filedate=1287726297
Properties.filedatetext=2010-10-21 22:44:56

Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Users\jones family\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H3WEDXTA\core.videoegg.com\#com\videoegg\Retargeting.sol
Properties.size=66
Properties.md5=DC8D4D1BBECA404E809B6CCDBC413B18
Properties.filedate=1287726301
Properties.filedatetext=2010-10-21 22:45:00

Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Users\jones family\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H3WEDXTA\live.bodog.com\swf\live.swf\bodogLive.sol
Properties.size=190
Properties.md5=9DA8C6A9A90DEC95CF9740F9F0670E0F
Properties.filedate=1287717440
Properties.filedatetext=2010-10-21 20:17:19

Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Users\jones family\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H3WEDXTA\static.trialpay.com\swf\logo.swf\helpData.sol
Properties.size=95
Properties.md5=87CC314410F50E6A28FEC17B738FC876
Properties.filedate=1287780086
Properties.filedatetext=2010-10-22 13:41:26

MS Management Console: [SBI $ECD50EAD] Recent command list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2614237343-615573927-4018152048-1000\Software\Microsoft\Microsoft Management Console\Recent File List

MS Media Player: [SBI $E48560B4] Recent file list (7 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2614237343-615573927-4018152048-1000\Software\Microsoft\MediaPlayer\Player\RecentFileList

MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2614237343-615573927-4018152048-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS Office 12.0 (Excel): [SBI $546355D5] Recent Cartel List (9 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2614237343-615573927-4018152048-1000\Software\Microsoft\Office\12.0\Excel\File MRU

MS Office 12.0 (Word): [SBI $E357B233] Recent Document List (7 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2614237343-615573927-4018152048-1000\Software\Microsoft\Office\12.0\Word\File MRU

MS Wordpad: [SBI $4C02334D] Recent file list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2614237343-615573927-4018152048-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List

Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2614237343-615573927-4018152048-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (14 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2614237343-615573927-4018152048-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2614237343-615573927-4018152048-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Cookie: [SBI $49804B54] Cookie (83) (Cookie, nothing done)


Cache: [SBI $49804B54] Cache (3) (Cache, nothing done)


History: [SBI $49804B54] History (1471) (History, nothing done)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-10-18 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-06-29 Includes\Adware.sbi (*)
2010-10-12 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-09-22 Includes\Dialer.sbi (*)
2010-10-12 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-10-12 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-08-02 Includes\Keyloggers.sbi (*)
2010-10-12 Includes\KeyloggersC.sbi (*)
2010-09-13 Includes\Malware.sbi (*)
2010-10-19 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-10-12 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-10-12 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-06-29 Includes\Spyware.sbi (*)
2010-10-12 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti (*)
2010-08-04 Includes\Trojans.sbi (*)
2010-10-12 Includes\TrojansC-02.sbi (*)
2010-10-12 Includes\TrojansC-03.sbi (*)
2010-10-12 Includes\TrojansC-04.sbi (*)
2010-10-20 Includes\TrojansC-05.sbi (*)
2010-10-12 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Blade81
2010-10-27, 23:19
Hi,

Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab, uncheck files option and then click scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply. Post also fresh dds.txt contents.

Blade81
2010-11-04, 07:30
Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.