TechSpot

Google results keep redirecting

Solved
By stumped324
Feb 15, 2011
Topic Status:
Not open for further replies.
  1. Hi there,
    Whenever I click on google results I get redirected. This problem is not relegated to IE also Mozilla and most all search engines. The only real result came a couple of weeks ago with Microsoft security essential, which cleaned an alureon infection, however it had no effect on the redirecting problem. I've tried damn near everything I can think of and sure would appreciate any assistance in rectifying the problem. Thanks so much.
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot! Since you've tried '**** near everything', let's try something else:


    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Important!
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
  3. stumped324

    stumped324 TS Rookie Topic Starter Posts: 35

    the logs from 8steps

    i'll try later
  4. stumped324

    stumped324 TS Rookie Topic Starter Posts: 35

    please find requested logs

    i screwed up
  5. stumped324

    stumped324 TS Rookie Topic Starter Posts: 35

    sorry about the double post

    hi sorry about the two posts of the logs you requested. they are both the same.
    thanks in advance to anyone who may be able to help.
  6. stumped324

    stumped324 TS Rookie Topic Starter Posts: 35

    8 steps completed

  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Where are the logs?
  8. stumped324

    stumped324 TS Rookie Topic Starter Posts: 35

    8 steps completed

    sorry about the delay. i started fresh and i hope it worked right. let me know thanks.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5832

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19019

    21/02/2011 12:23:04 PM
    mbam-log-2011-02-21 (12-23-04).txt

    Scan type: Quick scan
    Objects scanned: 174543
    Time elapsed: 4 minute(s), 34 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-02-21 12:30:44
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST325041 rev.3.AA
    Running: ux98xzp1.exe; Driver: C:\Users\Hall\AppData\Local\Temp\kxldipow.sys


    ---- Devices - GMER 1.0.15 ----

    Device \Driver\iaStor \Device\Ide\iaStor0 [8324D6D0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort0 85CF61F8
    Device \Driver\atapi \Device\Ide\IdePort1 85CF61F8
    Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8324D6D0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [8324D6D0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\VClone \Device\Scsi\VClone1 879E01F8
    Device \Driver\VClone \Device\Scsi\VClone1Port4Path0Target1Lun0 879E01F8
    Device \Driver\VClone \Device\Scsi\VClone1Port4Path0Target0Lun0 879E01F8
    Device \FileSystem\Ntfs \Ntfs 85D041F8

    AttachedDevice \Driver\tdx \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

    ---- EOF - GMER 1.0.15 ----

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Hall at 12:37:42.24 on 21/02/2011
    Internet Explorer: 8.0.6001.19019
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3052.1799 [GMT -8:00]

    AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
    FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Windows\system32\lxctcoms.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe
    C:\Windows\system32\IoctlSvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\VMSnap3.EXE
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Lexmark 5400 Series\lxctmon.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Lexmark 5400 Series\ezprint.exe
    C:\Windows\VM303_STI.EXE
    C:\Windows\Domino.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k wdisvc
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Hall\Desktop\dds.scr
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.ca/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
    BHO: Norton Safe Web Lite BHO: {f0da78e9-6b60-42fb-bc26-ef2cfb8c8ff3} - c:\program files\norton safe web lite\engine\1.0.1.8\coIEPlg.dll
    TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - c:\program files\norton safe web lite\engine\1.0.1.8\coIEPlg.dll
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    mRun: [VMSnap3] c:\windows\VMSnap3.EXE
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [lxctmon.exe] "c:\program files\lexmark 5400 series\lxctmon.exe"
    mRun: [Lexmark 5400 Series Fax Server] "c:\program files\lexmark 5400 series\fm3032.exe" /s
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [EzPrint] "c:\program files\lexmark 5400 series\ezprint.exe"
    mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
    mRun: [BigDog303] c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
    mRun: [Domino] c:\windows\Domino.EXE
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2011\ie_banner_deny.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki...
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
    LSP: c:\windows\system32\wpclsp.dll
    DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    Notify: klogon - c:\windows\system32\klogon.dll
    AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    ============= SERVICES / DRIVERS ===============

    R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2010-4-22 22104]
    R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-11-2 365336]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-13 21504]
    R2 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\1.0.1.8\ccSvcHst.exe [2010-11-17 126904]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
    R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2008-6-13 428160]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c9871488092966;Google Update Service (gupdate1c9871488092966);c:\program files\google\update\GoogleUpdate.exe [2009-2-4 133104]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-18 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
    S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\drivers\Ph3xIB32.sys [2007-4-3 1131136]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

    =============== Created Last 30 ================

    2011-02-21 20:17:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-02-21 20:17:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-02-21 20:17:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-02-21 19:37:13 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2011-02-21 19:37:13 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2011-02-21 19:35:51 -------- d-----w- c:\program files\iPod
    2011-02-21 19:35:48 -------- d-----w- c:\program files\iTunes
    2011-02-21 19:35:48 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2011-02-18 07:30:08 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{1e558a58-c72a-4c07-811d-772cb156efc3}\mpengine.dll
    2011-02-17 20:14:58 97859 ----a-w- c:\windows\system32\drivers\klick.dat
    2011-02-17 20:14:58 114243 ----a-w- c:\windows\system32\drivers\klin.dat
    2011-02-17 20:13:04 -------- d-----w- c:\program files\Kaspersky Lab
    2011-02-17 19:34:01 -------- d-----w- c:\progra~2\Kaspersky Lab Setup Files
    2011-02-15 20:59:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-11 03:03:48 -------- d-----w- c:\users\hall\appdata\local\temp
    2011-02-11 02:57:28 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-02-11 02:55:33 420608 ----a-w- c:\progra~2\SPLAA69.tmp
    2011-02-11 02:40:42 98816 ----a-w- c:\windows\sed.exe
    2011-02-11 02:40:42 89088 ----a-w- c:\windows\MBR.exe
    2011-02-11 02:40:42 256512 ----a-w- c:\windows\PEV.exe
    2011-02-11 02:40:42 161792 ----a-w- c:\windows\SWREG.exe
    2011-02-11 02:30:37 420608 ----a-w- c:\progra~2\SPLD94E.tmp
    2011-02-09 10:27:59 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2011-02-08 20:26:10 -------- d-----w- c:\users\hall\appdata\roaming\Malwarebytes
    2011-02-08 20:26:03 -------- d-----w- c:\progra~2\Malwarebytes
    2011-02-07 21:31:06 -------- d-----w- C:\TDSSKiller_Quarantine
    2011-02-07 20:21:24 221568 ----a-w- c:\windows\system32\drivers\netio.sys
    2011-02-04 00:08:53 -------- d-----w- c:\users\hall\appdata\local\NPE

    ==================== Find3M ====================

    2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
    2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
    2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
    2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
    2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
    2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
    2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
    2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
    2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
    2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
    2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
    2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
    2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-12-14 14:49:23 1169408 ----a-w- c:\windows\system32\sdclt.exe
    2010-12-07 23:34:08 17996 ----a-w- c:\windows\system32\dvdexe2010.reg
    2010-11-30 01:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-30 01:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-25 18:29:05 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll

    ============= FINISH: 12:38:28.70 ===============

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 13/05/2008 11:08:54 PM
    System Uptime: 21/02/2011 12:10:32 PM (0 hours ago)

    Motherboard: Intel Corporation | | DG33TL
    Processor: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz | J1PR | 1200/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 233 GiB total, 25.742 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is CDROM ()
    J: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Tun Miniport Adapter
    Device ID: ROOT\*TUNMP\0001
    Manufacturer: Microsoft
    Name: Teredo Tunneling Pseudo-Interface
    PNP Device ID: ROOT\*TUNMP\0001
    Service: tunmp

    Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Description: ADS Instant HDTV PCI
    Device ID: ROOT\MEDIA\0000
    Manufacturer: ADS Technologies
    Name: ADS Instant HDTV PCI
    PNP Device ID: ROOT\MEDIA\0000
    Service: Ph3xIB32

    Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Description: ADS Instant HDTV PCI
    Device ID: ROOT\MEDIA\0001
    Manufacturer: ADS Technologies
    Name: ADS Instant HDTV PCI
    PNP Device ID: ROOT\MEDIA\0001
    Service: Ph3xIB32

    ==== System Restore Points ===================


    ==== Installed Programs ======================

    Adobe Acrobat 5.0
    Adobe Flash Player 10 Plugin
    Adobe Reader X
    Adobe Shockwave Player 11
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Print Creations
    ArcSoft Print Creations - Album Page
    ArcSoft Print Creations - Funhouse
    ArcSoft Print Creations - Greeting Card
    ArcSoft Print Creations - Photo Book
    ArcSoft Print Creations - Photo Calendar
    ArcSoft Print Creations - Scrapbook
    ArcSoft Print Creations - Slimline Card
    µTorrent
    Barbie as The Island Princess
    Bonjour
    CCScore
    CloneCD
    CloneDVD2
    ClueFinders 4th Grade Adventures
    D3DX10
    Disney's Mickey Mouse Kindergarten
    Disney's Stanley Tiger Tales
    Disney Pixar 2nd and 3rd Grade
    Disneys Villains Revenge
    Dolby Control Center Link
    Emperors New Groove
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSTOOLS
    essvatgt
    fflink
    Finale PrintMusic 2007
    FormatFactory 2.30
    Game Elements PC Recoil Pad
    Google Chrome
    Google Earth
    Google Update Helper
    Google Updater
    Highlight Viewer (Windows Live Toolbar)
    Holly A Christmas Tale Deluxe FINAL 1.6.6
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    ImgBurn
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Interface
    Intel(R) Matrix Storage Manager
    Intel(R) PRO Network Connections 12.1.12.0
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 24
    Junk Mail filter update
    Kaspersky Internet Security 2011
    kgcbaby
    kgchday
    kgchlwn
    kgcinvt
    kgckids
    kgcmove
    kgcvday
    Kid Pix Deluxe 4
    Kodak EasyShare software
    L&H TTS3000 Español
    LEGO Island 2
    LEGO Rock Raiders
    LEGO Star Wars
    LEGO Star Wars II
    LEGO Stunt Rally
    LEGO® Harry Potter™: Years 1-4
    LEGO® Indiana Jones™ 2
    LEGO® Indiana Jones™ 2: Przygoda trwa
    LEGO® Star Wars™: The Complete Saga
    Lernout & Hauspie TruVoice American English TTS Engine
    Lexmark 5400 Series
    Malwarebytes' Anti-Malware
    Map Button (Windows Live Toolbar)
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Reader
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Text-to-Speech Engine 4.0 (English)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works 6-9 Converter
    MobileMe Control Panel
    MP3_98driver
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Nero 8
    neroxml
    netbrdg
    Norton Safe Web Lite
    Notepad++
    OfotoXMI
    Project64 1.6
    QuickTime
    Reader Rabbit's 1st Grade
    Reader Rabbit's Interactive Reading Journey 2
    Reader Rabbit's Kindergarten
    Reader Rabbit's Reading Ages 4-6
    Reader Rabbit 2nd Grade
    Real Alternative 1.8.0
    Rescue Heroes Meteor Madness
    Safari
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Segoe UI
    SFR
    SHASTA
    skin0001
    SKINXSDK
    Smart Menus (Windows Live Toolbar)
    staticcr
    The Princess and the Frog
    Third Grade Adventures
    tooltips
    TrekStor i.Beat emo
    Tux Paint 0.9.21
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2412171)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2492475)
    USB PC Camera H
    VirtualCloneDrive
    VLC media player 1.1.7
    VPRINTOL
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Favorites for Windows Live Toolbar
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live OneCare safety scanner
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live Toolbar Extension (Windows Live Toolbar)
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR archiver
    WIRELESS

    ==== End Of File ===========================
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay! don't see any potential redirectors yet. But I am 'stumped' on 2 entries> do you know what these are?

    2011-02-11 02:55:33 420608 ----a-w- c:\progra~2\SPLAA69.tmp
    2011-02-11 02:30:37 420608 ----a-w- c:\progra~2\SPLD94E.tmp

    =========================================
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the cli[board, you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ====================================
    Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes it will open a text window. Please paste that log in your next reply.
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
  10. stumped324

    stumped324 TS Rookie Topic Starter Posts: 35

    thanks i'll try

    sorry i dont know about those entries. i'll give those next steps a try, thanks
  11. stumped324

    stumped324 TS Rookie Topic Starter Posts: 35

    eset?

    should i install the add-ons as well?
     
  12. stumped324

    stumped324 TS Rookie Topic Starter Posts: 35

    re eset

    never mind i guess i have to
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    What add-ons are you referring to? Is it from this line?
    Don't do anything in the Eset scan except what is directed. You won't be removing what is found- I'll do that in a special way in a special program.

    I didn't think you would know what the entries were, but I'd rather ask than risk zapping a treasure off of the system!
  14. stumped324

    stumped324 TS Rookie Topic Starter Posts: 35

    next step

    i had to enable addd-ons to allow active x.
    here are the new logs you requested.

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
  15. stumped324

    stumped324 TS Rookie Topic Starter Posts: 35

    combofix

    ComboFix 11-02-21.02 - Hall 22/02/2011 9:57.3.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3052.1425 [GMT -8:00]
    Running from: c:\users\Hall\Desktop\ComboFix.exe
    AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
    FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
    SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((( Files Created from 2011-01-22 to 2011-02-22 )))))))))))))))))))))))))))))))
    .

    2011-02-22 18:20 . 2011-02-22 18:21 -------- d-----w- c:\users\Hall\AppData\Local\temp
    2011-02-22 18:20 . 2011-02-22 18:20 -------- d-----w- c:\users\kidz\AppData\Local\temp
    2011-02-22 18:20 . 2011-02-22 18:20 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-02-22 09:44 . 2011-01-20 18:39 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BABB2FF5-7B72-4536-A9D3-387E8F8FE160}\mpengine.dll
    2011-02-21 23:28 . 2011-02-21 23:28 -------- d-----w- c:\program files\ESET
    2011-02-21 20:17 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-02-21 20:17 . 2011-02-21 20:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-02-21 20:17 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-02-21 19:37 . 2009-05-18 21:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2011-02-21 19:37 . 2008-04-17 20:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2011-02-21 19:35 . 2011-02-21 19:35 -------- d-----w- c:\program files\iPod
    2011-02-21 19:35 . 2011-02-21 19:37 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2011-02-21 19:35 . 2011-02-21 19:37 -------- d-----w- c:\program files\iTunes
    2011-02-17 20:14 . 2011-02-17 20:52 97859 ----a-w- c:\windows\system32\drivers\klick.dat
    2011-02-17 20:14 . 2011-02-17 20:52 114243 ----a-w- c:\windows\system32\drivers\klin.dat
    2011-02-17 20:13 . 2011-02-17 20:13 -------- d-----w- c:\program files\Kaspersky Lab
    2011-02-17 19:34 . 2011-02-17 20:11 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
    2011-02-15 21:00 . 2011-02-15 21:00 -------- d-----w- c:\program files\Common Files\Java
    2011-02-15 20:59 . 2011-02-15 20:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-15 20:59 . 2011-02-15 20:59 -------- d-----w- c:\program files\Java
    2011-02-14 21:03 . 2011-02-14 21:09 -------- d-----w- c:\program files\Windows Live Safety Center
    2011-02-11 02:55 . 2011-02-11 02:55 420608 ----a-w- c:\programdata\SPLAA69.tmp
    2011-02-11 02:30 . 2011-02-11 02:30 420608 ----a-w- c:\programdata\SPLD94E.tmp
    2011-02-09 10:27 . 2011-01-20 16:08 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2011-02-08 20:26 . 2011-02-08 20:26 -------- d-----w- c:\users\Hall\AppData\Roaming\Malwarebytes
    2011-02-08 20:26 . 2011-02-08 20:26 -------- d-----w- c:\programdata\Malwarebytes
    2011-02-07 21:31 . 2011-02-09 23:59 -------- d-----w- C:\TDSSKiller_Quarantine
    2011-02-07 20:21 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
    2011-02-04 00:08 . 2011-02-05 22:22 -------- d-----w- c:\users\Hall\AppData\Local\NPE

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-28 15:55 . 2011-01-11 23:27 413696 ----a-w- c:\windows\system32\odbc32.dll
    2010-12-16 22:57 . 2010-12-16 22:57 31088 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
    2010-12-15 20:40 . 2010-12-15 20:40 54248 ----a-w- c:\windows\system32\drivers\PARTMGR.SYS
    2010-12-15 03:37 . 2010-12-15 03:37 54248 ----a-w- c:\windows\system32\drivers\cvgummvd.sys
    2010-12-14 14:49 . 2011-01-11 23:27 1169408 ----a-w- c:\windows\system32\sdclt.exe
    2010-12-14 04:32 . 2010-12-14 04:32 54248 ----a-w- c:\windows\system32\drivers\uxnmnxac.sys
    2010-12-07 23:34 . 2010-12-07 23:34 17996 ----a-w- c:\windows\system32\dvdexe2010.reg
    2010-12-06 22:08 . 2010-12-06 22:08 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-25 18:29 . 2010-11-25 18:29 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
    "lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 291760]
    "Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2006-11-22 304048]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
    "EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2006-11-22 82864]
    "CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
    "BigDog303"="c:\windows\VM303_STI.EXE" [2006-01-25 61440]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
    "Domino"="c:\windows\Domino.EXE" [2006-06-29 49152]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
    "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-03 365336]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /A:*STARTUP /A:C: /A:* /A:*STARTUP /L:1033 /heur:100 /pup /archives /IA:0 /KBD:2 /dir:C:\Program

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Hall^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\users\Hall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
    2010-03-18 18:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 18:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-09-23 08:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2486990064-908672771-1665658420-1000]
    "EnableNotificationsRef"=dword:00000001

    R1 jhrcdpst;jhrcdpst;c:\windows\system32\drivers\jhrcdpst.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate1c9871488092966;Google Update Service (gupdate1c9871488092966);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 133104]
    R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-06 691696]
    S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-10 11352]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-23 22104]
    S2 NSL;Norton Safe Web Lite;c:\program files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe [2010-05-23 126904]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 19984]
    S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2006-04-25 428160]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-22 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-08 22:08]

    2011-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 22:04]

    2011-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 22:04]

    2011-02-22 c:\windows\Tasks\User_Feed_Synchronization-{621C5900-9374-42A0-8861-A9D9F4B0AC05}.job
    - c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]

    2011-02-22 c:\windows\Tasks\User_Feed_Synchronization-{7C087584-A4E1-4013-B6EC-2F11C9C333E5}.job
    - c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.ca/
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
    IE: Google Sidewiki...
    LSP: c:\windows\system32\wpclsp.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-02-22 10:21
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????@?@??????????????????????????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2011-02-22 10:34:22
    ComboFix-quarantined-files.txt 2011-02-22 18:34
    ComboFix2.txt 2011-02-11 03:03

    Pre-Run: 21,209,284,608 bytes free
    Post-Run: 21,267,881,984 bytes free

    - - End Of File - - 1FF48CA1C9FE34578B33F38CB3E3D6DA
  16. stumped324

    stumped324 TS Rookie Topic Starter Posts: 35

    update

    i don't know if it makes a difference but i thought i'd let you know. now every time i load any page ie this forum, it also loads google analytics and or
    directly to google and sometimes to all kinds of other redirects in a seperate page, and sometimes just blank. oh well, thought i'd let you know. long story short the redirects seem to be getting worse. thanks.
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    It's an ad embedded on the site. You can reset the Cookies in the browser and if using Firefox, put the 2 add-ons I recommend below-------- and you won't get it:

    Reset Cookies
    For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

    For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

    I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
    AdBlock Plus
    Easy List

    For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
    (First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
    =========================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\programdata\SPLAA69.tmp
    c:\programdata\SPLD94E.tmp
    c:\windows\system32\drivers\jhrcdpst.sys
    Folder::
    C:\TDSSKiller_Quarantine
    DDS::
    uURLSearchHooks: H - No File
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    FileLook::
    c:\windows\system32\drivers\cvgummvd.sys
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=-
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    BigDog303 =-
    Driver::
    jhrcdpst
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================================
    Reboot the computer when finished and let me know how the redirects are. There is no scan log for Eset, just the registration. Did you actually run the scan and did you notice if any entries were found?
  18. stumped324

    stumped324 TS Rookie Topic Starter Posts: 35

    ran combofix

    hi bobbye,
    i changed the browser settings and ran combofix again. unfortunately the redirection problem seems unresolved both with the browser and the search engines. let me know if i followed your instructions correctly. sure do appreciate your help.
    p.s.
    new combofix log

    ComboFix 11-02-24.05 - Hall 25/02/2011 10:07:40.4.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3052.1682 [GMT -8:00]
    Running from: c:\users\Hall\Desktop\ComboFix.exe
    Command switches used :: c:\users\Hall\Desktop\CFscript.txt
    AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
    FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
    SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    FILE ::
    "c:\programdata\SPLAA69.tmp"
    "c:\programdata\SPLD94E.tmp"
    "c:\windows\system32\drivers\jhrcdpst.sys"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\programdata\SPLAA69.tmp
    c:\programdata\SPLD94E.tmp
    C:\TDSSKiller_Quarantine
    c:\tdsskiller_quarantine\07.02.2011_13.30.41\susp0000\object.ini
    c:\tdsskiller_quarantine\07.02.2011_13.30.41\susp0000\svc0000\object.ini
    c:\tdsskiller_quarantine\07.02.2011_13.30.41\susp0000\svc0000\tsk0000.dta
    c:\tdsskiller_quarantine\07.02.2011_13.30.41\susp0000\svc0000\tsk0000.ini
    c:\tdsskiller_quarantine\09.02.2011_15.58.50\susp0000\object.ini
    c:\tdsskiller_quarantine\09.02.2011_15.58.50\susp0000\svc0000\object.ini
    c:\tdsskiller_quarantine\09.02.2011_15.58.50\susp0000\svc0000\tsk0000.dta
    c:\tdsskiller_quarantine\09.02.2011_15.58.50\susp0000\svc0000\tsk0000.ini

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_jhrcdpst


    ((((((((((((((((((((((((( Files Created from 2011-01-25 to 2011-02-25 )))))))))))))))))))))))))))))))
    .

    2011-02-25 18:21 . 2011-02-25 18:30 -------- d-----w- c:\users\Hall\AppData\Local\temp
    2011-02-25 18:21 . 2011-02-25 18:21 -------- d-----w- c:\users\kidz\AppData\Local\temp
    2011-02-25 18:21 . 2011-02-25 18:21 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-02-25 09:18 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A3F8739-91FF-4E28-B2C3-36F34CBA2AE3}\mpengine.dll
    2011-02-21 23:28 . 2011-02-21 23:28 -------- d-----w- c:\program files\ESET
    2011-02-21 20:17 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-02-21 20:17 . 2011-02-21 20:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-02-21 20:17 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-02-21 19:37 . 2009-05-18 21:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2011-02-21 19:37 . 2008-04-17 20:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2011-02-21 19:35 . 2011-02-21 19:35 -------- d-----w- c:\program files\iPod
    2011-02-21 19:35 . 2011-02-21 19:37 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2011-02-21 19:35 . 2011-02-21 19:37 -------- d-----w- c:\program files\iTunes
    2011-02-17 20:14 . 2011-02-17 20:52 97859 ----a-w- c:\windows\system32\drivers\klick.dat
    2011-02-17 20:14 . 2011-02-17 20:52 114243 ----a-w- c:\windows\system32\drivers\klin.dat
    2011-02-17 20:13 . 2011-02-17 20:13 -------- d-----w- c:\program files\Kaspersky Lab
    2011-02-17 19:34 . 2011-02-17 20:11 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
    2011-02-15 21:00 . 2011-02-15 21:00 -------- d-----w- c:\program files\Common Files\Java
    2011-02-15 20:59 . 2011-02-15 20:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-15 20:59 . 2011-02-15 20:59 -------- d-----w- c:\program files\Java
    2011-02-14 21:03 . 2011-02-14 21:09 -------- d-----w- c:\program files\Windows Live Safety Center
    2011-02-09 10:27 . 2011-01-20 16:08 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2011-02-08 20:26 . 2011-02-08 20:26 -------- d-----w- c:\users\Hall\AppData\Roaming\Malwarebytes
    2011-02-08 20:26 . 2011-02-08 20:26 -------- d-----w- c:\programdata\Malwarebytes
    2011-02-07 20:21 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
    2011-02-04 00:08 . 2011-02-05 22:22 -------- d-----w- c:\users\Hall\AppData\Local\NPE

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-03 01:11 . 2009-10-03 08:20 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-12-28 15:55 . 2011-01-11 23:27 413696 ----a-w- c:\windows\system32\odbc32.dll
    2010-12-16 22:57 . 2010-12-16 22:57 31088 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
    2010-12-15 20:40 . 2010-12-15 20:40 54248 ----a-w- c:\windows\system32\drivers\PARTMGR.SYS
    2010-12-15 03:37 . 2010-12-15 03:37 54248 ----a-w- c:\windows\system32\drivers\cvgummvd.sys
    2010-12-14 14:49 . 2011-01-11 23:27 1169408 ----a-w- c:\windows\system32\sdclt.exe
    2010-12-14 04:32 . 2010-12-14 04:32 54248 ----a-w- c:\windows\system32\drivers\uxnmnxac.sys
    2010-12-07 23:34 . 2010-12-07 23:34 17996 ----a-w- c:\windows\system32\dvdexe2010.reg
    2010-12-06 22:08 . 2010-12-06 22:08 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    --- c:\windows\system32\drivers\cvgummvd.sys ---
    Company: Microsoft Corporation
    File Description: Partition Management Driver
    File Version: 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Product Name: Microsoft® Windows® Operating System
    Copyright: © Microsoft Corporation. All rights reserved.
    Original Filename: partmgr.sys
    File size: 54248
    Created time: 2010-12-15 03:37
    Modified time: 2010-12-15 03:37
    MD5: 57389FA59A36D96B3EB09D0CB91E9CDC
    SHA1: 6D0750560E056B7C2CEB6E00F89A5D65AED79D35


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
    "lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 291760]
    "Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2006-11-22 304048]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
    "EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2006-11-22 82864]
    "CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
    "BigDog303"="c:\windows\VM303_STI.EXE" [2006-01-25 61440]
    "Domino"="c:\windows\Domino.EXE" [2006-06-29 49152]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
    "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-03 365336]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /A:*STARTUP /A:C: /A:* /A:*STARTUP /L:1033 /heur:100 /pup /archives /IA:0 /KBD:2 /dir:C:\Program

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Hall^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\users\Hall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2009-03-06 07:50 177472 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
    2010-03-18 18:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 18:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-09-23 08:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2486990064-908672771-1665658420-1000]
    "EnableNotificationsRef"=dword:00000001

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate1c9871488092966;Google Update Service (gupdate1c9871488092966);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 133104]
    R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-06 691696]
    S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-10 11352]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-23 22104]
    S2 NSL;Norton Safe Web Lite;c:\program files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe [2010-05-23 126904]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 19984]
    S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2006-04-25 428160]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-25 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-08 22:08]

    2011-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 22:04]

    2011-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 22:04]

    2011-02-25 c:\windows\Tasks\User_Feed_Synchronization-{621C5900-9374-42A0-8861-A9D9F4B0AC05}.job
    - c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]

    2011-02-25 c:\windows\Tasks\User_Feed_Synchronization-{7C087584-A4E1-4013-B6EC-2F11C9C333E5}.job
    - c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.ca/
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
    IE: Google Sidewiki...
    LSP: c:\windows\system32\wpclsp.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-02-25 10:29
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????@?@??????????????????????????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    c:\windows\system32\lxctcoms.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
    c:\windows\system32\IoctlSvc.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\windows\system32\WUDFHost.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\wbem\unsecapp.exe
    .
    **************************************************************************
    .
    Completion time: 2011-02-25 10:41:17 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-02-25 18:41
    ComboFix2.txt 2011-02-22 18:34
    ComboFix3.txt 2011-02-11 03:03

    Pre-Run: 16,071,610,368 bytes free
    Post-Run: 15,907,262,464 bytes free

    Current=1 Default=1 Failed=3 LastKnownGood=4 Sets=1,2,3,4
    - - End Of File - - E480BEE0B108906AF5FE18F36C3C9068
  19. stumped324

    stumped324 TS Rookie Topic Starter Posts: 35

    p.s.

    i was reading through some of the other threads and realized it looks like any other background might help. thought i should let you know i had used malwarebytes prior to working with you on this problem. earlier this month it did find some problems, i assumed the program had cleaned them but now i'm not sure. i still have the log if you would like me to post it. let me know. thanks so much for your time and effort.
    p.p.s
    i did run eset don't believe it found anything, however i can't find the log, sorry
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I've sorry I didn't reply- I didn't get feedback that you had replied. I'd like to get some new scans please. I went back and reviewed all the logs. I've had you remove what I found- there is only one Registry I question.

    Repeat Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard, you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ====================================
    Update and rerun Malwarebytes' Anti-Malware
    ===================================
    Download HijackThis and save to your desktop.
    • Extract it to a directory on your hard drive called c:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
  21. stumped324

    stumped324 TS Rookie Topic Starter Posts: 35

    eset?

    Bobbye,
    i must be doing something wrong.
    i disabled windows defender and yet eset says its still active.
    eset did scan and said no threats wre found.this is the only log i get.
    do i need to install the trial version of eset after the scan?

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    can not get scanner. e_gle=1001
    can not get scanner. e_gle=1001
    can not get scanner. e_gle=1001
  22. stumped324

    stumped324 TS Rookie Topic Starter Posts: 35

    malware log

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5937

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19019

    02/03/2011 1:55:51 PM
    mbam-log-2011-03-02 (13-55-51).txt

    Scan type: Quick scan
    Objects scanned: 175879
    Time elapsed: 5 minute(s), 11 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  23. stumped324

    stumped324 TS Rookie Topic Starter Posts: 35

    hijack log

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:04:52 PM, on 02/03/2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.19019)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\VMSnap3.EXE
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Lexmark 5400 Series\lxctmon.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Program Files\Lexmark 5400 Series\ezprint.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\VM303_STI.EXE
    C:\Windows\Domino.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10m_ActiveX.exe
    C:\Users\Hall\Desktop\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    O2 - BHO: Norton Safe Web Lite BHO - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\coIEPlg.dll
    O3 - Toolbar: Norton Safe Web Lite - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\coIEPlg.dll
    O4 - HKLM\..\Run: [VMSnap3] C:\Windows\VMSnap3.EXE
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
    O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [BigDog303] C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
    O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.EXE
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate1c9871488092966) (gupdate1c9871488092966) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
    O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Norton Safe Web Lite (NSL) - Symantec Corporation - C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

    --
    End of file - 10429 bytes
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    It is my understanding that at this point, the redirects continue and you are not able to run the online virus scan> or determine if anything was found. Is that correct?

    I am seeing 7 lines of Parental Controls set> have you set these? I'd like you to run the following please:
    • Make sure to use Internet Explorer for this
    • Please go to VirSCAN.org free on-line scan service
    • Copy and paste each of the following file paths into the "Suspicious files to scan" box on the top of the page, one at a time:

      c:\windows\system32\userinit.exe

      c:\windows\explorer.exe

      c:\window\system32\svchost.exe


    • Click on the Upload button
    • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
    • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
    • Paste the contents of the Clipboard in your next reply.

    This will give you a log. It will either say 'no malware found' for each of the 3 entries, or it will identify it.
  25. stumped324

    stumped324 TS Rookie Topic Starter Posts: 35

    the redirects

    yes the redirects continue as well as secondary browser pages that pop up as i navigate back and forth on this very site. i ran eset online scanner it took over an hour to run and when finished said there were no threats. it would not produce a log beond what i posted.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.