Jump to content

rdlm

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

Reputation

0 Neutral
  1. rdlm
    HELP! I was infected with "WINDOWS XP RECOVERY" virus. Initially ran Malwarebytes which took care of most of the problems but kept Redirecting searches (IE and firefox) and now the browsers won't load pages. Please see Malwarebytes/DDS/GMER log files below: Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7204 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 7/19/2011 1:12:58 PM mbam-log-2011-07-19 (13-12-58).txt Scan type: Quick scan Objects scanned: 243373 Time elapsed: 39 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS (Ver_2011-07-14.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18 Run by HP_Administrator at 14:20:18 on 2011-07-19 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.331 [GMT -5:00] . AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} . ============== Running Processes ================ . C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\hphmon06.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Spyware Doctor\pctsGui.exe C:\Program Files\Spyware Doctor\BDT\FGuard.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\eHome\ehmsas.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ALCMTR.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Spyware Doctor\TFEngine\TFService.exe c:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://mail.dlm-international.com/ uWindow Title = Windows Internet Explorer provided by MSN & Bing uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uProxyOverride = <local> uSearchURL,(Default) = hxxp://securityresponse.symantec.com/avcenter/fix_homepage BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: HP view: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll TB: HP view: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll TB: <No Name>: - LocalServer32 - <no file> TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run mRun: [RTHDCPL] RTHDCPL.EXE mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [HPHmon06] c:\windows\system32\hphmon06.exe mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [JobHisInit] c:\program files\rds\rmclient\JobHisInit.exe mRun: [MplSetUp] c:\program files\rds\rmclient\MplSetUp.exe mRun: [iSTray] "c:\program files\spyware doctor\pctsGui.exe" /hideGUI mRun: [PCTools FGuard] c:\program files\spyware doctor\bdt\FGuard.exe mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\shortc~1.lnk - c:\rbs\MQX.exe StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\shortc~2.lnk - c:\rbs\MsgProc.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxps://www.laredotradetag.com/Reserved.ReportViewerWebControl.axd?ReportSession=emywn345ctori145m5lfkvb5&ControlID=01e2b18f07954acb89bc70c5e6eff264&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{B97ABC5E-5BF3-4B03-975E-96F108E7F4B7} : DHCPNameServer = 192.168.1.254 Filter: text/html - {59bd2f4c-eeb4-4c39-bd4f-b725bd096be3} - <orphaned> Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll Handler: ipp - <Clsid value has no data> Handler: msdaipp - <Clsid value has no data> Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - Notify: igfxcui - igfxdev.dll SEH: {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - <orphaned> mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\outlook express\setup50.exe" /APP:OE /CALLER:WINNT /user /install mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program files\outlook express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install IFEO: Your Image File Name Here without a path - ntsd -d . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\t6gqzkt7.default\ FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?.intl=us&.done=http%3a%2f%2fredir001.biz.mail.sp1.yahoo.com%2frd%2frd.php%3frdsc%3d1%26srchost%3dmail.dlm-international.com%26rand%3d62472502 FF - prefs.js: keyword.URL - hxxp://www.search-results.com/web?o=15868&l=dis&prt=PRT&chn=UN&geo=US&ver=UN&q= FF - component: c:\program files\spyware doctor\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\spyware doctor\bdt\Firefox FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ============= SERVICES / DRIVERS =============== . R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-3 263888] R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-2-24 338880] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-2-24 656320] R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-6-15 51984] R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-6-15 69392] R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-11-3 251560] R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-6-15 233976] R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-11-3 337872] R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [2005-5-24 85248] R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-11-3 70664] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-6-15 33552] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664] . =============== Created Last 30 ================ . 2011-07-19 19:12:45 0 ----a-w- C:\LOG271.tmp 2011-07-19 17:27:24 0 ----a-w- C:\LOG270.tmp 2011-07-18 21:24:52 0 ----a-w- C:\LOG26F.tmp 2011-07-14 20:36:25 0 ----a-w- C:\LOG1018.tmp 2011-07-06 23:08:43 0 ----a-w- C:\LOG26E.tmp 2011-07-06 22:13:26 0 ----a-w- C:\LOG26D.tmp 2011-07-06 22:06:26 -------- d-----w- C:\32d973e6950b0aa7ff27d4 2011-06-28 00:23:04 0 ----a-w- C:\LOG26C.tmp 2011-06-27 20:25:07 -------- d-----w- c:\documents and settings\all users\application data\Nuance 2011-06-22 15:39:03 6144 ----a-w- c:\windows\~DF44BB.tmp 2011-06-20 14:19:57 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\PCHealth 2011-06-20 14:19:10 0 ----a-w- C:\LOG26B.tmp . ==================== Find3M ==================== . 2011-07-19 17:30:24 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys 2011-07-07 00:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-16 22:52:38 0 ----a-w- C:\LOG26A.tmp 2011-06-15 19:06:32 0 ----a-w- C:\LOG1.tmp 2011-05-20 20:57:14 0 ----a-w- C:\LOG269.tmp 2011-05-20 16:44:30 149456 ----a-w- c:\windows\SGDetectionTool.dll 2011-05-20 16:44:28 2078672 ----a-w- c:\windows\PCTBDCore.dll 2011-05-20 16:44:28 1533904 ----a-w- c:\windows\PCTBDRes.dll 2011-05-20 16:44:22 767952 ----a-w- c:\windows\BDTSupport.dll 2011-05-11 18:35:32 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2011-05-11 14:55:10 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2011-05-09 13:55:27 0 ----a-w- C:\LOG268.tmp 2011-05-06 18:28:38 70664 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2011-05-06 18:26:34 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2011-05-06 14:44:30 0 ----a-w- C:\LOG267.tmp 2011-05-04 23:34:28 0 ----a-w- C:\LOG266.tmp . ============= FINISH: 14:24:19.84 =============== DDS (Ver_2011-07-14.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18 Run by HP_Administrator at 14:20:18 on 2011-07-19 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.331 [GMT -5:00] . AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} . ============== Running Processes ================ . C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\hphmon06.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Spyware Doctor\pctsGui.exe C:\Program Files\Spyware Doctor\BDT\FGuard.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\eHome\ehmsas.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ALCMTR.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Spyware Doctor\TFEngine\TFService.exe c:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://mail.dlm-international.com/ uWindow Title = Windows Internet Explorer provided by MSN & Bing uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uProxyOverride = <local> uSearchURL,(Default) = hxxp://securityresponse.symantec.com/avcenter/fix_homepage BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: HP view: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll TB: HP view: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll TB: <No Name>: - LocalServer32 - <no file> TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run mRun: [RTHDCPL] RTHDCPL.EXE mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [HPHmon06] c:\windows\system32\hphmon06.exe mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [JobHisInit] c:\program files\rds\rmclient\JobHisInit.exe mRun: [MplSetUp] c:\program files\rds\rmclient\MplSetUp.exe mRun: [iSTray] "c:\program files\spyware doctor\pctsGui.exe" /hideGUI mRun: [PCTools FGuard] c:\program files\spyware doctor\bdt\FGuard.exe mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\shortc~1.lnk - c:\rbs\MQX.exe StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\shortc~2.lnk - c:\rbs\MsgProc.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxps://www.laredotradetag.com/Reserved.ReportViewerWebControl.axd?ReportSession=emywn345ctori145m5lfkvb5&ControlID=01e2b18f07954acb89bc70c5e6eff264&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{B97ABC5E-5BF3-4B03-975E-96F108E7F4B7} : DHCPNameServer = 192.168.1.254 Filter: text/html - {59bd2f4c-eeb4-4c39-bd4f-b725bd096be3} - <orphaned> Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll Handler: ipp - <Clsid value has no data> Handler: msdaipp - <Clsid value has no data> Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - Notify: igfxcui - igfxdev.dll SEH: {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - <orphaned> mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\outlook express\setup50.exe" /APP:OE /CALLER:WINNT /user /install mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program files\outlook express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install IFEO: Your Image File Name Here without a path - ntsd -d . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\t6gqzkt7.default\ FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?.intl=us&.done=http%3a%2f%2fredir001.biz.mail.sp1.yahoo.com%2frd%2frd.php%3frdsc%3d1%26srchost%3dmail.dlm-international.com%26rand%3d62472502 FF - prefs.js: keyword.URL - hxxp://www.search-results.com/web?o=15868&l=dis&prt=PRT&chn=UN&geo=US&ver=UN&q= FF - component: c:\program files\spyware doctor\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\spyware doctor\bdt\Firefox FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ============= SERVICES / DRIVERS =============== . R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-3 263888] R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-2-24 338880] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-2-24 656320] R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-6-15 51984] R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-6-15 69392] R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-11-3 251560] R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-6-15 233976] R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-11-3 337872] R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [2005-5-24 85248] R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-11-3 70664] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-6-15 33552] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664] . =============== Created Last 30 ================ . 2011-07-19 19:12:45 0 ----a-w- C:\LOG271.tmp 2011-07-19 17:27:24 0 ----a-w- C:\LOG270.tmp 2011-07-18 21:24:52 0 ----a-w- C:\LOG26F.tmp 2011-07-14 20:36:25 0 ----a-w- C:\LOG1018.tmp 2011-07-06 23:08:43 0 ----a-w- C:\LOG26E.tmp 2011-07-06 22:13:26 0 ----a-w- C:\LOG26D.tmp 2011-07-06 22:06:26 -------- d-----w- C:\32d973e6950b0aa7ff27d4 2011-06-28 00:23:04 0 ----a-w- C:\LOG26C.tmp 2011-06-27 20:25:07 -------- d-----w- c:\documents and settings\all users\application data\Nuance 2011-06-22 15:39:03 6144 ----a-w- c:\windows\~DF44BB.tmp 2011-06-20 14:19:57 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\PCHealth 2011-06-20 14:19:10 0 ----a-w- C:\LOG26B.tmp . ==================== Find3M ==================== . 2011-07-19 17:30:24 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys 2011-07-07 00:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-16 22:52:38 0 ----a-w- C:\LOG26A.tmp 2011-06-15 19:06:32 0 ----a-w- C:\LOG1.tmp 2011-05-20 20:57:14 0 ----a-w- C:\LOG269.tmp 2011-05-20 16:44:30 149456 ----a-w- c:\windows\SGDetectionTool.dll 2011-05-20 16:44:28 2078672 ----a-w- c:\windows\PCTBDCore.dll 2011-05-20 16:44:28 1533904 ----a-w- c:\windows\PCTBDRes.dll 2011-05-20 16:44:22 767952 ----a-w- c:\windows\BDTSupport.dll 2011-05-11 18:35:32 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2011-05-11 14:55:10 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2011-05-09 13:55:27 0 ----a-w- C:\LOG268.tmp 2011-05-06 18:28:38 70664 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2011-05-06 18:26:34 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2011-05-06 14:44:30 0 ----a-w- C:\LOG267.tmp 2011-05-04 23:34:28 0 ----a-w- C:\LOG266.tmp . ============= FINISH: 14:24:19.84 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.