Jump to content

"WINDOWS XP RECOVERY" / Redirect


Recommended Posts

HELP!

I was infected with "WINDOWS XP RECOVERY" virus. Initially ran Malwarebytes which took care of most of the problems but kept Redirecting searches (IE and firefox) and now the browsers won't load pages. Please see Malwarebytes/DDS/GMER log files below:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7204

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

7/19/2011 1:12:58 PM

mbam-log-2011-07-19 (13-12-58).txt

Scan type: Quick scan

Objects scanned: 243373

Time elapsed: 39 minute(s), 24 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS (Ver_2011-07-14.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18

Run by HP_Administrator at 14:20:18 on 2011-07-19

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.331 [GMT -5:00]

.

AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

.

============== Running Processes ================

.

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\hphmon06.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Spyware Doctor\pctsGui.exe

C:\Program Files\Spyware Doctor\BDT\FGuard.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ALCMTR.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Spyware Doctor\TFEngine\TFService.exe

c:\windows\system\hpsysdrv.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://mail.dlm-international.com/

uWindow Title = Windows Internet Explorer provided by MSN & Bing

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uProxyOverride = <local>

uSearchURL,(Default) = hxxp://securityresponse.symantec.com/avcenter/fix_homepage

BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: HP view: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

TB: HP view: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll

TB: <No Name>: - LocalServer32 - <no file>

TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [HPHmon06] c:\windows\system32\hphmon06.exe

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [JobHisInit] c:\program files\rds\rmclient\JobHisInit.exe

mRun: [MplSetUp] c:\program files\rds\rmclient\MplSetUp.exe

mRun: [iSTray] "c:\program files\spyware doctor\pctsGui.exe" /hideGUI

mRun: [PCTools FGuard] c:\program files\spyware doctor\bdt\FGuard.exe

mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup

StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\shortc~1.lnk - c:\rbs\MQX.exe

StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\shortc~2.lnk - c:\rbs\MsgProc.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxps://www.laredotradetag.com/Reserved.ReportViewerWebControl.axd?ReportSession=emywn345ctori145m5lfkvb5&ControlID=01e2b18f07954acb89bc70c5e6eff264&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{B97ABC5E-5BF3-4B03-975E-96F108E7F4B7} : DHCPNameServer = 192.168.1.254

Filter: text/html - {59bd2f4c-eeb4-4c39-bd4f-b725bd096be3} - <orphaned>

Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll

Handler: ipp - <Clsid value has no data>

Handler: msdaipp - <Clsid value has no data>

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -

Notify: igfxcui - igfxdev.dll

SEH: {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - <orphaned>

mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\outlook express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program files\outlook express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

IFEO: Your Image File Name Here without a path - ntsd -d

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\t6gqzkt7.default\

FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?.intl=us&.done=http%3a%2f%2fredir001.biz.mail.sp1.yahoo.com%2frd%2frd.php%3frdsc%3d1%26srchost%3dmail.dlm-international.com%26rand%3d62472502

FF - prefs.js: keyword.URL - hxxp://www.search-results.com/web?o=15868&l=dis&prt=PRT&chn=UN&geo=US&ver=UN&q=

FF - component: c:\program files\spyware doctor\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\spyware doctor\bdt\Firefox

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-3 263888]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-2-24 338880]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-2-24 656320]

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-6-15 51984]

R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-6-15 69392]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-11-3 251560]

R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-6-15 233976]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-11-3 337872]

R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [2005-5-24 85248]

R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-11-3 70664]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-6-15 33552]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]

.

=============== Created Last 30 ================

.

2011-07-19 19:12:45 0 ----a-w- C:\LOG271.tmp

2011-07-19 17:27:24 0 ----a-w- C:\LOG270.tmp

2011-07-18 21:24:52 0 ----a-w- C:\LOG26F.tmp

2011-07-14 20:36:25 0 ----a-w- C:\LOG1018.tmp

2011-07-06 23:08:43 0 ----a-w- C:\LOG26E.tmp

2011-07-06 22:13:26 0 ----a-w- C:\LOG26D.tmp

2011-07-06 22:06:26 -------- d-----w- C:\32d973e6950b0aa7ff27d4

2011-06-28 00:23:04 0 ----a-w- C:\LOG26C.tmp

2011-06-27 20:25:07 -------- d-----w- c:\documents and settings\all users\application data\Nuance

2011-06-22 15:39:03 6144 ----a-w- c:\windows\~DF44BB.tmp

2011-06-20 14:19:57 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\PCHealth

2011-06-20 14:19:10 0 ----a-w- C:\LOG26B.tmp

.

==================== Find3M ====================

.

2011-07-19 17:30:24 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys

2011-07-07 00:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-16 22:52:38 0 ----a-w- C:\LOG26A.tmp

2011-06-15 19:06:32 0 ----a-w- C:\LOG1.tmp

2011-05-20 20:57:14 0 ----a-w- C:\LOG269.tmp

2011-05-20 16:44:30 149456 ----a-w- c:\windows\SGDetectionTool.dll

2011-05-20 16:44:28 2078672 ----a-w- c:\windows\PCTBDCore.dll

2011-05-20 16:44:28 1533904 ----a-w- c:\windows\PCTBDRes.dll

2011-05-20 16:44:22 767952 ----a-w- c:\windows\BDTSupport.dll

2011-05-11 18:35:32 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2011-05-11 14:55:10 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2011-05-09 13:55:27 0 ----a-w- C:\LOG268.tmp

2011-05-06 18:28:38 70664 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2011-05-06 18:26:34 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2011-05-06 14:44:30 0 ----a-w- C:\LOG267.tmp

2011-05-04 23:34:28 0 ----a-w- C:\LOG266.tmp

.

============= FINISH: 14:24:19.84 ===============

DDS (Ver_2011-07-14.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18

Run by HP_Administrator at 14:20:18 on 2011-07-19

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.331 [GMT -5:00]

.

AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

.

============== Running Processes ================

.

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\hphmon06.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Spyware Doctor\pctsGui.exe

C:\Program Files\Spyware Doctor\BDT\FGuard.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ALCMTR.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Spyware Doctor\TFEngine\TFService.exe

c:\windows\system\hpsysdrv.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://mail.dlm-international.com/

uWindow Title = Windows Internet Explorer provided by MSN & Bing

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uProxyOverride = <local>

uSearchURL,(Default) = hxxp://securityresponse.symantec.com/avcenter/fix_homepage

BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: HP view: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

TB: HP view: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll

TB: <No Name>: - LocalServer32 - <no file>

TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [HPHmon06] c:\windows\system32\hphmon06.exe

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [JobHisInit] c:\program files\rds\rmclient\JobHisInit.exe

mRun: [MplSetUp] c:\program files\rds\rmclient\MplSetUp.exe

mRun: [iSTray] "c:\program files\spyware doctor\pctsGui.exe" /hideGUI

mRun: [PCTools FGuard] c:\program files\spyware doctor\bdt\FGuard.exe

mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup

StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\shortc~1.lnk - c:\rbs\MQX.exe

StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\shortc~2.lnk - c:\rbs\MsgProc.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxps://www.laredotradetag.com/Reserved.ReportViewerWebControl.axd?ReportSession=emywn345ctori145m5lfkvb5&ControlID=01e2b18f07954acb89bc70c5e6eff264&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{B97ABC5E-5BF3-4B03-975E-96F108E7F4B7} : DHCPNameServer = 192.168.1.254

Filter: text/html - {59bd2f4c-eeb4-4c39-bd4f-b725bd096be3} - <orphaned>

Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll

Handler: ipp - <Clsid value has no data>

Handler: msdaipp - <Clsid value has no data>

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -

Notify: igfxcui - igfxdev.dll

SEH: {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - <orphaned>

mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\outlook express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program files\outlook express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

IFEO: Your Image File Name Here without a path - ntsd -d

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\t6gqzkt7.default\

FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?.intl=us&.done=http%3a%2f%2fredir001.biz.mail.sp1.yahoo.com%2frd%2frd.php%3frdsc%3d1%26srchost%3dmail.dlm-international.com%26rand%3d62472502

FF - prefs.js: keyword.URL - hxxp://www.search-results.com/web?o=15868&l=dis&prt=PRT&chn=UN&geo=US&ver=UN&q=

FF - component: c:\program files\spyware doctor\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\spyware doctor\bdt\Firefox

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-3 263888]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-2-24 338880]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-2-24 656320]

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-6-15 51984]

R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-6-15 69392]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-11-3 251560]

R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-6-15 233976]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-11-3 337872]

R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [2005-5-24 85248]

R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-11-3 70664]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-6-15 33552]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]

.

=============== Created Last 30 ================

.

2011-07-19 19:12:45 0 ----a-w- C:\LOG271.tmp

2011-07-19 17:27:24 0 ----a-w- C:\LOG270.tmp

2011-07-18 21:24:52 0 ----a-w- C:\LOG26F.tmp

2011-07-14 20:36:25 0 ----a-w- C:\LOG1018.tmp

2011-07-06 23:08:43 0 ----a-w- C:\LOG26E.tmp

2011-07-06 22:13:26 0 ----a-w- C:\LOG26D.tmp

2011-07-06 22:06:26 -------- d-----w- C:\32d973e6950b0aa7ff27d4

2011-06-28 00:23:04 0 ----a-w- C:\LOG26C.tmp

2011-06-27 20:25:07 -------- d-----w- c:\documents and settings\all users\application data\Nuance

2011-06-22 15:39:03 6144 ----a-w- c:\windows\~DF44BB.tmp

2011-06-20 14:19:57 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\PCHealth

2011-06-20 14:19:10 0 ----a-w- C:\LOG26B.tmp

.

==================== Find3M ====================

.

2011-07-19 17:30:24 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys

2011-07-07 00:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-16 22:52:38 0 ----a-w- C:\LOG26A.tmp

2011-06-15 19:06:32 0 ----a-w- C:\LOG1.tmp

2011-05-20 20:57:14 0 ----a-w- C:\LOG269.tmp

2011-05-20 16:44:30 149456 ----a-w- c:\windows\SGDetectionTool.dll

2011-05-20 16:44:28 2078672 ----a-w- c:\windows\PCTBDCore.dll

2011-05-20 16:44:28 1533904 ----a-w- c:\windows\PCTBDRes.dll

2011-05-20 16:44:22 767952 ----a-w- c:\windows\BDTSupport.dll

2011-05-11 18:35:32 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2011-05-11 14:55:10 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2011-05-09 13:55:27 0 ----a-w- C:\LOG268.tmp

2011-05-06 18:28:38 70664 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2011-05-06 18:26:34 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2011-05-06 14:44:30 0 ----a-w- C:\LOG267.tmp

2011-05-04 23:34:28 0 ----a-w- C:\LOG266.tmp

.

============= FINISH: 14:24:19.84 ===============

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.