Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirect and mal/generic-a


  • This topic is locked This topic is locked
14 replies to this topic

#1 jake2121

jake2121

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 15 July 2009 - 07:26 PM

Hi, I'm a first time user and I hope i'm posting this in the right area. When I try to click a link from google I get redirected to some random website. Also Norton keeps telling me that I have mal/generic-a and if keeps deleting them, but after i restart my computer they come back. I have looked for a solution to this and I see that everyone basically runs through all these steps and then uses the combo fix. I think I will end up having to do that, but I want to make sure I do and that I get help doing it so I don't screw up.

Here are my DDS and HJT logs

DDS (Ver_09-06-26.01) - NTFSx86
Run by HP_Administrator at 20:09:48.35 on Wed 07/15/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.423 [GMT -4:00]

AV: Norton AntiVirus TechCenter Edition *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Webroot AntiVirus with AntiSpyware *On-access scanning enabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: Norton AntiVirus TechCenter Edition *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\java.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Administrator.DESKTOP\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/a/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ehTray] "c:\windows\ehome\ehtray.exe"
mRun: [AlwaysReady Power Message APP] "c:\windows\ARPWRMSG.EXE"
mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "c:\windows\system32\nwiz.exe" /install
mRun: [RTHDCPL] "c:\windows\RTHDCPL.EXE"
mRun: [HPHUPD08] "c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe"
mRun: [DISCover] "c:\program files\disc\DISCover.exe"
mRun: [DiscUpdateManager] "c:\program files\disc\DiscUpdateMgr.exe"
mRun: [DMAScheduler] "c:\program files\sonic\digitalmedia plus\digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] "c:\windows\sminst\RECGUARD.EXE"
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [KBD] "c:\hp\kbd\KBD.EXE"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton antivirus\osCheck.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [KernelFaultCheck] "%systemroot%\system32\dumprep" 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
mRunOnce: [SymLnch] "c:\documents and settings\hp_administrator.desktop\application data\symantec\layouts\norton antivirus\15.0\symalllanguages\navcd_retail\20070826\support\symlnch\symlnch.exe" "c:\documents and settings\hp_administrator.desktop\application data\symantec\layouts\norton antivirus\15.0\symalllanguages\navcd_retail\20070826\Setup.exe" "/SCANUPREBOOT /temp /patched"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: trymedia.com
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243720971843
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243720966296
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Filter: text/html - {b5b098dd-36d2-4ece-b7d8-4a99c03e7351} -
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-10-2 29808]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-4-21 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2008-11-13 1205760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-28 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090715.016\NAVENG.SYS [2009-7-15 87888]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090715.016\NAVEX15.SYS [2009-7-15 875728]
RUnknown xwvty;xwvty; [x]
S2 sanczr;sanczr;\??\c:\windows\system32\drivers\kfjocnh.sys --> c:\windows\system32\drivers\kfjocnh.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-11-14 1251720]

=============== Created Last 30 ================

2009-07-15 19:45 <DIR> --d----- c:\program files\Trend Micro
2009-07-15 19:39 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-15 17:04 <DIR> --d----- c:\docume~1\hp_adm~1.des\applic~1\Malwarebytes
2009-07-15 17:04 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-15 17:04 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-15 17:04 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-15 17:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-15 03:28 <DIR> --d----- c:\program files\Yahoo!
2009-07-15 03:28 <DIR> --d----- c:\program files\CCleaner
2009-07-15 03:06 127 a------- c:\windows\system32\MRT.INI
2009-07-14 16:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\14234214
2009-07-05 03:00 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-07-05 03:00 21,504 a------- c:\windows\system32\drivers\hidserv.dll
2009-06-23 14:53 <DIR> --dsh--- c:\documents and settings\hp_administrator.desktop\IECompatCache
2009-06-22 01:53 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-06-22 01:50 <DIR> --dsh--- c:\documents and settings\hp_administrator.desktop\IETldCache
2009-06-22 01:45 <DIR> -cd-h--- c:\windows\ie8
2009-06-22 01:43 1,985,024 -------- c:\windows\system32\dllcache\iertutil.dll
2009-06-22 01:43 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-06-22 01:43 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-06-22 01:43 11,064,832 -------- c:\windows\system32\dllcache\ieframe.dll
2009-06-22 01:43 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-06-22 01:38 775,168 a------- c:\windows\is-42TRT.exe
2009-06-22 01:38 10,194 a------- c:\windows\is-42TRT.msg
2009-06-22 01:38 332 a------- c:\windows\is-42TRT.lst
2009-06-22 01:36 <DIR> --d----- c:\program files\MSSOAP
2009-06-22 01:35 164 a------- c:\windows\install.dat

==================== Find3M ====================

2009-07-15 19:39 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-16 10:55 119,808 -------- c:\windows\system32\t2embed.dll
2009-06-16 10:55 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:55 82,432 -------- c:\windows\system32\fontsub.dll
2009-06-16 10:55 82,432 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-03 15:24 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 15:24 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-06-01 15:34 0 a---h--- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2009-06-01 15:34 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2009-05-30 20:18 0 a---h--- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-05-30 19:34 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2009-05-30 19:34 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-05-13 15:39 1,563,008 a------- c:\windows\WRSetup.dll
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-13 01:15 5,936,128 -------- c:\windows\system32\dllcache\mshtml.dll
2009-05-13 01:15 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-05-09 01:14 1,418,120 a------- c:\windows\system32\wdfcoinstaller01005.dll
2009-05-07 11:44 344,064 -------- c:\windows\system32\localspl.dll
2009-05-07 11:44 344,064 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-30 17:22 1,207,808 -------- c:\windows\system32\dllcache\urlmon.dll
2009-04-30 17:22 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-04-30 17:22 385,536 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 07:21 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-21 12:56 79,020 a------- c:\windows\hpfins05.dat
2009-04-21 12:50 14 a------- c:\program files\version.txt
2009-04-17 05:58 1,846,656 a------- c:\windows\system32\win32k.sys
2009-04-17 05:58 1,846,656 -------- c:\windows\system32\dllcache\win32k.sys
2008-10-25 15:28 0 a------- c:\docume~1\hp_adm~1.des\applic~1\wklnhst.dat
2006-12-11 20:12 22 a--sh--- c:\windows\sminst\HPCD.SYS
2008-11-14 00:11 934,511 a--sh--- c:\windows\system32\oqAccccf.ini2

============= FINISH: 20:11:22.06 ===============





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:43 PM, on 7/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\java.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] "C:\WINDOWS\ARPWRMSG.EXE"
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [HPHUPD08] "c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe"
O4 - HKLM\..\Run: [DISCover] "C:\Program Files\DISC\DISCover.exe"
O4 - HKLM\..\Run: [DiscUpdateManager] "C:\Program Files\DISC\DiscUpdateMgr.exe"
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\SMINST\RECGUARD.EXE"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [KBD] "C:\HP\KBD\KBD.EXE"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] "%systemroot%\system32\dumprep" 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\HP_Administrator.DESKTOP\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAVCD_RETAIL\20070826\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\HP_Administrator.DESKTOP\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAVCD_RETAIL\20070826\Setup.exe" "/SCANUPREBOOT /temp /patched"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1243720971843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1243720966296
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Filter hijack: text/html - {b5b098dd-36d2-4ece-b7d8-4a99c03e7351} - C:\WINDOWS\system32\msziptools.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 10712 bytes

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:49 PM

Posted 17 July 2009 - 10:36 PM

Hello jake2121,

I (as well as MicroSoft, McAfee and Symantec) recommend that you DO NOT have more than one anti virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms".

It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection.

In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove one of these.

Norton AntiVirus or Webroot AntiVirus with AntiSpyware

*******************

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

*******************


Please download Malwarebytes' Anti-Malware from one of these places:
http://download.cnet.com/Malwarebytes-Anti...&tag=button
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh DDS log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Edited by SifuMike, 17 July 2009 - 10:53 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 jake2121

jake2121
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 19 July 2009 - 05:39 PM

Ok, so i uninstalled webroot and i ran malwarebytes and security check. Weird thing is this time it did not find anything when before everytime it found something and deleted it, it would come back. Here are the logs you wanted.


Results of screen317's Security Check version 0.98.4
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````

Windows Firewall Disabled!
NortonAntiVirusTechCenterEdition(SymantecCorporation)
NortonAntiVirusHelp
NortonAntiVirus
NortonProtectionCenter
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````

Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner (remove only)
Java™ 6 Update 14
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````

Norton ccSvcHst.exe
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````

GREAT! (Very random)

Scan took 28 seconds.
`````````End of Log```````````




Malwarebytes' Anti-Malware 1.39
Database version: 2464
Windows 5.1.2600 Service Pack 2

7/19/2009 6:34:43 PM
mbam-log-2009-07-19 (18-34-43).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 187070
Time elapsed: 40 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Maybe my problem was that I had 2 anti virus programs installed. Do you have any suggestions for a better anti-virus and spysweeper for me?

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:49 PM

Posted 19 July 2009 - 06:54 PM

Hi jake2121,

There is nothing wrong with the Norton antivirus you have installed. There is no perfect antivirus; if there was one, then everyone would have it.
Norton A/V is good for removing viruses and trojans, but remove other malware, I recommmnd Spybot, Ad-Aware and Malwarebtyes.

I think you are still infected. Post another DSS log and tell me if you are still seeing problems.

Edited by SifuMike, 19 July 2009 - 09:39 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 jake2121

jake2121
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 19 July 2009 - 11:12 PM

I'm not having any problems with google anymore. Not being redirected to any sites. Nothing seems to be wrong, but I definately want to make sure of that. Here is the DDS log




DDS (Ver_09-06-26.01) - NTFSx86
Run by HP_Administrator at 0:07:44.39 on Mon 07/20/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.459 [GMT -4:00]

AV: Norton AntiVirus TechCenter Edition *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus TechCenter Edition *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\java.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Administrator.DESKTOP\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/a/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [ehTray] "c:\windows\ehome\ehtray.exe"
mRun: [AlwaysReady Power Message APP] "c:\windows\ARPWRMSG.EXE"
mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "c:\windows\system32\nwiz.exe" /install
mRun: [RTHDCPL] "c:\windows\RTHDCPL.EXE"
mRun: [HPHUPD08] "c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe"
mRun: [DISCover] "c:\program files\disc\DISCover.exe"
mRun: [DiscUpdateManager] "c:\program files\disc\DiscUpdateMgr.exe"
mRun: [DMAScheduler] "c:\program files\sonic\digitalmedia plus\digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] "c:\windows\sminst\RECGUARD.EXE"
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [KBD] "c:\hp\kbd\KBD.EXE"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton antivirus\osCheck.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [KernelFaultCheck] "%systemroot%\system32\dumprep" 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [SymLnch] "c:\documents and settings\hp_administrator.desktop\application data\symantec\layouts\norton antivirus\15.0\symalllanguages\navcd_retail\20070826\support\symlnch\symlnch.exe" "c:\documents and settings\hp_administrator.desktop\application data\symantec\layouts\norton antivirus\15.0\symalllanguages\navcd_retail\20070826\Setup.exe" "/SCANUPREBOOT /temp /patched"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: trymedia.com
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243720971843
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243720966296
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Filter: text/html - {b5b098dd-36d2-4ece-b7d8-4a99c03e7351} -
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-28 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090719.024\NAVENG.SYS [2009-7-19 87888]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090719.024\NAVEX15.SYS [2009-7-19 875728]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-11-14 1251720]
S2 sanczr;sanczr;\??\c:\windows\system32\drivers\kfjocnh.sys --> c:\windows\system32\drivers\kfjocnh.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]

=============== Created Last 30 ================

2009-07-19 16:06 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-19 16:06 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-19 16:06 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-15 19:45 <DIR> --d----- c:\program files\Trend Micro
2009-07-15 19:39 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-15 17:04 <DIR> --d----- c:\docume~1\hp_adm~1.des\applic~1\Malwarebytes
2009-07-15 17:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-15 03:28 <DIR> --d----- c:\program files\Yahoo!
2009-07-15 03:28 <DIR> --d----- c:\program files\CCleaner
2009-07-15 03:06 127 a------- c:\windows\system32\MRT.INI
2009-07-14 16:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\14234214
2009-07-05 03:00 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-07-05 03:00 21,504 a------- c:\windows\system32\drivers\hidserv.dll
2009-06-23 14:53 <DIR> --dsh--- c:\documents and settings\hp_administrator.desktop\IECompatCache
2009-06-22 01:53 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-06-22 01:50 <DIR> --dsh--- c:\documents and settings\hp_administrator.desktop\IETldCache
2009-06-22 01:45 <DIR> -cd-h--- c:\windows\ie8
2009-06-22 01:43 1,985,024 -------- c:\windows\system32\dllcache\iertutil.dll
2009-06-22 01:43 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-06-22 01:43 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-06-22 01:43 11,064,832 -------- c:\windows\system32\dllcache\ieframe.dll
2009-06-22 01:43 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-06-22 01:38 775,168 a------- c:\windows\is-42TRT.exe
2009-06-22 01:38 10,194 a------- c:\windows\is-42TRT.msg
2009-06-22 01:38 332 a------- c:\windows\is-42TRT.lst
2009-06-22 01:36 <DIR> --d----- c:\program files\MSSOAP
2009-06-22 01:35 164 a------- c:\windows\install.dat

==================== Find3M ====================

2009-07-15 19:39 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-16 10:55 119,808 -------- c:\windows\system32\t2embed.dll
2009-06-16 10:55 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:55 82,432 -------- c:\windows\system32\fontsub.dll
2009-06-16 10:55 82,432 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-03 15:24 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 15:24 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-06-01 15:34 0 a---h--- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2009-06-01 15:34 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2009-05-30 20:18 0 a---h--- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-05-30 19:34 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2009-05-30 19:34 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-13 01:15 5,936,128 -------- c:\windows\system32\dllcache\mshtml.dll
2009-05-13 01:15 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-05-09 01:14 1,418,120 a------- c:\windows\system32\wdfcoinstaller01005.dll
2009-05-07 11:44 344,064 -------- c:\windows\system32\localspl.dll
2009-05-07 11:44 344,064 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-30 17:22 1,207,808 -------- c:\windows\system32\dllcache\urlmon.dll
2009-04-30 17:22 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-04-30 17:22 385,536 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 07:21 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-21 12:56 79,020 a------- c:\windows\hpfins05.dat
2009-04-21 12:50 14 a------- c:\program files\version.txt
2008-10-25 15:28 0 a------- c:\docume~1\hp_adm~1.des\applic~1\wklnhst.dat
2006-12-11 20:12 22 a--sh--- c:\windows\sminst\HPCD.SYS
2008-11-14 00:11 934,511 a--sh--- c:\windows\system32\oqAccccf.ini2

============= FINISH: 0:09:17.89 ===============

#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:49 PM

Posted 20 July 2009 - 12:37 AM

Hi jake2121,

Please close FireFox and Internet Explorer browser before running OTM.

Please download OTM by OldTimer and save it to your desktop.
Double click the icon on your desktop to run it.
(Note: If you are running on Vista, right-click on the file and choose Run As Administrator).


Copy the lines in the code box below to the clipboard by highlighting ALL of them and pressing CTRL + C[/b] (or, after highlighting, right-click and choose Copy):
Do not include the word "Code".


:files
c:\windows\system32\oqAccccf.ini2

:commands
[emptytemp]
[Reboot]


Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.

Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

**************

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post even if it finds nothing.
You can refer to this animation by sundavis if needed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 jake2121

jake2121
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 20 July 2009 - 01:13 PM

Here is the OTM results, but I could not use the Kaspersky scanner because about a minute into the scan it restarts my computer and says it has just recovered from a serious error.


All processes killed
========== FILES ==========
c:\windows\system32\oqAccccf.ini2 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 31285 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Default User
->Temp folder emptied: 31285 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: HP_Administrator

User: HP_Administrator.DESKTOP
File delete failed. C:\Documents and Settings\HP_Administrator.DESKTOP\Local Settings\Temp\IadHide5.dll scheduled to be deleted on reboot.
->Temp folder emptied: 2934554 bytes
->Temporary Internet Files folder emptied: 15953149 bytes
->Java cache emptied: 13425503 bytes

User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 164084 bytes

User: NetworkService
->Temp folder emptied: 66334 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1053297 bytes
%systemroot%\System32 .tmp files removed: 21130257 bytes
File delete failed. C:\WINDOWS\temp\JETB8BD.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied: 4571408 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 56.77 mb


OTM by OldTimer - Version 3.0.0.5 log created on 07202009_123214

Files moved on Reboot...
DllUnregisterServer procedure not found in C:\Documents and Settings\HP_Administrator.DESKTOP\Local Settings\Temp\IadHide5.dll
C:\Documents and Settings\HP_Administrator.DESKTOP\Local Settings\Temp\IadHide5.dll NOT unregistered.
C:\Documents and Settings\HP_Administrator.DESKTOP\Local Settings\Temp\IadHide5.dll moved successfully.
File C:\WINDOWS\temp\JETB8BD.tmp not found!

Registry entries deleted on Reboot...

#8 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:49 PM

Posted 20 July 2009 - 03:04 PM

Hi jake2121,

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 jake2121

jake2121
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 20 July 2009 - 05:18 PM

The ESET scan found nothing so there was no report to post.

#10 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:49 PM

Posted 20 July 2009 - 06:12 PM

Hi jake2121,

Thats great! I think your clean. :thumbup2:

How is your computer running?

We still need to do some program clean up.

Edited by SifuMike, 20 July 2009 - 06:13 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 jake2121

jake2121
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 20 July 2009 - 06:24 PM

It seems to be running fine. Thank You. Ok so whats next?

#12 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:49 PM

Posted 20 July 2009 - 08:27 PM

Hi jake2121,

Now for the program clean up.

Delete Security Check from your desktop.

Open OTM and click the CleanUp! button on top.
In the left pane, it will display a list of tools and other related files which you may have downloaded/used during our cleanup + backup folders that were created with the bad files present.
They are not needed anymore, so OtM will delete them.
Do not edit anything in that Window!
Don't worry if it displays some tools you didn't download/use.
Click Yes when it asks to Begin cleanup process.
Then reboot your computer.

Please read and follow

Simple and easy ways to keep your computer safe and secure on the Internet
as well
Groovicus' Guide to Simple PC Security to help keep yourself from becoming infected again, as well as
How did I get infected?, With steps so it does not happen again!
as well as
How to prevent Malware' by miekiemoes

If you want to improve speed/system performance after malware removal, take a look here.

Now your good to go. :thumbup2:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 jake2121

jake2121
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 21 July 2009 - 09:05 PM

Should i uninstall the ESET scanner? And would you recommend that I upgrade to the windows XP service pack 3 or do you think I should wait until they have all the bugs out of it? Thx for all your help.

#14 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:49 PM

Posted 21 July 2009 - 09:16 PM

Should i uninstall the ESET scanner?


If you want to you can.

And would you recommend that I upgrade to the windows XP service pack 3 or do you think I should wait until they have all the bugs out of it?


Upgrade to SP3. It is safe to use.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:49 PM

Posted 27 July 2009 - 06:48 PM

Since your problem appears to be resolved, this thread will now be closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users