Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirect infection in Google/ spyware doctor usless


  • This topic is locked This topic is locked
2 replies to this topic

#1 AHobgoblinNight

AHobgoblinNight

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 18 October 2010 - 09:30 PM

I have PC Tools "Spyware Doctor," which comes up empty handed. Their tech support has been useless. I have included the requested logs. I get redirected by every link that I follow in Google. I use Firefox, and I have removed and reinstalled to no avail. Help please! I am senior in college, and I have many papers due as well as my graduate school applications. Without my computer, I have been at a stand still for days.

DDS.txt


DDS (Ver_10-10-10.03) - NTFSx86
Run by Hobgolbin at 21:55:03.23 on Mon 10/18/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.494 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
E:\Program Files\WTouch\WTouchService.exe
svchost.exe
svchost.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
svchost.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
E:\WINDOWS\System32\snmp.exe
E:\WINDOWS\system32\svchost.exe -k imgsvc
E:\WINDOWS\system32\Pen_Tablet.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\WTouch\WTouchUser.exe
E:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
E:\WINDOWS\system32\Pen_Tablet.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\WINDOWS\System32\svchost.exe -k HTTPFilter
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Mozilla Firefox\plugin-container.exe
E:\WINDOWS\System32\vssvc.exe
E:\WINDOWS\system32\dllhost.exe
E:\WINDOWS\system32\dllhost.exe
E:\Documents and Settings\Hobgolbin\My Documents\Downloads\Defogger.exe
E:\Documents and Settings\Hobgolbin\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - e:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - e:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
uRun: [CubeDesktop]
mRun: [NvCplDaemon] RUNDLL32.EXE e:\windows\system32\NvCpl.dll,NvStartup
mRun: [PPort11reminder] "e:\program files\scansoft\paperport\ereg\ereg.exe" -r "e:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [Adobe Reader Speed Launcher] "e:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "e:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IMJPMIG8.1] "e:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] e:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] e:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] e:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] e:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [BabylonToolbar] "e:\program files\babylontoolbar\babylontoolbar\1.4.15.4\BabylonToolbarsrv.exe" /md I
mRun: [ZoneAlarm Client] "e:\program files\zone labs\zonealarm\zlclient.exe"
IE: E&xport to Microsoft Excel - e:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: e:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

================= FIREFOX ===================

FF - ProfilePath - e:\docume~1\hobgol~1\applic~1\mozilla\firefox\profiles\lu5zntdn.default\
FF - plugin: e:\program files\cambridgesoft\chemoffice2010\chem3d\npChem3DPlugin.dll
FF - plugin: e:\program files\cambridgesoft\chemoffice2010\chemdraw\NPCDN32.DLL
FF - plugin: e:\program files\google\google earth\plugin\npgeplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;e:\windows\system32\drivers\PCTCore.sys [2010-8-28 218592]
R0 TfFsMon;TfFsMon;e:\windows\system32\drivers\TfFsMon.sys [2010-8-28 51984]
R0 TfSysMon;TfSysMon;e:\windows\system32\drivers\TfSysMon.sys [2010-8-28 59664]
R1 pctgntdi;pctgntdi;e:\windows\system32\drivers\pctgntdi.sys [2010-8-28 233136]
R1 vsdatant;vsdatant;e:\windows\system32\vsdatant.sys [2009-7-20 532224]
R2 TabletServicePen;TabletServicePen;e:\windows\system32\Pen_Tablet.exe [2010-10-7 4408616]
R2 vsmon;TrueVector Internet Monitor;e:\windows\system32\zonelabs\vsmon.exe -service --> e:\windows\system32\zonelabs\vsmon.exe -service [?]
R2 WTouchService;WTouch Service;e:\program files\wtouch\WTouchService.exe [2010-10-7 112936]
S2 gupdate;Google Update Service (gupdate);"e:\program files\google\update\googleupdate.exe" /svc --> e:\program files\google\update\GoogleUpdate.exe [?]
S3 PciCon;PciCon;\??\f:\pcicon.sys --> f:\PciCon.sys [?]
S3 pctplsg;pctplsg;e:\windows\system32\drivers\pctplsg.sys [2010-8-28 63360]
S3 sdAuxService;PC Tools Auxiliary Service;e:\program files\spyware doctor\pctsAuxs.exe [2010-8-28 366840]
S3 sdCoreService;PC Tools Security Service;e:\program files\spyware doctor\pctsSvc.exe [2010-8-28 1142224]
S3 TfNetMon;TfNetMon;e:\windows\system32\drivers\TfNetMon.sys [2010-8-28 33552]
S3 ThreatFire;ThreatFire;e:\program files\spyware doctor\tfengine\tfservice.exe service --> e:\program files\spyware doctor\tfengine\TFService.exe service [?]

=============== Created Last 30 ================

2010-10-19 00:00:07 -------- d-----w- e:\program files\Trend Micro
2010-10-14 01:39:32 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-10-14 01:39:31 20952 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-10-14 01:39:31 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2010-10-08 01:21:32 -------- d-----w- e:\docume~1\hobgol~1\applic~1\WTablet
2010-10-08 01:21:26 -------- d-----w- e:\docume~1\hobgol~1\applic~1\WTouch
2010-10-08 01:21:23 220968 ------w- e:\windows\system32\Touch_Tablet.dll
2010-10-08 01:21:21 -------- d-----w- e:\program files\WTouch
2010-10-08 01:20:40 6124840 ------w- e:\windows\system32\PenTablet.cpl
2010-10-08 01:20:39 14592 -c--a-w- e:\windows\system32\dllcache\kbdhid.sys
2010-10-08 01:20:39 14592 ----a-w- e:\windows\system32\drivers\kbdhid.sys
2010-10-08 01:20:34 11440 ----a-w- e:\windows\system32\drivers\WacomVKHid.sys
2010-10-08 01:20:02 11312 ----a-w- e:\windows\system32\drivers\wacommousefilter.sys
2010-10-08 01:19:56 13736 ----a-w- e:\windows\system32\drivers\wacomvhid.sys
2010-10-08 01:19:51 -------- d-----w- e:\windows\system32\WTablet
2010-10-08 01:19:44 392488 ------w- e:\windows\system32\Pen_Tablet.dll
2010-10-08 01:19:44 284672 ------w- e:\windows\system32\Wintab32.dll
2010-10-08 01:19:35 4408616 ------w- e:\windows\system32\Pen_Tablet.exe
2010-10-08 01:19:24 -------- d-----w- e:\program files\Tablet
2010-10-08 00:55:23 -------- d-----w- e:\program files\PhatWare
2010-10-08 00:52:15 -------- d-----w- e:\docume~1\alluse~1\applic~1\PhatWare
2010-09-26 05:36:30 -------- d-----w- e:\docume~1\hobgol~1\applic~1\BabylonToolbar
2010-09-26 05:28:28 -------- d-----w- e:\program files\BabylonToolbar
2010-09-26 05:28:27 -------- d-----w- e:\program files\Babylon
2010-09-22 19:05:07 -------- d-----w- e:\docume~1\hobgol~1\locals~1\applic~1\Temp
2010-09-22 19:04:46 -------- d-----w- e:\docume~1\hobgol~1\locals~1\applic~1\Google
2010-09-20 21:19:37 -------- d-----w- e:\docume~1\hobgol~1\locals~1\applic~1\Installer2312
2010-09-20 20:41:36 -------- d-----w- e:\docume~1\hobgol~1\locals~1\applic~1\Installer3152

==================== Find3M ====================

2010-08-28 04:02:37 87608 ----a-w- e:\docume~1\hobgol~1\applic~1\inst.exe
2010-08-28 04:02:36 47360 ----a-w- e:\docume~1\hobgol~1\applic~1\pcouffin.sys

============= FINISH: 21:57:06.76 ===============

Attachments include:
DDS-Attach.txt
GMER-Ark.txt

Attached Files



BC AdBot (Login to Remove)

 


#2 AHobgoblinNight

AHobgoblinNight
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 19 October 2010 - 04:29 PM

This topic can be closed. Microsoft PC Safety Technical support team has resolved the issue. Thank you.

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,949 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:31 PM

Posted 19 October 2010 - 11:46 PM

Hello

Thank you for letting us know. I'm glad that your computer problems have been fixed. Since this issue seems to be resolved, this thread will now be closed.

In case you experience any problems with the computer, please start a new topic.

Happy computing,

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users