Tech Support banner

Status
Not open for further replies.
1 - 6 of 6 Posts

·
Registered
Joined
·
5 Posts
Discussion Starter #1
DDS (Ver_10-03-17.01) - NTFSx86 MINIMAL
Run by Administrator at 17:41:14.39 on Thu 09/23/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.479.248 [GMT -4:00]

============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr
============== Pseudo HJT Report ===============
mDefault_Page_URL = hxxp://qus9.hpwis.com/
mDefault_Search_URL = hxxp://srch-qus9.hpwis.com/
mSearch Page = hxxp://srch-qus9.hpwis.com/
mStart Page = hxxp://qus9.hpwis.com/
mSearch Bar = hxxp://srch-qus9.hpwis.com/
uInternet Settings,ProxyOverride = localhost
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: CouponBar: {5bed3930-2e9e-76d8-bacc-80df2188d455} - c:\windows\CouponsBar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [BellSouthWCC_McciTrayApp] c:\program files\bellsouthwcc\McciTrayApp.exe
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl04e\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [S3TRAY2] S3tray2.exe
mRun: [QuickFinder Scheduler] "c:\program files\wordperfect office 11\programs\QFSCHD110.EXE"
mRun: [Xfaxaxuw] rundll32.exe "c:\windows\ebepukogibux.dll",Startup
mRun: [XoftSpySE] "c:\program files\xoftspyse6\XoftSpySE.exe" -NM -hidesplash
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [InnoSetupRegFile.0000000001] "c:\windows\is-RCQEK.exe" /REG
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\mod_sm.lnk - c:\hp\bin\cloaker.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\1940576\program\BackWeb-1940576.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: SpSubLSP.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxps://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {75901C03-CBAB-420B-AD16-22A10FBA68C9} = 192.168.1.254
TCP: {A47B9DD9-3027-4B52-BB2B-195A18F1FA34} = 192.168.1.254
Notify: igfxcui - igfxsrvc.dll
Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: {B1BA40A1-75F2-51BD-F313-04B03A2C8953} - No File
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-9-21 217032]
S2 mrtRate;mrtRate; [x]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-9-21 366840]
S2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-9-21 1142224]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2010-3-18 2944]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2010-3-18 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2010-3-18 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2010-3-18 10368]
S3 SWLD23U;Netopia 802.11b WLAN USB Adapter;c:\windows\system32\drivers\swld23u.sys [2009-6-11 83912]
S3 swlubtl;WLAN USB Boot Device;c:\windows\system32\drivers\swlubtl.sys [2009-6-11 53690]
S3 XoftSpyService;XoftSpyService;c:\program files\common files\xoftspyse\6\xoftspyservice.exe [2009-10-23 582424]
=============== Created Last 30 ================
2010-09-22 02:36:21 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2010-09-22 02:04:35 0 d-----w- c:\docume~1\admini~1\applic~1\Symantec
2010-09-21 23:29:50 711168 ----a-w- c:\windows\is-RCQEK.exe
2010-09-21 23:29:50 346 ----a-w- c:\windows\is-RCQEK.lst
2010-09-21 23:29:50 10562 ----a-w- c:\windows\is-RCQEK.msg
2010-09-21 23:23:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-21 23:23:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-21 23:23:54 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-21 21:55:35 0 d-----w- c:\program files\Security Scanner Full
2010-09-21 21:27:16 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-09-21 21:27:16 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-09-21 21:26:55 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-09-21 21:26:55 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-09-21 21:26:55 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-09-21 21:26:55 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-09-21 21:26:39 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-09-21 21:26:39 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-09-21 21:26:30 0 d-----w- c:\program files\Spyware Doctor
2010-09-21 21:26:30 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-09-21 18:02:01 0 d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
2010-09-21 18:02:00 0 d-----w- c:\program files\common files\ParetoLogic
2010-09-21 18:01:55 0 d-----w- c:\program files\common files\XoftSpySE
2010-09-21 18:01:53 0 d-----w- c:\docume~1\alluse~1\applic~1\XoftSpySE
2010-09-21 18:01:40 0 d-----w- c:\program files\XoftSpySE6
2010-09-21 17:24:00 1409 ----a-w- c:\windows\QTFont.for
2010-09-21 03:37:27 0 d-----w- C:\78e2d559fa9fe1e0b1
2010-09-21 02:57:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-09-21 02:50:29 0 d-----w- c:\program files\common files\PC Tools
2010-09-21 02:11:17 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-09-21 01:02:02 120 ----a-w- c:\windows\Vsumeyey.dat
2010-09-21 01:02:02 0 ----a-w- c:\windows\Sradoqibuzixuqot.bin
2010-09-21 01:00:14 844800 ----a-w- c:\windows\system32\drivers\slwzzxp.sys
2010-09-21 01:00:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Update
2010-09-20 22:07:47 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-12 17:30:02 764868 -c----w- c:\windows\system32\dllcache\apph_sp.sdb
2010-09-12 17:30:02 217118 -c----w- c:\windows\system32\dllcache\apphelp.sdb
2010-09-12 17:29:13 0 d-----w- c:\program files\Windows Media Connect 2
2010-09-12 17:27:03 0 d-----w- c:\windows\system32\LogFiles
2010-09-11 20:59:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-09-11 20:59:46 215920 ----a-w- c:\windows\system32\muweb.dll
2010-09-11 20:59:46 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-09-11 00:49:03 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-09-11 00:48:52 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-09-11 00:46:53 0 d-----w- c:\program files\Microsoft
2010-09-11 00:46:34 0 d-----w- c:\program files\Windows Live SkyDrive
2010-09-11 00:35:23 0 d-----w- c:\program files\common files\Windows Live
2010-09-07 22:36:12 398744 ----a-r- c:\windows\cpnprt2.cid
2010-09-07 22:35:56 398744 ------w- c:\windows\system32\cpnprt2.cid
2010-09-07 22:35:52 0 d-----w- c:\windows\Cache
2010-09-07 22:35:50 0 d-----w- c:\program files\Coupons
2010-09-07 15:01:25 1089601 -c----w- c:\windows\system32\dllcache\ntprint.cat
2010-09-07 07:08:15 0 d-----w- c:\windows\system32\XPSViewer
2010-09-07 07:07:17 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-09-07 07:07:17 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-09-07 07:07:17 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-09-07 07:07:17 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-09-07 07:07:17 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-09-07 07:07:17 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-09-07 07:07:17 117760 ------w- c:\windows\system32\prntvpt.dll
2010-09-07 07:07:17 0 d-----w- C:\def25a438938d1cec582e7083e1810
2010-09-07 07:01:39 0 d-----w- c:\program files\MSXML 6.0
2010-09-05 07:01:31 0 d-----w- c:\program files\MSXML 4.0
2010-09-04 16:15:32 0 d-----w- c:\windows\system32\CatRoot_bak
2010-09-04 16:07:15 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-09-04 16:06:15 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-09-04 16:06:04 743936 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-04 16:04:02 3555328 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-09-04 16:03:51 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-09-04 16:03:46 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-09-04 15:59:27 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2010-09-04 15:57:04 1196000 -c----w- c:\windows\system32\dllcache\sysmain.sdb
2010-09-04 15:57:02 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-09-04 02:22:39 56 --sh--r- c:\windows\system32\E50F448278.sys
2010-09-04 02:19:43 258 ----a-w- c:\windows\system32\BDEMERGE.INI
2010-09-04 02:19:06 0 d-----w- c:\program files\common files\Borland Shared
2010-09-04 02:18:32 0 d-----w- c:\windows\ShellNew
2010-09-04 02:17:45 0 d-----w- c:\program files\WordPerfect Office 11
2010-09-04 02:17:45 0 d-----w- c:\program files\common files\Corel
2010-09-04 02:09:34 0 d-----w- c:\windows\system32\wbem\AutoRecover
2010-09-04 01:01:29 0 d-----w- c:\windows\peernet
2010-09-04 01:01:27 0 d-----w- c:\windows\provisioning
2010-09-04 00:58:49 0 d-----w- c:\windows\ServicePackFiles
2010-09-04 00:50:36 0 d-----w- c:\windows\EHome
2010-09-03 03:09:13 60288 ----a-w- c:\windows\system32\drivers\drmk.sys
2010-09-03 03:09:12 145792 ----a-w- c:\windows\system32\drivers\portcls.sys
==================== Find3M ====================
2010-09-21 23:18:22 3848 ----a-w- c:\windows\viassary-hp.reg
2009-12-28 21:10:54 770 ----a-w- c:\program files\INSTALL.LOG
============= FINISH: 17:42:02.20 ===============
 

Attachments

·
Registered
Joined
·
5 Posts
Discussion Starter #2
Ed Moseley....messed up and attached dds instead of attach to last posting w/ ARK

Please see last posting from Ed Moseley also.
 

Attachments

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
Hi Ed -

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Before we begin...

I see some signs of trouble there. First, I'd like to know if there's a problem running the machine in Normal Mode. I see the DDS log was done in Safe mode.
 

·
Registered
Joined
·
5 Posts
Discussion Starter #4
Well, there were problems in normal mode before. Before I learned of this forum, I tried some fixes on my own including malwarebytes and deleting some files that I believed to be associated with the virus.

Since then, I tried rebooting in normal mode but the "peak protection 2010" software kept coming on. The only way I could get it to go off my screen and do anything at all was to hit control,alt,delete and go into the taskmgr, go the the file named "hotfix" and click end process, then the computer would complete its bootup, etc. But, not trusting, sinnce then I've only started that computer in safemode AND I have not hooked it back up to the modem/internet.

Please advise.
Thanks,
Ed
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
Ok, thanks. That helps. You can leave the machine disconnected from the net if you like, but this fix is best performed in Normal Mode.



Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

As you have no internet access on the affected machine, we will need to download a couple of files from another computer, and transfer them to the affected machine vis USB flash drive, or other removable media. If you use a USB device, leave it connected to the affected machine while running Combofix as instructed below.

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Place combofix.exe on your Desktop


First, we need to install the Windows Recovery Console.

The Windows Recovery Console will allow you to boot up into a special recovery(repair) mode, if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Download the file from this Microsoft page:

For XP Home >> http://www.microsoft.com/downloads/details.aspx?FamilyId=15491F07-99F7-4A2D-983D-81C2137FF464&displaylang=en

Save it as it is originally named to your Desktop.

Now close all open windows and programs, and disable all antivirus and antispyware programs. This is usually done via a right click on the applications' system tray icon. Get help here for how to disable them, if required.



Then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement (EULA) to install the Recovery Console.

As part of installing the Recovery Console, ComboFix will begin to run. Your desktop may disappear. This is normal. It will return.

ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Recovery Console is installed, this blue window will appear:



Click on Yes, to continue scanning for malware.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Post that log in your next reply

If you have any questions along the way...STOP and ask them before proceeding.
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
1 - 6 of 6 Posts
Status
Not open for further replies.
Top