Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirct / Clickcheck.ru


  • This topic is locked This topic is locked
2 replies to this topic

#1 Schwen

Schwen

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 03 May 2009 - 11:43 AM

Previously got rid of Vundo and a few other items but this redirect is lingering and it appears to do it when using google search and click a link.... here is my log of HJT and attached


DDS (Ver_09-03-16.01) - NTFSx86
Run by Rhonda at 10:31:12.08 on Sun 05/03/2009
Internet Explorer: 8.0.6001.18702

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Yahoo! IE Suggest: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\searchsuggest\YSearchSuggest.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
mRun: [dvHighMem] c:\windows\cfgmng32.exe
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [CAPPActiveProtection] "c:\program files\ca\ca internet security suite\ca anti-spyware\CAPPActiveProtection.exe"
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-7.0.0.510\QOELoader.exe"
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: yahoo.com\www
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - hxxp://w4s2.work4sure.com/c/ge/w4sgeen9.exe
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150816190654
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222216644358
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: PFW - UmxWnp.Dll
AppInit_DLLs: c:\windows\system32\nemupopi.dll,c:\windows\system32\volitumi.dll UmxSbxExw.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\CIDLinkAdvisor.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli c:\windows\system32\nemupopi.dll c:\windows\system32\volitumi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rhonda\applic~1\mozilla\firefox\profiles\wuyekteg.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\firefox\components\CallingIDLinkAdvisorGecko.dll
FF - component: c:\program files\ca\ca internet security suite\ca website inspector\toolbar\firefox\components\CIDDomFx3.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-05-01 23:47 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-05-01 23:37 <DIR> --dsh--- c:\documents and settings\rhonda\IECompatCache
2009-05-01 23:32 <DIR> --dsh--- c:\documents and settings\rhonda\PrivacIE
2009-05-01 23:08 <DIR> --dsh--- c:\documents and settings\rhonda\IETldCache
2009-05-01 22:59 <DIR> --d----- c:\windows\ie8updates
2009-05-01 22:56 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-05-01 22:49 <DIR> -cd-h--- c:\windows\ie8
2009-05-01 19:05 <DIR> --d----- C:\2e91d5a3a0ef0059cb519cbcc43cb1
2009-05-01 19:02 <DIR> --d----- c:\windows\SxsCaPendDel
2009-04-29 23:59 <DIR> --d----- c:\documents and settings\rhonda\DoctorWeb
2009-04-29 21:12 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com
2009-04-29 21:11 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-04-29 21:11 <DIR> --d----- c:\docume~1\rhonda\applic~1\SUPERAntiSpyware.com
2009-04-29 21:11 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-04-29 17:52 7 a------- c:\windows\system32\mkghj.dll
2009-04-29 17:51 <DIR> --d----- c:\docume~1\rhonda\applic~1\CallingID
2009-04-29 16:14 <DIR> --d----- c:\program files\ISSThirdParty
2009-04-29 16:14 250,544 a------- c:\windows\system32\KeyHelp.ocx
2009-04-29 16:13 161,008 a------- c:\windows\system32\drivers\vetmonnt.sys
2009-04-29 16:13 111,856 a------- c:\windows\system32\isafprod.dll
2009-04-29 16:13 99,568 a------- c:\windows\system32\isafeif.dll
2009-04-29 16:13 83,256 a------- c:\windows\system32\vetredir.dll
2009-04-29 16:13 26,352 a------- c:\windows\system32\drivers\vet-filt.sys
2009-04-29 16:13 21,488 a------- c:\windows\system32\drivers\vetfddnt.sys
2009-04-29 16:13 21,104 a------- c:\windows\system32\drivers\vet-rec.sys
2009-04-29 16:13 880,560 a------- c:\windows\system32\drivers\vetefile.sys
2009-04-29 16:13 108,368 a------- c:\windows\system32\drivers\veteboot.sys
2009-04-29 16:13 1,254,640 a------- c:\windows\system32\cfgmig32.dll
2009-04-29 16:12 823,296 a------- c:\windows\system32\svcprs32.exe
2009-04-29 16:12 2,732,032 a------- c:\windows\system32\win32cpr.dll
2009-04-29 16:12 1,568,870 a------- c:\windows\system32\winsflt.dll
2009-04-29 16:12 1,212,416 a------- c:\windows\system32\mdmcls32.exe
2009-04-29 16:12 11,333,632 a------- c:\windows\cfgmng32.exe
2009-04-29 16:12 1,830,912 a------- c:\windows\system32\winsflte.dll
2009-04-29 16:12 <DIR> --d----- c:\windows\rnapxs
2009-04-29 16:10 17,882 a------- c:\windows\system32\entitlement.xml
2009-04-29 16:09 <DIR> --d----- c:\program files\CA
2009-04-24 21:07 <DIR> --d----- c:\docume~1\rhonda\applic~1\Malwarebytes
2009-04-24 21:07 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-24 21:07 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-24 21:06 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-04-24 21:06 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-24 00:59 2,713 ---sh--- c:\windows\system32\fopelene.exe
2009-04-22 03:08 <DIR> --d----- c:\windows\system32\KB905474
2009-04-14 18:54 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-14 18:54 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-14 18:54 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-14 18:54 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-14 18:54 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-14 18:54 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-14 18:54 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-14 18:54 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-14 18:54 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-14 18:50 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-14 18:50 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-14 18:50 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-09 07:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 07:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 07:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 07:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 06:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 06:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 05:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-03 14:59 56,832 a------- c:\windows\system32\secur32.dll
2008-06-08 03:29 342 ---sh--- c:\program files\desktop.ini
2008-06-08 03:29 10,657 ---sh--- c:\program files\Folder.jpg
2008-06-08 03:29 10,657 ---sh--- c:\program files\AlbumArt_{05A81C4F-FBD4-4F66-B593-A8DAB88A8638}_Large.jpg
2008-06-08 03:29 2,708 ---sh--- c:\program files\AlbumArtSmall.jpg
2008-06-08 03:29 2,708 ---sh--- c:\program files\AlbumArt_{05A81C4F-FBD4-4F66-B593-A8DAB88A8638}_Small.jpg
2008-06-08 03:29 11,003 ---sh--- c:\program files\AlbumArt_{EE9D5B64-BE8B-4F14-8BB7-6664A44BD568}_Large.jpg
2008-06-08 03:29 2,685 ---sh--- c:\program files\AlbumArt_{EE9D5B64-BE8B-4F14-8BB7-6664A44BD568}_Small.jpg
2008-01-10 20:03 8,323 ---sh--- c:\program files\AlbumArt_{95D8F7BE-B721-46D1-8FEA-5847C681E2CB}_Large.jpg
2008-01-10 20:03 2,330 ---sh--- c:\program files\AlbumArt_{95D8F7BE-B721-46D1-8FEA-5847C681E2CB}_Small.jpg
2008-01-10 15:30 8,343 ---sh--- c:\program files\AlbumArt_{8214BAEB-6846-41A8-80F2-F983CC246097}_Large.jpg
2008-01-10 15:30 2,140 ---sh--- c:\program files\AlbumArt_{8214BAEB-6846-41A8-80F2-F983CC246097}_Small.jpg
2008-01-10 15:30 9,829 ---sh--- c:\program files\AlbumArt_{AE011978-4C18-4FC8-B558-E8538B372680}_Large.jpg
2008-01-10 15:30 2,590 ---sh--- c:\program files\AlbumArt_{AE011978-4C18-4FC8-B558-E8538B372680}_Small.jpg
2008-01-10 15:29 11,034 ---sh--- c:\program files\AlbumArt_{F5D77CC1-9A98-4DA6-AC19-213CF7D6C638}_Large.jpg
2008-01-10 15:29 2,817 ---sh--- c:\program files\AlbumArt_{F5D77CC1-9A98-4DA6-AC19-213CF7D6C638}_Small.jpg
2008-01-10 10:42 9,323 ---sh--- c:\program files\AlbumArt_{908CB277-405E-4B61-9363-F6E2790E8A0B}_Large.jpg
2008-01-10 10:42 9,009 ---sh--- c:\program files\AlbumArt_{72CC8433-97E1-452D-B4E4-2B85A3553691}_Large.jpg
2008-01-10 10:42 2,603 ---sh--- c:\program files\AlbumArt_{72CC8433-97E1-452D-B4E4-2B85A3553691}_Small.jpg
2008-01-10 10:42 2,523 ---sh--- c:\program files\AlbumArt_{908CB277-405E-4B61-9363-F6E2790E8A0B}_Small.jpg
2008-01-10 06:18 7,731 ---sh--- c:\program files\AlbumArt_{84A02837-F878-43A2-951A-792D9D26B67C}_Large.jpg
2008-01-10 06:18 1,920 ---sh--- c:\program files\AlbumArt_{84A02837-F878-43A2-951A-792D9D26B67C}_Small.jpg
2008-01-10 06:18 8,601 ---sh--- c:\program files\AlbumArt_{E168CC23-0DBF-499F-B409-DDA7744EC1BB}_Large.jpg
2008-01-10 06:18 2,321 ---sh--- c:\program files\AlbumArt_{E168CC23-0DBF-499F-B409-DDA7744EC1BB}_Small.jpg
2008-01-09 09:46 9,323 ---sh--- c:\program files\AlbumArt_{24B1127C-FD50-43A3-BA00-C2177AF398F8}_Large.jpg
2008-01-09 09:46 2,710 ---sh--- c:\program files\AlbumArt_{24B1127C-FD50-43A3-BA00-C2177AF398F8}_Small.jpg
2008-01-09 09:46 12,681 ---sh--- c:\program files\AlbumArt_{1D9DAF75-8895-401D-B37D-7411D8C3DE2A}_Large.jpg
2008-01-09 09:46 3,209 ---sh--- c:\program files\AlbumArt_{1D9DAF75-8895-401D-B37D-7411D8C3DE2A}_Small.jpg
2008-01-09 01:49 4,075 ---sh--- c:\program files\AlbumArt_{38FAFBAF-147A-437D-B3B5-ACF45D938AD2}_Large.jpg
2008-01-09 01:49 1,471 ---sh--- c:\program files\AlbumArt_{38FAFBAF-147A-437D-B3B5-ACF45D938AD2}_Small.jpg
2008-01-09 00:46 14,907 ---sh--- c:\program files\AlbumArt_{C4016CCF-15DE-4E43-BC2C-B91A7B3DEE46}_Large.jpg
2008-01-09 00:46 3,558 ---sh--- c:\program files\AlbumArt_{C4016CCF-15DE-4E43-BC2C-B91A7B3DEE46}_Small.jpg
2008-01-09 00:46 11,186 ---sh--- c:\program files\AlbumArt_{CEEDF87B-E766-4684-A126-123D1CF948BC}_Large.jpg
2008-01-09 00:46 2,762 ---sh--- c:\program files\AlbumArt_{CEEDF87B-E766-4684-A126-123D1CF948BC}_Small.jpg
2008-01-09 00:45 6,875 ---sh--- c:\program files\AlbumArt_{0537CBC3-1386-4719-8489-46F4FE193F0A}_Large.jpg
2008-01-09 00:45 2,146 ---sh--- c:\program files\AlbumArt_{0537CBC3-1386-4719-8489-46F4FE193F0A}_Small.jpg
2008-01-09 00:45 9,016 ---sh--- c:\program files\AlbumArt_{1023CFF9-05B3-4848-89EE-B6E7F8155E8C}_Large.jpg
2008-01-09 00:45 2,442 ---sh--- c:\program files\AlbumArt_{1023CFF9-05B3-4848-89EE-B6E7F8155E8C}_Small.jpg
2008-01-09 00:45 14,529 ---sh--- c:\program files\AlbumArt_{DA06E293-874E-414B-8943-EF0D8134F558}_Large.jpg
2008-01-09 00:45 3,242 ---sh--- c:\program files\AlbumArt_{DA06E293-874E-414B-8943-EF0D8134F558}_Small.jpg
2009-01-24 14:05 0 a--sh--- c:\windows\system32\bidiwaye.dll
2009-01-24 14:05 0 a--sh--- c:\windows\system32\judepiyu.dll

============= FINISH: 10:41:32.38 ===============

Inserted Attach.txt ~ Maurice

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/20/2006 10:00:04 AM
System Uptime: 5/1/2009 11:05:54 PM (35 hours ago)

Motherboard: Intel Corporation | | CA810E
Processor: Intel Celeron processor | J5H1 | 1096/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 19 GiB total, 6.38 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP502: 4/9/2009 10:21:37 AM - System Checkpoint
RP503: 4/10/2009 3:00:44 AM - Software Distribution Service 3.0
RP504: 4/11/2009 11:16:18 AM - System Checkpoint
RP505: 4/13/2009 1:40:46 AM - System Checkpoint
RP506: 4/15/2009 3:08:06 AM - Software Distribution Service 3.0
RP507: 4/19/2009 11:04:13 AM - System Checkpoint
RP508: 4/20/2009 11:17:03 AM - System Checkpoint
RP509: 4/21/2009 3:49:25 PM - System Checkpoint
RP510: 4/22/2009 3:01:20 AM - Software Distribution Service 3.0
RP511: 4/27/2009 3:49:07 PM - System Checkpoint
RP512: 4/29/2009 4:12:28 PM - Removed PC SpeedScan Pro
RP513: 4/30/2009 4:36:39 PM - System Checkpoint
RP514: 5/1/2009 3:02:58 AM - Software Distribution Service 3.0
RP515: 5/1/2009 6:25:12 PM - Software Distribution Service 3.0
RP516: 5/1/2009 11:08:12 PM - Printer Driver Microsoft XPS Document Writer Installed
RP517: 5/1/2009 11:48:18 PM - Software Distribution Service 3.0
RP518: 5/3/2009 12:24:50 AM - System Checkpoint

==== Installed Programs ======================


Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
AT&T Yahoo! Messenger
Belkin Wireless G Plus MIMO USB Network Adapter
CA Anti-Spam
CA Anti-Spyware
CA Anti-Virus
CA Backup and Migration
CA Internet Security Suite
CA Parental Controls
CA Personal Firewall
CA Pest Patrol Realtime Protection
CA Website Inspector
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
DNAMigrator
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
J2SE Runtime Environment 5.0 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Lexmark X1100 Series
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
QuickTime
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
SUPERAntiSpyware Free Edition
SupportSoft Assisted Service
Symantec Real Time Storage Protection Component
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
WebFldrs XP
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
Yahoo! Search Suggest Add-on for IE7
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

5/1/2009 7:07:39 PM, error: Print [22] - Failed to ugrade printer settings for printer \\HANDMEDOWN\HP LaserJet 6P,LocalOnly driver C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL error 1722.
5/1/2009 10:56:11 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
4/30/2009 11:02:10 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
4/30/2009 11:02:10 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/29/2009 9:30:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
4/29/2009 9:28:21 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips IPSec KmxAgent KmxFile KmxFw KmxStart MRxSmb NetBIOS NetBT P3 RasAcd Rdbss SASDIFSV SASKUTIL Tcpip VET-FILT VET-REC VETEFILE VETMONNT WS2IFSL
4/29/2009 9:28:21 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
4/29/2009 9:28:21 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/29/2009 9:27:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/29/2009 9:27:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}
4/29/2009 5:44:02 PM, error: NetBT [4321] - The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.2.4. The machine with the IP address 192.168.2.2 did not allow the name to be claimed by this machine.
4/29/2009 2:16:31 AM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer.
4/29/2009 12:37:25 AM, error: Service Control Manager [7000] - The SRTSPX service failed to start due to the following error: The system cannot find the file specified.
4/29/2009 11:28:22 PM, error: Service Control Manager [7000] - The PPCtlPriv service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/29/2009 11:28:21 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PPCtlPriv service to connect.
4/29/2009 11:28:20 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service PPCtlPriv with arguments "" in order to run the server: {F974178A-A284-440A-BEFC-5B0D11BCDB68}
4/28/2009 12:34:24 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
4/28/2009 11:47:34 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/27/2009 3:03:42 PM, error: Print [19] - Sharing printer failed + 1722, Printer QuickBooks PDF Converter share name Printer4.

==== End Of File ===========================

Edited by Maurice Naggar, 03 May 2009 - 02:42 PM.


BC AdBot (Login to Remove)

 


#2 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:09 PM

Posted 03 May 2009 - 02:53 PM

Hello Rhonda.

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!
These steps are for member Schwen only. If you are a lurker, do NOT try this on your system!
If you are not Schwen and have a similar problem, do NOT post here; start your own topic


Do not run or start any other programs while these utilities and tools are in use!
Posted Image Do NOT run any other tools on your own or do any fixes other than what is listed here.
If you have questions, please ask before you do something on your own.
But it is important that you get going on these following steps.
=
Close any of your open programs while you run these tools.

Set Windows to show all files and all folders.
On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
Next, un-check Hide extensions for known file types.
Next un-check Hide protected operating system files.

Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it.
Please double-click Goored.exe on your Desktop to run it. Select 2. Fix Goored by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).

Start your MBAM.
Click the Settings Tab. Make sure all option lines have a checkmark.
Click the Update tab. Press the "Check for Updates" button.

When done, click the Scanner tab.
Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

If you have a prior copy of Combofix, delete it now !

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image


* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop
If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on Combo-Fix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

IF you should see a message like this:
Posted Image
then, be sure to write down fully and also copy that into your next reply here and then await for my response.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
-------------------------------------------------------

A caution - Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.
If this occurs, please reboot to restore the desktop.
Even when ComboFix appears to be doing nothing, look at your Drive light.
If it is flashing, Combofix is still at work.
=

RE-Enable your AntiVirus and AntiSpyware applications.

Reply with copy of Goored.txt
the MBAM scan log
the C:\Combofix.txt
and tell me, How is your system now ?
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#3 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:09 PM

Posted 10 May 2009 - 10:37 AM

This thread is closed due to lack of response.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users