Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HiJack issue - Links work intermittently and redirect


  • This topic is locked This topic is locked
2 replies to this topic

#1 Chuck Fox

Chuck Fox

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 17 October 2009 - 11:09 PM

Gentlemen:

The other day I picked up a virus (I guess). The first thing that I noticed was that it made my disk top disappear and removed my wallpaper.

I got some help from a friend of mine and was able to disable this application called "Security Tool" This stopped the popups. You have a web page on this virus http://www.bleepingcomputer.com/virus-remo...e-security-tool. I found this page after removing "Security Tool"

After shutting down this application using task manager, I was able to download the latest version of Malwarebytes. This got rid of "Security Tool" and my desktop seems to be okay.

However, I still have three issues that may be related.

1. When I start up my laptop I get the following messages

rundll32.exe – Bad Image
The application or DLL C:DOCUME~1NETWOR~1ntuser.dll is not a valid Windows image. Please check this against your installation diskette

RUNDLL
Error loading DLL C:DOCUME~1NETWOR~1ntuser.dll
%1 is not a valid Win32 application

2. I am experiencing intermittent Hijacks - redirects that consistently go to hxxp://thefeedyard.com/?do=search&q=internet%20links%20redirected before ultimately being redirected to some other site

3. My friend suggested that I run Malwarebytes while operating in safe mode, however, I get a blue screen when trying to start up in safe mode

Below I am copying the logs that you specify. Any help would be greatly appreciated.

Best regards

Chuck (chuckeycharles) Fox

DDS Log -

DDS (Ver_09-10-13.01) - NTFSx86
Run by Charles Fox at 21:06:35.45 on Sat 10/17/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.66 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
C:WINDOWSsystem32svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:WINDOWSSystem32WLTRYSVC.EXE
C:WINDOWSSystem32bcmwltry.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesApointApoint.exe
C:WINDOWSsystem32igfxsrvc.exe
C:WINDOWSsystem32igfxpers.exe
C:Program FilesJavajre1.6.0_03binjusched.exe
C:WINDOWSsystem32WLTRAY.exe
C:Program FilesApointHidFind.exe
C:Program FilesDellQuickSetquickset.exe
C:Program FilesApointApntex.exe
C:WINDOWSstsystra.exe
C:Program FilesCyberLinkPowerDVD DXPDVDDXSrv.exe
C:Program FilesSonyContent TransferContentTransferWMDetector.exe
C:Program FilesLexmark 8300 Serieslxcjmon.exe
C:Program FilesLexmark 8300 Seriesezprint.exe
svchost.exe
C:WINDOWSsystem32rundll32.exe
C:PROGRA~1AVGAVG8avgtray.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMicrosoft ActiveSyncWCESCOMM.EXE
C:PROGRA~1AVGAVG8avgwdsvc.exe
C:Program FilesDigital Line DetectDLG.exe
C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
C:WINDOWSsystem32svchost.exe -k imgsvc
C:PROGRA~1AVGAVG8avgrsx.exe
C:Program FilesAVGAVG8avgcsrvx.exe
C:WINDOWSsystem32lxcjcoms.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesJavajre1.6.0_03binjucheck.exe
C:Program FilesMicrosoft OfficeOFFICE11WINWORD.EXE
C:Program FilesAVGAVG8avgcsrvx.exe
C:WINDOWSsystem32rundll32.exe
C:Documents and SettingsCharles FoxDesktopdds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070929
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:program filesavgavg8toolbarIEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:program filesavgavg8toolbarIEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filescommon filesadobeacrobatactivexAcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:program filesavgavg8avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:program filesjavajre1.6.0_03binssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:program filesavgavg8toolbarIEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:program filesgooglegoogletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:program filesgooglegoogletoolbarnotifier5.1.1309.3572swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:program filesbaeBAE.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:program filesgooglegoogletoolbar2.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:program filesavgavg8toolbarIEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ModemOnHold] c:program filesnetwaitingnetWaiting.exe
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [H/PC Connection Agent] "c:program filesmicrosoft activesyncWCESCOMM.EXE"
uRun: [calc] rundll32.exe c:docume~1networ~1ntuser.dll,_IWMPEvents@0
mRun: [Apoint] c:program filesapointApoint.exe
mRun: [igfxtray] c:windowssystem32igfxtray.exe
mRun: [igfxhkcmd] c:windowssystem32hkcmd.exe
mRun: [igfxpers] c:windowssystem32igfxpers.exe
mRun: [SunJavaUpdateSched] "c:program filesjavajre1.6.0_03binjusched.exe"
mRun: [Broadcom Wireless Manager UI] c:windowssystem32WLTRAY.exe
mRun: [Dell QuickSet] c:program filesdellquicksetquickset.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [PDVDDXSrv] "c:program filescyberlinkpowerdvd dxPDVDDXSrv.exe"
mRun: [ContentTransferWMDetector.exe] c:program filessonycontent transferContentTransferWMDetector.exe
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 8.0readerReader_sl.exe"
mRun: [LXCJCATS] rundll32 c:windowssystem32spooldriversw32x863LXCJtime.dll,_RunDLLEntry@16
mRun: [lxcjmon.exe] "c:program fileslexmark 8300 serieslxcjmon.exe"
mRun: [EzPrint] "c:program fileslexmark 8300 seriesezprint.exe"
mRun: [calc] rundll32.exe c:windowssystem32calc.dll,_IWMPEvents@0
mRun: [Malwarebytes Anti-Malware (reboot)] "c:program filesmalwarebytes' anti-malwarembam.exe" /runcleanupscript
mRun: [AVG8_TRAY] c:progra~1avgavg8avgtray.exe
StartupFolder: c:docume~1charle~1startm~1programsstartupcyber-~1.lnk - c:program filessonysony picture utilityvolumewatcherSPUVolumeWatcher.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupdigita~1.lnk - c:program filesdigital line detectDLG.exe
IE: E&xport to Microsoft Excel - c:progra~1micros~2office11EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:program filesjavajre1.6.0_03binssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:program filesmicrosoft activesyncINETREPL.DLL
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:program filesmicrosoft activesyncINETREPL.DLL
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~2office11REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:program filesavgavg8avgpp.dll
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:program filesmicrosoft activesyncAATP.DLL
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:program filesmicrosoft activesyncCENETFLT.DLL
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:program filesmicrosoft activesyncCENETFLT.DLL
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:program filesmicrosoft activesyncCENETFLT.DLL
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:program filesmicrosoft activesyncCENETFLT.DLL
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:program filesmicrosoft activesyncCENETFLT.DLL
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:program filesmicrosoft activesyncCENETFLT.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: PCANotify - PCANotify.dll
AppInit_DLLs: wztcay.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:windowssystem32driversavgldx86.sys [2009-10-16 335240]
R2 avg8wd;AVG Free8 WatchDog;c:progra~1avgavg8avgwdsvc.exe [2009-10-17 297752]
S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:windowssystem32driversPTDCWWAN.sys [2009-1-15 58240]

=============== Created Last 30 ================

2009-10-17 09:30 <DIR> --d----- c:docume~1alluse~1applic~1AVG Security Toolbar
2009-10-16 23:56 <DIR> --d----- c:windowssystem32Registry Patrol
2009-10-16 23:56 <DIR> --d----- c:program filesRegistry Patrol
2009-10-16 22:49 <DIR> --d-h--- C:$AVG8.VAULT$
2009-10-16 13:55 11,952 a------- c:windowssystem32avgrsstx.dll
2009-10-16 13:55 335,240 a------- c:windowssystem32driversavgldx86.sys
2009-10-16 13:55 <DIR> --d----- c:windowssystem32driversAvg
2009-10-16 13:55 <DIR> --d----- c:docume~1charle~1applic~1AVGTOOLBAR
2009-10-16 13:54 <DIR> --d----- c:program filesAVG
2009-10-16 13:54 <DIR> --d----- c:docume~1alluse~1applic~1avg8
2009-10-16 10:34 3,121 a------- c:windowsunibuhuw.dll
2009-10-16 10:03 3,121 a------- c:windowseguhopir.dll
2009-10-16 09:54 3,121 a------- c:windowselolefarizazowe.dll
2009-10-16 09:10 3,121 a------- c:windowsekoxekoc.dll
2009-10-16 08:04 3,121 a------- c:windowsewelokahubozera.dll
2009-10-16 01:48 26,112 a------- c:windowssystem32cpcp.cpo
2009-10-16 01:36 3,133 a------- c:windowsabobaraxonugidel.dll
2009-10-16 00:30 3,133 a------- c:windowsakabiqorefubeqi.dll
2009-10-15 23:24 3,133 a------- c:windowsuyononuci.dll
2009-10-15 22:18 3,133 a------- c:windowsezasevihegozavo.dll
2009-10-15 21:12 3,133 a------- c:windowsusagidim.dll
2009-10-15 20:06 3,133 a------- c:windowsavuxukowomaquden.dll
2009-10-15 17:57 <DIR> --d----- c:program filesAbbyy FineReader 6.0 Sprint
2009-10-15 17:57 462,848 a------- c:windowssystem32ippcva611.dll
2009-10-15 17:55 28,672 a------- c:windowshookdllX.dll
2009-10-15 17:55 11,776 a------- c:windowssystem32pmsbfn32.dll
2009-10-15 17:54 <DIR> --d----- c:windowssystem32color
2009-10-15 17:54 <DIR> --d----- c:program filesLexmark Applications
2009-10-15 17:53 257 a------- c:windowssetup.iss
2009-10-15 17:53 12,686 a------- c:windowssystem32LexFiles.ulf
2009-10-15 17:52 <DIR> --d----- c:program filesLx_cats
2009-10-15 17:50 867 a------- C:LXCJINST.csv
2009-10-15 17:50 <DIR> --d----- c:temp{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2009-10-15 17:50 0 a------- C:lxcjfire.csv
2009-10-15 17:30 <DIR> --d----- c:program filesLexmark 8300 Series
2009-10-15 17:30 15,104 a------- c:windowssystem32driversusbscan.sys
2009-10-15 17:30 15,104 a------- c:windowssystem32dllcacheusbscan.sys
2009-10-15 17:30 87,040 a------- c:windowssystem32wiafbdrv.dll
2009-10-15 17:30 87,040 a------- c:windowssystem32dllcachewiafbdrv.dll
2009-10-15 16:29 3,117 a------- c:windowsagusexas.dll
2009-10-15 08:24 3,117 a------- c:windowsahujadaz.dll
2009-10-15 07:18 3,117 a------- c:windowsogaqidefayoqe.dll
2009-10-15 06:12 3,117 a------- c:windowsexiboxavowiyel.dll
2009-10-15 05:06 3,117 a------- c:windowsoyovedidaki.dll
2009-10-15 04:00 3,117 a------- c:windowsaregukopositadux.dll
2009-10-15 02:54 3,117 a------- c:windowsuqufotocedofi.dll
2009-10-15 01:48 3,117 a------- c:windowsatuwelohawuro.dll
2009-10-15 00:42 3,117 a------- c:windowsolexixoyenevud.dll
2009-10-14 23:36 3,117 a------- c:windowsegugutagesa.dll
2009-10-14 18:21 3,117 a------- c:windowsuveroxaziv.dll
2009-10-14 17:15 3,117 a------- c:windowsorehedilawetida.dll
2009-10-14 16:09 3,117 a------- c:windowsusonudowubucudi.dll
2009-10-14 15:03 3,117 a------- c:windowsikasuxidigibavuk.dll
2009-10-14 13:57 3,117 a------- c:windowsuyekidup.dll
2009-10-14 12:51 3,117 a------- c:windowsefanoxokex.dll
2009-10-14 11:40 3,117 a------- c:windowsamoyomebufeb.dll
2009-10-14 10:34 3,117 a------- c:windowsikukilomi.dll
2009-10-14 09:28 3,117 a------- c:windowsocohowoboz.dll
2009-10-14 08:23 3,117 a------- c:windowsezuhuyur.dll
2009-10-14 02:37 3,113 a------- c:windowsudobuxey.dll
2009-10-14 01:31 3,113 a------- c:windowsehibinur.dll
2009-10-14 00:25 3,113 a------- c:windowsuguzuquf.dll
2009-10-13 23:19 3,113 a------- c:windowsixojiyerez.dll
2009-10-13 22:13 3,113 a------- c:windowsicokonejiq.dll
2009-10-13 21:07 3,113 a------- c:windowsekihuqerofiboqa.dll
2009-10-13 20:01 3,113 a------- c:windowsexumanit.dll
2009-10-13 18:55 3,113 a------- c:windowsepaqoqepoquqo.dll
2009-10-13 17:49 3,113 a------- c:windowsuduvubom.dll
2009-10-13 16:43 3,113 a------- c:windowsiwunejobec.dll
2009-10-13 15:37 3,113 a------- c:windowsiwaxuqotolixaqa.dll
2009-10-13 14:31 3,113 a------- c:windowsigucanuveruqapiw.dll
2009-10-13 13:31 3,113 a------- c:windowsoseyusikuno.dll
2009-10-13 12:25 3,113 a------- c:windowsogozafitequwezan.dll
2009-10-13 11:19 3,113 a------- c:windowsojefofoceqoz.dll
2009-10-13 10:13 3,113 a------- c:windowsuzedapesanukukub.dll
2009-10-13 09:07 3,113 a------- c:windowsucobemob.dll
2009-10-13 08:01 3,113 a------- c:windowsucupalamuti.dll
2009-10-13 06:55 3,113 a------- c:windowsumalavarowigesi.dll
2009-10-13 01:51 3,117 a------- c:windowsojidapeqikodado.dll
2009-10-13 00:45 3,117 a------- c:windowsuminaroh.dll
2009-10-12 23:39 3,117 a------- c:windowsulubikehejonuq.dll
2009-10-12 22:33 3,117 a------- c:windowsiyilasihi.dll
2009-10-12 21:27 3,117 a------- c:windowsapikurub.dll
2009-10-12 20:21 3,117 a------- c:windowsubipiran.dll
2009-10-12 19:15 3,117 a------- c:windowsesaconisixe.dll
2009-10-12 18:09 3,117 a------- c:windowsayaretozuneseyom.dll
2009-10-12 17:03 3,117 a------- c:windowsuhebasuse.dll
2009-10-12 15:57 3,117 a------- c:windowsizomamajux.dll
2009-10-12 14:51 3,117 a------- c:windowsinesitad.dll
2009-10-12 13:45 3,117 a------- c:windowsahinuzehobiqob.dll
2009-10-12 12:39 3,117 a------- c:windowsekijamiyumihoyop.dll
2009-10-12 11:33 3,117 a------- c:windowseruyanamisuno.dll
2009-10-12 10:27 3,117 a------- c:windowsixeyesubasebiwey.dll
2009-10-12 09:21 3,117 a------- c:windowsuqupimog.dll
2009-10-12 03:41 3,133 a------- c:windowsocacakih.dll
2009-10-12 02:35 3,133 a------- c:windowsocefuyipiduraya.dll
2009-10-12 01:29 3,133 a------- c:windowsiradowub.dll
2009-10-12 00:23 3,133 a------- c:windowsojuyazamilabefog.dll
2009-10-11 23:17 3,133 a------- c:windowsunofomorabulez.dll
2009-10-11 22:12 3,133 a------- c:windowsulavakulejarivew.dll
2009-10-11 21:05 3,133 a------- c:windowsapucoyusikunose.dll
2009-10-11 19:59 3,133 a------- c:windowsibagumajapimogud.dll
2009-10-11 18:53 3,133 a------- c:windowsehaxeyaki.dll
2009-10-11 17:47 3,133 a------- c:windowsiyisalut.dll
2009-10-11 16:41 3,133 a------- c:windowsirehamicun.dll
2009-10-11 15:35 3,133 a------- c:windowsesimezim.dll
2009-10-11 14:29 3,133 a------- c:windowsayidotibuxer.dll
2009-10-11 13:24 3,133 a------- c:windowsisoduwat.dll
2009-10-11 12:17 3,133 a------- c:windowsovicehez.dll
2009-10-11 08:45 3,113 a------- c:windowsuyoqamabimonusij.dll
2009-10-11 07:39 3,113 a------- c:windowsuhibeguy.dll
2009-10-11 03:28 3,133 a------- c:windowsojozetifigor.dll
2009-10-11 02:22 3,133 a------- c:windowsagudigipamepo.dll
2009-10-11 01:16 3,133 a------- c:windowsulukagox.dll
2009-10-11 00:10 3,133 a------- c:windowsuzenewohis.dll
2009-10-10 23:04 3,133 a------- c:windowsogefogutudiwoni.dll
2009-10-10 21:58 3,133 a------- c:windowsudetivumejabi.dll
2009-10-10 20:52 3,133 a------- c:windowsimepiwamikuxiyay.dll
2009-10-10 19:46 3,133 a------- c:windowsatakekegas.dll
2009-10-10 18:40 3,133 a------- c:windowsiwisubas.dll
2009-10-10 17:34 3,133 a------- c:windowsiwocigezori.dll
2009-10-10 14:16 3,133 a------- c:windowsabusuzupijaf.dll
2009-10-10 13:10 3,133 a------- c:windowsugehuwon.dll
2009-10-10 12:00 3,133 a------- c:windowsavisigihajile.dll
2009-10-10 10:54 3,133 a------- c:windowsatawugona.dll
2009-10-10 09:48 3,133 a------- c:windowsudoxabibid.dll
2009-10-10 08:42 3,133 a------- c:windowsebutogum.dll
2009-10-10 04:27 3,117 a------- c:windowsohapelepixoxiwak.dll
2009-10-10 00:36 3,113 a------- c:windowsotarazur.dll
2009-10-09 23:30 3,113 a------- c:windowsifihaxov.dll
2009-10-09 22:24 3,113 a------- c:windowsubavilit.dll
2009-10-09 16:19 3,121 a------- c:windowsajewusuy.dll
2009-10-09 15:13 3,121 a------- c:windowsivatuguze.dll
2009-10-09 14:07 3,121 a------- c:windowsezalimelumorun.dll
2009-10-09 13:01 3,121 a------- c:windowsopepogaxeyuvasa.dll
2009-10-09 11:55 3,121 a------- c:windowsopigatek.dll
2009-10-09 10:49 3,121 a------- c:windowsopayanacurone.dll
2009-10-09 09:43 3,121 a------- c:windowsihuronec.dll
2009-10-08 22:16 <DIR> --d----- c:docume~1alluse~1applic~1PC Drivers HeadQuarters

==================== Find3M ====================

2009-09-11 09:18 136,192 a------- c:windowssystem32msv1_0.dll
2009-09-11 09:18 136,192 -------- c:windowssystem32dllcachemsv1_0.dll
2009-09-10 14:54 38,224 a------- c:windowssystem32driversmbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:windowssystem32driversmbam.sys
2009-09-04 16:03 58,880 a------- c:windowssystem32msasn1.dll
2009-09-04 16:03 58,880 -------- c:windowssystem32dllcachemsasn1.dll
2009-08-28 05:28 70,656 -------- c:windowssystem32dllcacheie4uinit.exe
2009-08-28 05:28 13,824 -------- c:windowssystem32dllcacheieudinit.exe
2009-08-27 00:18 634,648 -------- c:windowssystem32dllcacheiexplore.exe
2009-08-27 00:18 161,792 -------- c:windowssystem32dllcacheieakui.dll
2009-08-26 03:00 247,326 a------- c:windowssystem32strmdll.dll
2009-08-26 03:00 247,326 -------- c:windowssystem32dllcachestrmdll.dll
2009-08-13 10:16 512,000 -------- c:windowssystem32dllcachejscript.dll
2009-08-06 19:24 327,896 a------- c:windowssystem32dllcachewucltui.dll
2009-08-06 19:24 209,632 a------- c:windowssystem32dllcachewuweb.dll
2009-08-06 19:24 35,552 a------- c:windowssystem32dllcachewups.dll
2009-08-06 19:24 53,472 a------- c:windowssystem32dllcachewuauclt.exe
2009-08-06 19:24 96,480 a------- c:windowssystem32dllcachecdm.dll
2009-08-06 19:23 575,704 a------- c:windowssystem32dllcachewuapi.dll
2009-08-06 19:23 1,929,952 a------- c:windowssystem32dllcachewuaueng.dll
2009-08-05 04:01 204,800 a------- c:windowssystem32mswebdvd.dll
2009-08-05 04:01 204,800 -------- c:windowssystem32dllcachemswebdvd.dll
2009-08-04 20:44 2,189,184 -------- c:windowssystem32dllcachentoskrnl.exe
2009-08-04 10:13 2,145,280 a------- c:windowssystem32ntoskrnl.exe
2009-08-04 10:13 2,145,280 -------- c:windowssystem32dllcachentkrnlmp.exe
2009-08-04 09:20 2,023,936 a------- c:windowssystem32ntkrnlpa.exe
2009-08-04 09:20 2,023,936 -------- c:windowssystem32dllcachentkrpamp.exe
2009-08-04 09:20 2,066,048 -------- c:windowssystem32dllcachentkrnlpa.exe
2009-01-27 22:15 32,768 a--sh--- c:windowssystem32configsystemprofilelocal settingshistoryhistory.ie5mshist012009011220090119index.dat
2009-01-27 22:15 32,768 a--sh--- c:windowssystem32configsystemprofilelocal settingshistoryhistory.ie5mshist012009012720090128index.dat

============= FINISH: 21:07:22.59 ===============

ATTACH.TXT Log -


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-13.01)

Microsoft Windows XP Professional
Boot Device: DeviceHarddiskVolume2
Install Date: 10/8/2007 12:57:22 PM
System Uptime: 10/17/2009 8:41:52 PM (1 hours ago)

Motherboard: Dell Inc. | | 0NF743
Processor: Intel® Core™2 CPU T5500 @ 1.66GHz | Microprocessor | 1662/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 44.868 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP287: 7/21/2009 3:35:30 AM - System Checkpoint
RP288: 7/23/2009 2:20:08 AM - System Checkpoint
RP289: 7/24/2009 3:41:58 AM - System Checkpoint
RP290: 7/26/2009 12:56:42 AM - System Checkpoint
RP291: 7/27/2009 1:17:21 AM - System Checkpoint
RP292: 7/28/2009 3:12:44 AM - System Checkpoint
RP293: 7/29/2009 3:00:22 AM - Software Distribution Service 3.0
RP294: 7/30/2009 11:29:46 PM - System Checkpoint
RP295: 8/2/2009 2:09:08 AM - System Checkpoint
RP296: 8/3/2009 2:10:43 AM - System Checkpoint
RP297: 8/4/2009 11:22:34 PM - System Checkpoint
RP298: 8/5/2009 11:40:25 PM - System Checkpoint
RP299: 8/7/2009 12:26:15 AM - System Checkpoint
RP300: 8/8/2009 1:13:49 AM - System Checkpoint
RP301: 8/9/2009 11:37:01 PM - System Checkpoint
RP302: 8/11/2009 1:14:48 AM - System Checkpoint
RP303: 8/12/2009 1:08:47 AM - Software Distribution Service 3.0
RP304: 8/13/2009 11:40:35 PM - System Checkpoint
RP305: 8/15/2009 12:34:54 AM - System Checkpoint
RP306: 8/16/2009 2:23:18 AM - System Checkpoint
RP307: 8/17/2009 2:49:37 AM - System Checkpoint
RP308: 8/18/2009 9:23:11 PM - System Checkpoint
RP309: 8/20/2009 1:45:29 AM - System Checkpoint
RP310: 8/21/2009 2:51:04 AM - System Checkpoint
RP311: 8/22/2009 10:28:07 PM - System Checkpoint
RP312: 8/23/2009 10:50:07 PM - System Checkpoint
RP313: 8/25/2009 3:37:03 AM - System Checkpoint
RP314: 8/26/2009 3:00:17 AM - Software Distribution Service 3.0
RP315: 8/28/2009 1:11:36 AM - System Checkpoint
RP316: 9/8/2009 10:57:20 PM - System Checkpoint
RP317: 9/9/2009 6:40:31 AM - Software Distribution Service 3.0
RP318: 9/10/2009 10:12:45 PM - System Checkpoint
RP319: 9/15/2009 12:07:55 AM - System Checkpoint
RP320: 9/16/2009 1:48:38 AM - System Checkpoint
RP321: 9/20/2009 2:36:41 AM - System Checkpoint
RP322: 9/23/2009 11:52:10 PM - System Checkpoint
RP323: 9/25/2009 12:12:32 AM - System Checkpoint
RP324: 9/25/2009 1:39:33 PM - Removed AVG 7.5
RP325: 9/25/2009 1:40:25 PM - Installed AVG 7.5
RP326: 9/25/2009 1:51:41 PM - Removed SV8100 PCPro.
RP327: 9/25/2009 1:52:05 PM - Installed SV8100 PCPro.
RP328: 9/26/2009 2:07:19 PM - System Checkpoint
RP329: 9/27/2009 2:12:16 PM - System Checkpoint
RP330: 9/28/2009 5:44:42 PM - System Checkpoint
RP331: 9/29/2009 5:47:01 PM - System Checkpoint
RP332: 9/30/2009 6:52:43 PM - System Checkpoint
RP333: 10/2/2009 12:25:55 AM - System Checkpoint
RP334: 10/3/2009 12:58:11 PM - System Checkpoint
RP335: 10/4/2009 4:10:16 PM - System Checkpoint
RP336: 10/6/2009 1:06:47 AM - System Checkpoint
RP337: 10/7/2009 5:36:42 PM - System Checkpoint
RP338: 10/8/2009 6:28:55 PM - System Checkpoint
RP339: 10/8/2009 10:15:54 PM - Installed Driver Detective.
RP340: 10/8/2009 10:46:29 PM - Removed Driver Detective.
RP341: 10/9/2009 11:39:04 PM - System Checkpoint
RP342: 10/11/2009 2:56:07 AM - System Checkpoint
RP343: 10/12/2009 3:12:32 AM - System Checkpoint
RP344: 10/13/2009 3:28:30 PM - System Checkpoint
RP345: 10/14/2009 3:00:21 AM - Software Distribution Service 3.0
RP346: 10/15/2009 4:36:26 AM - System Checkpoint
RP347: 10/15/2009 5:54:04 PM - Installed Presto! PageManager 7.12
RP348: 10/15/2009 5:55:41 PM - Installed Presto! PageManager
RP349: 10/15/2009 5:56:10 PM - Printer Driver PageManager PDF Writer Installed
RP350: 10/15/2009 5:56:40 PM - Installed Presto! Forms 3.50.01
RP351: 10/15/2009 5:59:21 PM - Installed Print to Fax
RP352: 10/15/2009 6:01:20 PM - Printer Driver CAPTURE FAX Installed
RP353: 10/16/2009 1:54:57 PM - Installed AVG Free 8.0
RP354: 10/17/2009 8:59:08 AM - Avg8 Update
RP355: 10/17/2009 9:30:00 AM - Avg8 Update

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
ALPS Touch Pad Driver
AVG Free 8.5
Broadcom Management Programs
Conexant HDA D110 MDC V.92 Modem
Content Transfer
Critical Update for Windows Media Player 11 (KB959772)
Dell Wireless WLAN Card
DESI Labeling System
Digital Line Detect
Electra Elite IPK II PCPro
Electra Elite IPK SAT (with IPK II export) Release 4.70
Google Earth
Google Toolbar for Internet Explorer
Google Updater
High Definition Audio Driver Package - KB835221
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Intel® Graphics Media Accelerator Driver
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 3
Lexmark 8300 Series
LiveReg (Symantec Corporation)
LiveUpdate 1.6 (Symantec Corporation)
Malwarebytes' Anti-Malware
MAT
MAT Tools
MATWorX Version 13
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0
Microsoft ActiveSync 3.7
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Modem Helper
Mozilla Firefox (3.0.14)
MSSOAP
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NEAX 2400 IPX Flash Card Tool
NEAX 2400 IPX Registration 1.18.004
NetWaiting
PANTECH PC Card Software
PowerDVD
Presto! Forms 3.50.01
Presto! PageManager 7.12.02
Print to Fax
QuickSet
Screen Antics 2.1
SearchAssist
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sony Picture Utility
Sony USB Driver
SV8100 PCPro
Symantec pcAnywhere
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
URL Assistant
Valcom V-2924sc Programming Tool
Watchtower Library 2008 - English
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

10/15/2009 5:56:12 PM, error: Print [22] - Failed to ugrade printer settings for printer Ricoh Aficio AP3200 PCL driver Ricoh Aficio AP3200 PCL error 0.
10/15/2009 5:56:12 PM, error: Print [22] - Failed to ugrade printer settings for printer FOXPCRicoh Aficio AP3200 PCL,LocalOnly driver C:WINDOWSSystem32spoolDRIVERSW32X863UNIDRVUI.DLL error 0.
10/15/2009 5:49:17 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.

==== End Of File ===========================

ARK.TXT Log -

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/17 21:36
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:WINDOWSSystem32Driversdump_atapi.sys
Address: 0xAA162000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:WINDOWSSystem32Driversdump_WMILIB.SYS
Address: 0xF8A6C000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:WINDOWSsystem32driversrootrepeal.sys
Address: 0xA8EDF000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:hiberfil.sys
Status: Locked to the Windows API!

Path: C:Documents and SettingsCharles Foxntuser.dll
Status: Invisible to the Windows API!

Path: C:Documents and SettingsNetworkServicentuser.dll
Status: Invisible to the Windows API!

Path: C:WINDOWSsystem32calc.dll
Status: Invisible to the Windows API!

Path: C:WINDOWSsystem32configsystemprofilentuser.dll
Status: Invisible to the Windows API!

Path: C:Documents and SettingsCharles FoxStart MenuProgramsStartupscandisk.dll
Status: Invisible to the Windows API!

Path: C:Documents and SettingsCharles FoxStart MenuProgramsStartupscandisk.lnk
Status: Invisible to the Windows API!

Path: C:WINDOWSsystem32configsystemprofileStart MenuProgramsStartupscandisk.dll
Status: Invisible to the Windows API!

Path: C:WINDOWSsystem32configsystemprofileStart MenuProgramsStartupscandisk.lnk
Status: Invisible to the Windows API!

Path: C:Documents and SettingsCharles FoxLocal SettingsApplication DataMozillaFirefoxProfiles3svuc75y.defaulturlclassifier3.sqlite-journal
Status: Visible to the Windows API, but not on disk.

Path: C:Documents and SettingsCharles FoxLocal SettingsApplication DataMozillaFirefoxProfiles3svuc75y.defaultOfflineCache20FA861Fd01
Status: Invisible to the Windows API!

Path: C:Documents and SettingsCharles FoxLocal SettingsApplication DataMozillaFirefoxProfiles3svuc75y.defaultOfflineCache3E7783CCd01
Status: Invisible to the Windows API!

Path: C:Documents and SettingsCharles FoxLocal SettingsApplication DataMozillaFirefoxProfiles3svuc75y.defaultOfflineCacheED2583B4d01
Status: Invisible to the Windows API!

Path: C:Documents and SettingsCharles FoxLocal SettingsApplication DataMozillaFirefoxProfiles3svuc75y.defaultOfflineCacheEECB3B4Ed01
Status: Invisible to the Windows API!

Path: C:Documents and SettingsCharles FoxLocal SettingsApplication DataMozillaFirefoxProfiles3svuc75y.defaultOfflineCacheF37C9C28d01
Status: Invisible to the Windows API!

Path: C:Documents and SettingsCharles FoxLocal SettingsApplication DataMozillaFirefoxProfiles3svuc75y.defaultOfflineCache_CACHE_001_
Status: Invisible to the Windows API!

Path: C:Documents and SettingsCharles FoxLocal SettingsApplication DataMozillaFirefoxProfiles3svuc75y.defaultOfflineCache_CACHE_002_
Status: Invisible to the Windows API!

Path: C:Documents and SettingsCharles FoxLocal SettingsApplication DataMozillaFirefoxProfiles3svuc75y.defaultOfflineCache_CACHE_003_
Status: Invisible to the Windows API!

Path: C:Documents and SettingsCharles FoxLocal SettingsApplication DataMozillaFirefoxProfiles3svuc75y.defaultOfflineCache_CACHE_MAP_
Status: Invisible to the Windows API!

==EOF==

Some additional information that may be helpful

The link redirect issue occurs both with Internet Explorer and Firefox. The links seem to work a little better if I try to open them in the same browser window. I seem to have more problems if I try to open a link in a new tab, although this is not always true

Any help would be greatly appreciated

Chuckeycharles

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 23 October 2009 - 07:30 PM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:57 PM

Posted 29 October 2009 - 05:37 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:57 PM

Posted 03 November 2009 - 05:21 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
_temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users