Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google search engine being redirected


  • This topic is locked This topic is locked
2 replies to this topic

#1 otter26

otter26

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 26 November 2009 - 10:58 PM

I am having a problem with google being redirected to random websites. I have tried multiple system restore points but my computer will not restore. I have also noticed my dvd/cd drive no longer works. If it helps I have seen errors with rundll.exe and others. My anti virus software was also disabled for a short while I am not sure if this was because of the viruses I have on my computer. Here are the logs that this site has suggested that I include with this post. any help would really help thank-you in advance.
DDS (Ver_09-11-24.02) - NTFSx86
Run by Otter at 10:48:37.48 on Thu 11/26/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.469 [GMT -8:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\Otter\LOCALS~1\Temp\~nsu.tmp\Au_.exe
C:\DOCUME~1\Otter\LOCALS~1\Temp\nsa36.tmp\ns37.tmp
C:\DOCUME~1\Otter\LOCALS~1\Temp\~nsu.tmp\Bu_.exe
C:\DOCUME~1\Otter\LOCALS~1\Temp\nsw3D.tmp\ns3E.tmp
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\Otter\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070824
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
BHO: Ask Search Assistant BHO: {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Ask Toolbar BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: Ask Toolbar: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [Picasa Media Detector] "c:\program files\picasa2\PicasaMediaDetector.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] "c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [EPSON Stylus Photo R300 Series] "c:\windows\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE" /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
mRun: [Auto EPSON Stylus Photo R300 Series on VALUED-C38DAD41] "c:\windows\system32\spool\drivers\w32x86\3\e_s4i2f1.exe" /p54 "auto epson stylus photo r300 series on valued-c38dad41" /o26 "\\valued-c38dad41\Printer2" /M "Stylus Photo R300"
mRun: [UserFaultCheck] c:\windows\system32\dumprep 0 -u
mRun: [MyWebSearch Plugin] rundll32 c:\progra~1\mywebs~1\bar\1.bin\M3PLUGIN.DLL,UPF
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZKxdm176YYUS
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {0BCADE60-1E93-11D8-ABDA-0004759647B3} - hxxp://www.bxwa.com/fastbid/fastbidx1.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
DPF: {32322460-3E7D-11D7-ABD8-0001029A9BA6} - hxxp://www.bxwa.com/fastbid/fastbidx2.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe --> c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [?]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2009-1-20 172032]

=============== Created Last 30 ================

2009-11-26 17:51:53 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-11-26 17:51:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-26 16:47:18 0 d-----w- c:\program files\common files\Sony Shared
2009-11-26 16:20:34 0 d-----w- c:\windows\system32\wbem\Repository
2009-11-26 04:52:32 3952 ----a-r- c:\windows\system32\drivers\DMICall.sys
2009-11-26 04:51:44 0 d-----w- c:\windows\SonySys
2009-11-24 03:05:54 52736 ----a-w- C:\ijyoqi.exe
2009-11-24 03:05:49 7168 ----a-w- C:\serlud.exe
2009-11-24 03:05:49 39424 ----a-w- C:\hnjf.exe
2009-11-16 17:12:02 744 ----a-w- c:\windows\system32\wininit.dll
2009-11-16 16:49:24 104960 ----a-w- c:\windows\system32\15724.exe
2009-11-16 07:02:09 0 d-----w- c:\docume~1\otter\applic~1\Malwarebytes
2009-11-16 07:02:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-16 07:02:01 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-16 07:02:01 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-16 07:02:00 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-16 06:30:25 0 d-----w- c:\program files\SUPERAntiSpyware
2009-11-16 06:30:25 0 d-----w- c:\docume~1\otter\applic~1\SUPERAntiSpyware.com
2009-11-16 05:13:16 0 d-----w- c:\windows\pss
2009-11-16 04:20:53 0 ----a-w- c:\windows\system32\19169.exe
2009-11-16 04:00:18 0 ----a-w- c:\windows\system32\26500.exe
2009-11-16 03:39:41 0 ----a-w- c:\windows\system32\6334.exe
2009-11-16 03:19:03 0 ----a-w- c:\windows\system32\18467.exe
2009-11-12 02:14:15 0 d-----w- c:\program files\avs videoconverter precrack
2009-11-10 09:37:48 3558013 ----a-w- c:\docume~1\otter\applic~1\Rihanna - Russian Roulette.zip
2009-11-09 17:15:27 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-11-04 15:30:14 16384 ----a-w- c:\docume~1\otter\applic~1\blank.exe

==================== Find3M ====================

2009-11-26 18:02:29 81984 ----a-w- c:\windows\system32\bdod.bin
2009-11-23 16:49:52 3920 -c--a-w- c:\docume~1\otter\applic~1\wklnhst.dat
2009-10-22 09:19:04 5939712 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-10-01 20:07:29 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-09-04 20:17:00 447216 ------w- c:\windows\system32\ZuneWlanCfgSvc.exe
2009-09-04 20:16:54 58592 ------w- c:\windows\system32\ZuneBusEnum.exe
2009-09-04 04:11:51 3532 ----a-w- C:\drmHeader.bin
2009-09-02 07:29:12 74240 ----a-w- c:\windows\system32\ZuneUsbTransport.dll
2009-09-02 07:29:10 57344 ----a-w- c:\windows\system32\ZuneRegUtil.dll
2009-09-02 07:29:10 18944 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll
2009-09-02 07:29:10 12800 ----a-w- c:\windows\system32\ZunePTDNS.dll
2009-09-02 07:29:02 310784 ----a-w- c:\windows\system32\ZuneNetProxy.dll
2009-09-02 07:29:00 147456 ----a-w- c:\windows\system32\ZuneMTPZ.dll
2009-09-02 07:28:58 70656 ----a-w- c:\windows\system32\ZuneIPTransport.dll

============= FINISH: 10:50:42.79 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-11-24.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 8/31/2007 6:45:04 PM
System Uptime: 11/26/2009 10:02:59 AM (0 hours ago)

Motherboard: Dell Inc. | | 0UW744
Processor: AMD Athlon™ 64 X2 Dual-Core Processor TK-53 | Socket M2/S1G1 | 1695/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 53 GiB total, 19.61 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP235: 8/15/2009 12:11:16 PM - Software Distribution Service 3.0
RP236: 8/22/2009 10:16:19 AM - Software Distribution Service 3.0
RP237: 8/24/2009 12:00:26 AM - Software Distribution Service 3.0
RP238: 8/25/2009 7:47:46 PM - Software Distribution Service 3.0
RP239: 8/26/2009 10:49:36 PM - Software Distribution Service 3.0
RP240: 9/1/2009 8:33:05 PM - Software Distribution Service 3.0
RP241: 9/9/2009 10:09:38 AM - Software Distribution Service 3.0
RP242: 9/13/2009 8:55:49 AM - Software Distribution Service 3.0
RP243: 9/14/2009 7:25:47 AM - Software Distribution Service 3.0
RP244: 9/15/2009 8:59:59 AM - Software Distribution Service 3.0
RP245: 9/16/2009 6:08:15 PM - Installed Windows XP Wudf01009.
RP246: 10/1/2009 1:07:05 PM - Installed Windows XP winusb0100.
RP247: 10/16/2009 7:05:41 AM - Software Distribution Service 3.0
RP248: 11/4/2009 1:43:08 PM - System Checkpoint
RP249: 11/5/2009 1:43:35 PM - Software Distribution Service 3.0
RP250: 11/7/2009 3:20:28 PM - System Checkpoint
RP251: 11/9/2009 9:15:07 AM - Installed SUPERAntiSpyware Free Edition
RP252: 11/10/2009 10:21:39 PM - Software Distribution Service 3.0
RP253: 11/15/2009 8:45:38 PM - Removed SUPERAntiSpyware Free Edition
RP254: 11/15/2009 10:29:11 PM - Restore Operation
RP255: 11/24/2009 6:24:27 PM - Restore Operation
RP256: 11/24/2009 7:13:31 PM - Restore Operation
RP257: 11/24/2009 7:17:43 PM - Restore Operation
RP258: 11/24/2009 7:21:49 PM - Restore Operation
RP259: 11/25/2009 8:39:58 AM - Removed SUPERAntiSpyware Free Edition
RP260: 11/25/2009 12:40:57 PM - Software Distribution Service 3.0
RP261: 11/25/2009 4:49:51 PM - Restore Operation
RP262: 11/25/2009 4:52:05 PM - november 24
RP263: 11/25/2009 5:22:17 PM - Restore Operation
RP264: 11/25/2009 5:26:23 PM - Restore Operation
RP265: 11/25/2009 5:44:03 PM - Restore Operation
RP266: 11/25/2009 8:07:15 PM - Restore Operation
RP267: 11/25/2009 8:17:02 PM - Restore Operation
RP268: 11/26/2009 8:19:35 AM - Restore Operation
RP269: 11/26/2009 8:50:55 AM - Restore Operation
RP270: 11/26/2009 9:18:41 AM - Removed Bonjour
RP271: 11/26/2009 9:51:18 AM - Installed Java™ 6 Update 17

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1.3
AMD Processor Driver
AOLIcon
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATI Catalyst Control Center
ATI Display Driver
AutoUpdate
AVS Update Manager 1.0
BitDefender Antivirus 2009
Broadcom Management Programs
Choice Guard
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Wireless WLAN Card
Digital Line Detect
DivX Codec
DivX Converter
DivX Player
DivX Version Checker
DivX Web Player
Documentation & Support Launcher
EPSON CardMonitor
EPSON PhotoStarter3.0
EPSON Print CD
EPSON Printer Software
EPSON SPR300 Reference Guide
Full Tilt Poker
Games, Music, & Photos Launcher
GOM Player
Google Updater
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
iTunes
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 17
Junk Mail filter update
Learn2 Player (Uninstall Only)
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft WinUsb 1.0
Microsoft Works
Modem Helper
Move Networks Media Player for Internet Explorer
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
My Web Search (Webfetti)
NetWaiting
Picasa 2
Pivot Stickfigure Animator
PowerDVD 5.7
QuickSet
QuickTime
RealPlayer Basic
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
Sonic Activation Module
Sonic Update Manager
Synaptics Pointing Device Driver
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
Xvid 1.1.3 final uninstall
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)

==== Event Viewer Messages From Past Week ========

11/26/2009 8:58:24 AM, error: Service Control Manager [7034] - The BitDefender Virus Shield service terminated unexpectedly. It has done this 2 time(s).
11/26/2009 8:57:56 AM, error: Service Control Manager [7034] - The BitDefender Virus Shield service terminated unexpectedly. It has done this 1 time(s).
11/26/2009 8:23:53 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the VSSERV service.
11/25/2009 9:28:22 PM, error: Service Control Manager [7000] - The bdfsfltr service failed to start due to the following error: A device attached to the system is not functioning.
11/25/2009 9:28:22 PM, error: Service Control Manager [7000] - The bdfm service failed to start due to the following error: The system cannot find the file specified.
11/25/2009 8:40:45 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
11/25/2009 8:07:13 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
11/25/2009 7:21:02 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/25/2009 7:20:52 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
11/25/2009 7:20:19 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
11/25/2009 4:49:35 PM, error: ati2mtag [43015] - I2c return failed
11/25/2009 4:49:14 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
11/25/2009 4:49:14 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
11/25/2009 4:49:14 PM, error: ati2mtag [43016] - Not an EDID device
11/24/2009 7:42:44 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 00197EA03B22 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/24/2009 7:17:10 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
11/23/2009 8:32:29 AM, error: Service Control Manager [7000] - The My Web Search Service service failed to start due to the following error: The system cannot find the path specified.
11/23/2009 7:52:21 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'yixgsysguard.exe' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.

==== End Of File ===========================
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/26 11:02
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAF994000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\BJDFD1G4\dance[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\BJDFD1G4\whistling[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\BJDFD1G4\attach_ok[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\BJDFD1G4\hysterical[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\BJDFD1G4\icon3[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\BJDFD1G4\icon5[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\BJDFD1G4\mellow[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\BJDFD1G4\rte-dd-bg[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\BJDFD1G4\rte-email-button[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\BJDFD1G4\rte-extra[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\BJDFD1G4\rte-switch-editor[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\CY6TT1QC\mad[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\CY6TT1QC\icon10[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\CY6TT1QC\icon7[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\CY6TT1QC\icon8[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\CY6TT1QC\in_love[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\CY6TT1QC\rte-align-right[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\CY6TT1QC\rte-bbcode-help-sm[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\CY6TT1QC\rte-indent[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\CY6TT1QC\rte-list[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\CY6TT1QC\rte-redo[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\CY6TT1QC\rte-toggle-options[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\CY6TT1QC\rte-undo[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\CY6TT1QC\icon_open[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\FXZBF528\attach_logo[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\FXZBF528\attach_wait[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\FXZBF528\icon2[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\FXZBF528\rte-align-center[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\FXZBF528\crazy[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\FXZBF528\rte-list-numbered[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\FXZBF528\rte-outdent[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\QLMAS9QZ\rte-ipd-tag[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\QLMAS9QZ\wacko[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\QLMAS9QZ\ips_attach[1].js
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\QLMAS9QZ\thumbup[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\QLMAS9QZ\clapping[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\QLMAS9QZ\icon11[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\QLMAS9QZ\icon4[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Otter\Local Settings\Temporary Internet Files\Content.IE5\QLMAS9QZ\dry[1].gif
Status: Could not get file information (Error 0xc0000008)

SSDT
-------------------
#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys" at address 0xafe2fc90

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys" at address 0xafe2fd7e

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys" at address 0xafe2fbf4

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys" at address 0xafe2fec4

==EOF==

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:11:04 PM

Posted 01 December 2009 - 11:56 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 SpySentinel

SpySentinel

  • Staff Emeritus
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:10:04 PM

Posted 08 December 2009 - 10:37 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with the link to this thread.

Everyone else please start a new topic.
Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users