Jump to content

Julius

Members
 View Profile  See their activity

  • Posts

    2

  • Joined

  • Last visited

 Content Type 

Everything posted by Julius

  1. Julius
    Hello, Sorry to post, i just want ask some help. I used the DDS script as instructed above which is the initial step. Actually I installed before the Malwarebyts free edition and removes some of its cookies and detected. But same problems still the searched result redirecting. can't find my old first port. My apology. Here is the log of DDS: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.6001.18000 Run by Lita at 11:31:29 on 2011-11-21 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1013.347 [GMT -8:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\rundll32.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\Users\Lita\AppData\Local\Mozilla Firefox\firefox.exe C:\Users\Lita\AppData\Local\Mozilla Firefox\plugin-container.exe C:\Users\Lita\AppData\Local\Mozilla Firefox\plugin-container.exe C:\Users\Lita\AppData\Roaming\Chikka Messenger\Chikka v.5\ChikkaLauncher.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local mURLSearchHooks: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files\dvdvideosoft\tbDVDV.dll mURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files\dvdvideosoft\tbDVDV.dll TB: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files\dvdvideosoft\tbDVDV.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 218.186.1.58 202.156.1.58 218.186.1.38 TCP: Interfaces\{DCFB3FAC-26AD-4BBA-8D16-FD9CED8AB40B} : DhcpNameServer = 218.186.1.58 202.156.1.58 218.186.1.38 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ============= SERVICES / DRIVERS =============== . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-8-29 232512] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648] R1 MpKsl8e3880c7;MpKsl8e3880c7;c:\programdata\microsoft\microsoft antimalware\definition updates\{8d7575a4-247c-4dbb-89b7-3dae1528abec}\MpKsl8e3880c7.sys [2011-11-21 28752] R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2011-8-26 158512] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2011-8-26 90928] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2011-9-15 94880] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024] R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2011-8-15 104752] R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2011-8-15 116016] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-29 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-29 136176] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-6-10 9216] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?] . =============== Created Last 30 ================ . 2011-11-21 17:21:03 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8d7575a4-247c-4dbb-89b7-3dae1528abec} \MpKsl8e3880c7.sys 2011-11-21 17:21:01 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8d7575a4-247c-4dbb-89b7-3dae1528abec} \offreg.dll 2011-11-20 23:45:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2011-11-20 23:45:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2011-11-20 23:45:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2011-11-20 23:45:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2011-11-20 23:45:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2011-11-20 23:45:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2011-11-20 23:45:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2011-11-20 23:39:58 -------- d-----w- c:\program files\iPod 2011-11-20 23:32:24 -------- d-----w- c:\program files\Bonjour 2011-11-20 23:30:31 -------- d-----w- c:\users\lita\appdata\local\Apple 2011-11-20 22:06:44 -------- d-----w- c:\users\lita\appdata\local\Apple Computer 2011-11-20 21:52:19 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8d7575a4-247c-4dbb-89b7-3dae1528abec} \mpengine.dll 2011-11-19 22:50:40 -------- d-----w- c:\users\lita\appdata\local\Adobe 2011-11-19 08:29:32 -------- d-----w- c:\users\lita\appdata\local\Facebook 2011-11-19 00:23:53 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-11-18 19:37:09 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2011-11-17 18:09:21 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{62c2848f-c165-41a7-bd1a-09f46e64dd0d} \gapaengine.dll 2011-11-17 18:00:48 -------- d-----w- c:\program files\Microsoft Security Client 2011-11-17 17:58:59 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7459ddc9-c10e-4e32-8816-5201d2db9267} \offreg.dll 2011-11-17 17:30:52 -------- d-----w- c:\users\lita\appdata\roaming\uTorrent 2011-11-17 17:30:52 -------- d-----w- c:\users\lita\appdata\local\uTorrent 2011-11-16 23:32:22 -------- d-----w- c:\users\lita\appdata\roaming\TeamViewer 2011-11-16 23:31:30 -------- d-----w- c:\users\lita\temp 2011-11-16 17:00:44 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7459ddc9-c10e-4e32-8816-5201d2db9267} \mpengine.dll 2011-11-15 22:57:14 -------- d-----r- c:\program files\Skype 2011-11-14 00:13:11 -------- d-----w- c:\users\lita\appdata\roaming\mIRC 2011-11-14 00:13:11 -------- d-----w- C:\mIRC 2011-11-13 22:59:18 -------- d-----w- c:\users\lita\ChikkaV5 2011-11-13 22:58:31 -------- d-----w- c:\users\lita\appdata\roaming\Chikka Messenger 2011-11-13 04:57:56 -------- d-sh--w- C:\$RECYCLE.BIN 2011-11-13 03:54:08 98816 ----a-w- c:\windows\sed.exe 2011-11-13 03:54:08 518144 ----a-w- c:\windows\SWREG.exe 2011-11-13 03:54:08 256000 ----a-w- c:\windows\PEV.exe 2011-11-13 03:54:08 208896 ----a-w- c:\windows\MBR.exe 2011-11-13 03:52:50 -------- d-----w- C:\ComboFix 2011-11-11 19:01:13 -------- d-----w- c:\windows\system32\EventProviders 2011-11-11 02:36:11 -------- d-----w- c:\users\lita\appdata\local\CrashDumps 2011-11-10 22:58:10 -------- d-----w- c:\users\lita\appdata\roaming\Malwarebytes 2011-11-10 22:54:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-11-10 22:44:57 -------- d-----w- c:\programdata\Malwarebytes 2011-11-10 07:01:50 -------- d-----w- c:\users\lita\appdata\roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2011-11-09 23:25:11 -------- d-----w- c:\programdata\Norton 2011-11-09 22:09:54 125952 ----a-w- c:\windows\system32\srvsvc.dll 2011-11-09 22:09:53 17920 ----a-w- c:\windows\system32\netevent.dll 2011-11-09 22:08:50 378368 ----a-w- c:\windows\system32\winhttp.dll 2011-11-09 22:08:11 411136 ----a-w- c:\windows\system32\drivers\http.sys 2011-11-09 22:08:09 31232 ----a-w- c:\windows\system32\httpapi.dll 2011-11-09 22:08:07 24064 ----a-w- c:\windows\system32\nshhttp.dll 2011-11-09 18:04:54 -------- d-----w- c:\users\lita\appdata\local\Mozilla 2011-11-09 18:04:25 -------- d-----w- c:\users\lita\appdata\local\Mozilla Firefox 2011-11-09 17:56:46 -------- d-----w- c:\users\lita\appdata\roaming\OpenOffice.org 2011-11-09 17:48:40 -------- d-----w- c:\program files\JRE 2011-11-09 17:48:12 -------- d-----w- c:\program files\OpenOffice.org 3 2011-11-09 07:58:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-11-09 07:58:12 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-11-09 07:43:35 -------- d-----w- c:\users\lita\appdata\local\Google 2011-11-09 06:54:56 -------- d-----w- C:\logs 2011-11-08 19:22:53 -------- d-----w- c:\program files\Stamina 2011-11-07 20:49:54 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll 2011-11-07 20:42:13 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2011-11-07 20:42:13 49472 ----a-w- c:\windows\system32\netfxperf.dll 2011-11-07 20:42:13 297808 ----a-w- c:\windows\system32\mscoree.dll 2011-11-07 20:42:13 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2011-11-07 20:42:13 1130824 ----a-w- c:\windows\system32\dfshim.dll 2011-11-07 20:37:42 -------- d-----w- c:\program files\MSXML 4.0 2011-11-07 20:32:32 66048 ----a-w- c:\program files\windows mail\wabmig.exe 2011-11-07 20:32:32 515584 ----a-w- c:\program files\windows mail\wab.exe 2011-11-07 20:32:31 33280 ----a-w- c:\program files\windows mail\wabfind.dll 2011-11-07 20:30:16 69632 ----a-w- c:\windows\system32\drivers\bowser.sys 2011-11-07 20:30:05 72704 ----a-w- c:\windows\system32\fontsub.dll 2011-11-07 20:30:05 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-11-07 20:30:05 292864 ----a-w- c:\windows\system32\atmfd.dll 2011-11-07 20:30:04 10240 ----a-w- c:\windows\system32\dciman32.dll 2011-11-07 20:28:57 1399296 ----a-w- c:\windows\system32\msxml6.dll 2011-11-07 20:27:58 738816 ----a-w- c:\windows\system32\inetcomm.dll 2011-11-07 20:26:59 296960 ----a-w- c:\windows\system32\gdi32.dll 2011-11-07 20:25:54 67072 ----a-w- c:\windows\system32\asycfilt.dll 2011-11-07 20:25:50 281600 ----a-w- c:\windows\system32\raschap.dll 2011-11-07 20:25:50 244224 ----a-w- c:\windows\system32\rastls.dll 2011-11-07 20:25:44 443392 ----a-w- c:\windows\system32\win32spl.dll 2011-11-07 20:25:41 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2011-11-07 20:25:37 81920 ----a-w- c:\windows\system32\iccvid.dll 2011-11-07 20:25:34 62464 ----a-w- c:\windows\system32\l3codeca.acm 2011-11-07 20:07:58 531968 ----a-w- c:\windows\system32\comctl32.dll 2011-11-07 20:07:54 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2011-11-07 20:05:49 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2011-11-07 20:05:49 168960 ----a-w- c:\program files\windows media player\wmplayer.exe 2011-10-28 04:01:27 -------- d-----w- c:\programdata\Trymedia 2011-10-28 04:01:18 -------- d-----w- C:\GameHouse Games 2011-10-28 04:00:48 -------- d-----w- c:\program files\RealArcade 2011-10-27 22:45:22 213504 ----a-w- c:\windows\system32\msv1_0.dll 2011-10-24 22:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 22:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts . ==================== Find3M ==================== . 2011-10-03 13:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-03 07:04:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-09-16 07:12:19 222939138 ----a-w- C:\REGISTRYBACKUP.reg 2011-09-12 19:51:05 2560 ----a-w- c:\windows\_MSRSTRT.EXE 2011-08-31 07:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe 2011-08-31 07:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll 2011-08-31 07:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll 2011-08-31 07:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll 2011-08-30 02:29:12 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys . ============= FINISH: 11:38:16.23 =============== Attach.rar
  2. Julius
    Hello, Just want to say thank you in advance and sorry to post this just wanted to ask some help. Actually i got already an initial help with this in MS forum: http://answers.microsoft.com/en-us/ie/forum/ie8-windows_vista/everytime-i-search-using-internet-explorer-or/efb1d0b2-701b-4157-8304-12a3079786da?page=1&tm=1321825619844&lc=1033 But it seems I am hopeless. I followed there steps and perform the task but seem like same problem i Got encountered I run combofix, spybot, MS Essentials, Malwaysbyts. But sorry i already uninstall these softwares. Malwarebyts detected so many bad tracking cookies and I removed it but Still the same problem. When that time I installed the Malwarebyts actually it always block some IP's and ports and its using sometimes IEXPLORE my skype. I believed i was exploited. I even update the MS Patch online. Seems I am looking until now for the fix without repairing the OS cause the Original CD is gone already. Please help and thanks in advance. ComboFix.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.