Jump to content

Help me check


Julius
 Share

Recommended Posts

Hello,

Sorry to post, i just want ask some help. I used the DDS script as instructed above which is the initial step. Actually I installed before the Malwarebyts free edition and removes some of its cookies and detected. But same problems still the searched result redirecting. can't find my old first port. My apology.

Here is the log of DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.6001.18000

Run by Lita at 11:31:29 on 2011-11-21

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1013.347 [GMT -8:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\rundll32.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Users\Lita\AppData\Local\Mozilla Firefox\firefox.exe

C:\Users\Lita\AppData\Local\Mozilla Firefox\plugin-container.exe

C:\Users\Lita\AppData\Local\Mozilla Firefox\plugin-container.exe

C:\Users\Lita\AppData\Roaming\Chikka Messenger\Chikka v.5\ChikkaLauncher.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files\dvdvideosoft\tbDVDV.dll

mURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files\dvdvideosoft\tbDVDV.dll

TB: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files\dvdvideosoft\tbDVDV.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 218.186.1.58 202.156.1.58 218.186.1.38

TCP: Interfaces\{DCFB3FAC-26AD-4BBA-8D16-FD9CED8AB40B} : DhcpNameServer = 218.186.1.58 202.156.1.58 218.186.1.38

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

============= SERVICES / DRIVERS ===============

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-8-29 232512]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

R1 MpKsl8e3880c7;MpKsl8e3880c7;c:\programdata\microsoft\microsoft antimalware\definition updates\{8d7575a4-247c-4dbb-89b7-3dae1528abec}\MpKsl8e3880c7.sys

[2011-11-21 28752]

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2011-8-26 158512]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2011-8-26 90928]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2011-9-15 94880]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2011-8-15 104752]

R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2011-8-15 116016]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-29 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-29 136176]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-6-10 9216]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

.

=============== Created Last 30 ================

.

2011-11-21 17:21:03 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8d7575a4-247c-4dbb-89b7-3dae1528abec}

\MpKsl8e3880c7.sys

2011-11-21 17:21:01 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8d7575a4-247c-4dbb-89b7-3dae1528abec}

\offreg.dll

2011-11-20 23:45:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2011-11-20 23:45:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2011-11-20 23:45:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2011-11-20 23:45:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2011-11-20 23:45:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2011-11-20 23:45:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2011-11-20 23:45:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2011-11-20 23:39:58 -------- d-----w- c:\program files\iPod

2011-11-20 23:32:24 -------- d-----w- c:\program files\Bonjour

2011-11-20 23:30:31 -------- d-----w- c:\users\lita\appdata\local\Apple

2011-11-20 22:06:44 -------- d-----w- c:\users\lita\appdata\local\Apple Computer

2011-11-20 21:52:19 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8d7575a4-247c-4dbb-89b7-3dae1528abec}

\mpengine.dll

2011-11-19 22:50:40 -------- d-----w- c:\users\lita\appdata\local\Adobe

2011-11-19 08:29:32 -------- d-----w- c:\users\lita\appdata\local\Facebook

2011-11-19 00:23:53 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-11-18 19:37:09 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2011-11-17 18:09:21 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{62c2848f-c165-41a7-bd1a-09f46e64dd0d}

\gapaengine.dll

2011-11-17 18:00:48 -------- d-----w- c:\program files\Microsoft Security Client

2011-11-17 17:58:59 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7459ddc9-c10e-4e32-8816-5201d2db9267}

\offreg.dll

2011-11-17 17:30:52 -------- d-----w- c:\users\lita\appdata\roaming\uTorrent

2011-11-17 17:30:52 -------- d-----w- c:\users\lita\appdata\local\uTorrent

2011-11-16 23:32:22 -------- d-----w- c:\users\lita\appdata\roaming\TeamViewer

2011-11-16 23:31:30 -------- d-----w- c:\users\lita\temp

2011-11-16 17:00:44 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7459ddc9-c10e-4e32-8816-5201d2db9267}

\mpengine.dll

2011-11-15 22:57:14 -------- d-----r- c:\program files\Skype

2011-11-14 00:13:11 -------- d-----w- c:\users\lita\appdata\roaming\mIRC

2011-11-14 00:13:11 -------- d-----w- C:\mIRC

2011-11-13 22:59:18 -------- d-----w- c:\users\lita\ChikkaV5

2011-11-13 22:58:31 -------- d-----w- c:\users\lita\appdata\roaming\Chikka Messenger

2011-11-13 04:57:56 -------- d-sh--w- C:\$RECYCLE.BIN

2011-11-13 03:54:08 98816 ----a-w- c:\windows\sed.exe

2011-11-13 03:54:08 518144 ----a-w- c:\windows\SWREG.exe

2011-11-13 03:54:08 256000 ----a-w- c:\windows\PEV.exe

2011-11-13 03:54:08 208896 ----a-w- c:\windows\MBR.exe

2011-11-13 03:52:50 -------- d-----w- C:\ComboFix

2011-11-11 19:01:13 -------- d-----w- c:\windows\system32\EventProviders

2011-11-11 02:36:11 -------- d-----w- c:\users\lita\appdata\local\CrashDumps

2011-11-10 22:58:10 -------- d-----w- c:\users\lita\appdata\roaming\Malwarebytes

2011-11-10 22:54:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-10 22:44:57 -------- d-----w- c:\programdata\Malwarebytes

2011-11-10 07:01:50 -------- d-----w- c:\users\lita\appdata\roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2011-11-09 23:25:11 -------- d-----w- c:\programdata\Norton

2011-11-09 22:09:54 125952 ----a-w- c:\windows\system32\srvsvc.dll

2011-11-09 22:09:53 17920 ----a-w- c:\windows\system32\netevent.dll

2011-11-09 22:08:50 378368 ----a-w- c:\windows\system32\winhttp.dll

2011-11-09 22:08:11 411136 ----a-w- c:\windows\system32\drivers\http.sys

2011-11-09 22:08:09 31232 ----a-w- c:\windows\system32\httpapi.dll

2011-11-09 22:08:07 24064 ----a-w- c:\windows\system32\nshhttp.dll

2011-11-09 18:04:54 -------- d-----w- c:\users\lita\appdata\local\Mozilla

2011-11-09 18:04:25 -------- d-----w- c:\users\lita\appdata\local\Mozilla Firefox

2011-11-09 17:56:46 -------- d-----w- c:\users\lita\appdata\roaming\OpenOffice.org

2011-11-09 17:48:40 -------- d-----w- c:\program files\JRE

2011-11-09 17:48:12 -------- d-----w- c:\program files\OpenOffice.org 3

2011-11-09 07:58:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-11-09 07:58:12 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-11-09 07:43:35 -------- d-----w- c:\users\lita\appdata\local\Google

2011-11-09 06:54:56 -------- d-----w- C:\logs

2011-11-08 19:22:53 -------- d-----w- c:\program files\Stamina

2011-11-07 20:49:54 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll

2011-11-07 20:42:13 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2011-11-07 20:42:13 49472 ----a-w- c:\windows\system32\netfxperf.dll

2011-11-07 20:42:13 297808 ----a-w- c:\windows\system32\mscoree.dll

2011-11-07 20:42:13 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2011-11-07 20:42:13 1130824 ----a-w- c:\windows\system32\dfshim.dll

2011-11-07 20:37:42 -------- d-----w- c:\program files\MSXML 4.0

2011-11-07 20:32:32 66048 ----a-w- c:\program files\windows mail\wabmig.exe

2011-11-07 20:32:32 515584 ----a-w- c:\program files\windows mail\wab.exe

2011-11-07 20:32:31 33280 ----a-w- c:\program files\windows mail\wabfind.dll

2011-11-07 20:30:16 69632 ----a-w- c:\windows\system32\drivers\bowser.sys

2011-11-07 20:30:05 72704 ----a-w- c:\windows\system32\fontsub.dll

2011-11-07 20:30:05 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-11-07 20:30:05 292864 ----a-w- c:\windows\system32\atmfd.dll

2011-11-07 20:30:04 10240 ----a-w- c:\windows\system32\dciman32.dll

2011-11-07 20:28:57 1399296 ----a-w- c:\windows\system32\msxml6.dll

2011-11-07 20:27:58 738816 ----a-w- c:\windows\system32\inetcomm.dll

2011-11-07 20:26:59 296960 ----a-w- c:\windows\system32\gdi32.dll

2011-11-07 20:25:54 67072 ----a-w- c:\windows\system32\asycfilt.dll

2011-11-07 20:25:50 281600 ----a-w- c:\windows\system32\raschap.dll

2011-11-07 20:25:50 244224 ----a-w- c:\windows\system32\rastls.dll

2011-11-07 20:25:44 443392 ----a-w- c:\windows\system32\win32spl.dll

2011-11-07 20:25:41 784896 ----a-w- c:\windows\system32\rpcrt4.dll

2011-11-07 20:25:37 81920 ----a-w- c:\windows\system32\iccvid.dll

2011-11-07 20:25:34 62464 ----a-w- c:\windows\system32\l3codeca.acm

2011-11-07 20:07:58 531968 ----a-w- c:\windows\system32\comctl32.dll

2011-11-07 20:07:54 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

2011-11-07 20:05:49 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2011-11-07 20:05:49 168960 ----a-w- c:\program files\windows media player\wmplayer.exe

2011-10-28 04:01:27 -------- d-----w- c:\programdata\Trymedia

2011-10-28 04:01:18 -------- d-----w- C:\GameHouse Games

2011-10-28 04:00:48 -------- d-----w- c:\program files\RealArcade

2011-10-27 22:45:22 213504 ----a-w- c:\windows\system32\msv1_0.dll

2011-10-24 22:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 22:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

==================== Find3M ====================

.

2011-10-03 13:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-03 07:04:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-16 07:12:19 222939138 ----a-w- C:\REGISTRYBACKUP.reg

2011-09-12 19:51:05 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2011-08-31 07:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-31 07:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-08-31 07:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-08-31 07:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-08-30 02:29:12 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

.

============= FINISH: 11:38:16.23 ===============

Attach.rar

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.