Jump to content

Browser Redirect in Austin


Recommended Posts

Thank you in advance for any assistance that you might provide.

As instructed, I have included DDS.txt file, Malwarebytes log and GMER log files

DDS.txt:

DDS (Ver_10-10-21.02) - NTFSx86

Run by Dugg Tankersley at 10:48:32.46 on Thu 10/28/2010

Internet Explorer: 8.0.6001.18702

============== Running Processes ===============

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [P3000x_S2P] c:\program files\dell\dell laser mfp 1600n\psu\ScanToPc.exe

mRun: [PaperPort PTD] c:\program files\dell\dell laser mfp 1600n\paperport\pptd40nt.exe

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

Trusted Zone: agentxsites.com

Trusted Zone: alamode.com

Trusted Zone: appraiserxsites.com

Trusted Zone: brokerxsites.com

Trusted Zone: certmail.com

Trusted Zone: inspectorxsites.com

Trusted Zone: interflood.com

Trusted Zone: internet

Trusted Zone: listingsxpress.com

Trusted Zone: mappoint.net

Trusted Zone: mcafee.com

Trusted Zone: mortgagexsites.com

DPF: Extensity Client - hxxps://extensity-remote.johnsoncontrols.com/http/gatesbkg.corp.na.jci.com/extensity1/ext40.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813

DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} - hxxp://actris.mlxchange.com/4.3.03.47/Control/FileCruiser.cab

DPF: {16FD824B-8E7B-11D2-9855-00802962956C} - hxxp://actris.mlxchange.com/4.3.03.47/Control/Specfile.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287779858265

DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://actris.mlxchange.com/4.3.03.47/Control/MLSClientUtils.cab

DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} - hxxp://actris.mlxchange.com/4.3.03.47/Control/LiteGrid.cab

DPF: {7A7537FC-5988-11D3-8B33-00104B9E5A4A} - hxxp://actris.mlxchange.com/4.3.03.47/Control/IRCWebPrint.cab

DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://actris.mlxchange.com/5.1.01.9919/Control/IRCSharc.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {B198A72B-B4C3-42B5-B8DA-B364E76429AA} - hxxp://actris.mlxchange.com/4.3.03.47/Control/WebDog.cab

DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab

DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5076/mcfscan.cab

DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} - hxxp://actris.mlxchange.com/4.3.03.47/Control/AspCustomCtrls.cab

DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://realist2.firstamres.com/mapviewer/mapviewer.cab

DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} - hxxp://216.249.24.62/code/iPIX-ImageWell-ipix.cab

Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll

WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll

WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll

WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll

WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll

WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll

WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

LSA: Notification Packages = :\WINDOW scecli scecli scecli scecli scecli scecli

============= SERVICES / DRIVERS ===============

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2010-10-26 14:59:58 86528 ----a-w- c:\windows\system32\dllcache\directdb.dll

2010-10-26 14:58:59 683520 ----a-w- c:\windows\system32\dllcache\inetcomm.dll

2010-10-26 14:57:59 1291264 ----a-w- c:\windows\system32\dllcache\quartz.dll

2010-10-26 14:56:59 337920 ----a-w- c:\windows\system32\dllcache\zipfldr.dll

2010-10-25 19:38:20 382464 ------w- c:\windows\system32\_004373_.tmp.dll

2010-10-25 19:38:08 2897920 ------w- c:\windows\system32\_004372_.tmp.dll

2010-10-23 13:04:50 -------- d-----w- c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$

2010-10-23 11:40:14 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-10-23 11:40:14 16736 ----a-w- c:\windows\system32\mucltui.dll.mui

2010-10-23 01:43:06 -------- d-----w- c:\docume~1\duggta~1\applic~1\SUPERAntiSpyware.com

2010-10-22 20:58:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-10-22 20:53:42 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-10-22 19:20:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-22 19:20:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-22 19:20:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-22 18:47:15 388096 ----a-r- c:\docume~1\duggta~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2010-10-22 00:18:05 -------- dc-h--w- c:\windows\ie8

2010-10-18 21:09:55 1409 ----a-w- c:\windows\QTFont.for

2010-10-18 18:55:58 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-10-18 18:55:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2010-10-17 20:43:28 511328 ----a-w- c:\program files\common files\microsoft shared\capicom\CAPICOM.DLL

2010-09-28 19:07:52 -------- d-----w- c:\documents and settings\dugg tankersley\Tracing

2010-09-28 19:03:48 82696 ----a-w- c:\windows\system32\lmdimon8.dll

2010-09-28 19:03:48 82184 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lmdippr8.dll

2010-09-28 19:03:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\Applications

==================== Find3M ====================

2010-10-12 18:02:50 87688 ----a-w- c:\windows\system32\IncContxMenu.dll

2010-10-12 18:02:16 11776 ----a-w- c:\windows\system32\smrgdf.exe

2010-10-12 18:02:08 29696 ----a-w- c:\windows\system32\iolobtdfg.exe

2010-10-12 16:08:52 2233016 ----a-w- c:\windows\system32\Incinerator.dll

2010-09-05 12:34:50 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-09-05 12:34:50 423656 ----a-w- c:\windows\system32\deployJava1.dll

============= FINISH: 10:54:48.17 ===============

mbam_log_2010_10_27__15_24_56_.txt

Attach.zip

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.