Jump to content

hijacked_in_Austin

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thank you in advance for any assistance that you might provide. As instructed, I have included DDS.txt file, Malwarebytes log and GMER log files DDS.txt: DDS (Ver_10-10-21.02) - NTFSx86 Run by Dugg Tankersley at 10:48:32.46 on Thu 10/28/2010 Internet Explorer: 8.0.6001.18702 ============== Running Processes =============== ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/ BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [P3000x_S2P] c:\program files\dell\dell laser mfp 1600n\psu\ScanToPc.exe mRun: [PaperPort PTD] c:\program files\dell\dell laser mfp 1600n\paperport\pptd40nt.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL Trusted Zone: agentxsites.com Trusted Zone: alamode.com Trusted Zone: appraiserxsites.com Trusted Zone: brokerxsites.com Trusted Zone: certmail.com Trusted Zone: inspectorxsites.com Trusted Zone: interflood.com Trusted Zone: internet Trusted Zone: listingsxpress.com Trusted Zone: mappoint.net Trusted Zone: mcafee.com Trusted Zone: mortgagexsites.com DPF: Extensity Client - hxxps://extensity-remote.johnsoncontrols.com/http/gatesbkg.corp.na.jci.com/extensity1/ext40.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813 DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} - hxxp://actris.mlxchange.com/4.3.03.47/Control/FileCruiser.cab DPF: {16FD824B-8E7B-11D2-9855-00802962956C} - hxxp://actris.mlxchange.com/4.3.03.47/Control/Specfile.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204 DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287779858265 DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://actris.mlxchange.com/4.3.03.47/Control/MLSClientUtils.cab DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} - hxxp://actris.mlxchange.com/4.3.03.47/Control/LiteGrid.cab DPF: {7A7537FC-5988-11D3-8B33-00104B9E5A4A} - hxxp://actris.mlxchange.com/4.3.03.47/Control/IRCWebPrint.cab DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://actris.mlxchange.com/5.1.01.9919/Control/IRCSharc.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {B198A72B-B4C3-42B5-B8DA-B364E76429AA} - hxxp://actris.mlxchange.com/4.3.03.47/Control/WebDog.cab DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5076/mcfscan.cab DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} - hxxp://actris.mlxchange.com/4.3.03.47/Control/AspCustomCtrls.cab DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://realist2.firstamres.com/mapviewer/mapviewer.cab DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} - hxxp://216.249.24.62/code/iPIX-ImageWell-ipix.cab Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL LSA: Notification Packages = :\WINDOW scecli scecli scecli scecli scecli scecli ============= SERVICES / DRIVERS =============== ============== File Associations =============== JSEFile=NOTEPAD.EXE %1 VBEFile=NOTEPAD.EXE %1 VBSFile=NOTEPAD.EXE %1 =============== Created Last 30 ================ 2010-10-26 14:59:58 86528 ----a-w- c:\windows\system32\dllcache\directdb.dll 2010-10-26 14:58:59 683520 ----a-w- c:\windows\system32\dllcache\inetcomm.dll 2010-10-26 14:57:59 1291264 ----a-w- c:\windows\system32\dllcache\quartz.dll 2010-10-26 14:56:59 337920 ----a-w- c:\windows\system32\dllcache\zipfldr.dll 2010-10-25 19:38:20 382464 ------w- c:\windows\system32\_004373_.tmp.dll 2010-10-25 19:38:08 2897920 ------w- c:\windows\system32\_004372_.tmp.dll 2010-10-23 13:04:50 -------- d-----w- c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$ 2010-10-23 11:40:14 274288 ----a-w- c:\windows\system32\mucltui.dll 2010-10-23 11:40:14 16736 ----a-w- c:\windows\system32\mucltui.dll.mui 2010-10-23 01:43:06 -------- d-----w- c:\docume~1\duggta~1\applic~1\SUPERAntiSpyware.com 2010-10-22 20:58:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2010-10-22 20:53:42 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-10-22 19:20:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-22 19:20:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-22 19:20:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-22 18:47:15 388096 ----a-r- c:\docume~1\duggta~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2010-10-22 00:18:05 -------- dc-h--w- c:\windows\ie8 2010-10-18 21:09:55 1409 ----a-w- c:\windows\QTFont.for 2010-10-18 18:55:58 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-10-18 18:55:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2010-10-17 20:43:28 511328 ----a-w- c:\program files\common files\microsoft shared\capicom\CAPICOM.DLL 2010-09-28 19:07:52 -------- d-----w- c:\documents and settings\dugg tankersley\Tracing 2010-09-28 19:03:48 82696 ----a-w- c:\windows\system32\lmdimon8.dll 2010-09-28 19:03:48 82184 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lmdippr8.dll 2010-09-28 19:03:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\Applications ==================== Find3M ==================== 2010-10-12 18:02:50 87688 ----a-w- c:\windows\system32\IncContxMenu.dll 2010-10-12 18:02:16 11776 ----a-w- c:\windows\system32\smrgdf.exe 2010-10-12 18:02:08 29696 ----a-w- c:\windows\system32\iolobtdfg.exe 2010-10-12 16:08:52 2233016 ----a-w- c:\windows\system32\Incinerator.dll 2010-09-05 12:34:50 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-09-05 12:34:50 423656 ----a-w- c:\windows\system32\deployJava1.dll ============= FINISH: 10:54:48.17 =============== mbam_log_2010_10_27__15_24_56_.txt Attach.zip
  2. I have run Super AntiSpyware but still have the redirect problem. Any thoughts? Thank you.
  3. Thank you. Tried this. Still redirects. What might be next?
  4. Thank you: 1.XP sp2 32 bit 2. McAfee Internet Security + Windows firewall (Super AntiSpam also installed but only manual activation) 3.MBAM = 1.46 4. not sure of definition version (MBAM only runs in SAFE mode) 5. Yes, netgear. Only 1 of 5 connected devices suffers redirect issues though have run hijack This log file, if helpful
  5. I am experiencing redirects from searches. I have run Malwarebytes (appears clean), I have run the .bat file that was offered in another posting yet still have redirects. What might be my next step? Thank you.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.