Jump to content

iris

Members
 View Profile  See their activity

  • Posts

    2

  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

838 profile views
  1. iris
    Hi Maniac, First of all thanks for your prompt response! I ran a scan with Malwarebytes Anti-Malware. It found something and got rid of it. Google was still redirecting me, so i downloaded DDS. Here are the logs: DDS (Ver_2012-10-14.05) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_35 Run by family at 21:56:53 on 2012-10-18 . ============== Running Processes ================ . C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe C:\Program Files\Lexmark 7300 Series\ezprint.exe C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\sm56hlpr.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80887&lng=en uURLSearchHooks: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton antivirus\engine\19.9.0.9\ips\ipsbho.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun mRun: [lxcimon.exe] "c:\program files\lexmark 7300 series\lxcimon.exe" mRun: [EzPrint] "c:\program files\lexmark 7300 series\ezprint.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet mRun: [RTHDCPL] RTHDCPL.EXE mRun: [skyTel] SkyTel.EXE mRun: [sMSERIAL] sm56hlpr.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [cryptocardRdpM2Mreg] rdpM2M.vbs mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\docume~1\family\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDriveAutoRun = dword:67108863 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1332259392686 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343935447968 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{377A72A3-97CF-415F-BB91-6129A571793A} : DHCPNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\family\application data\mozilla\firefox\profiles\o8myh830.default\ FF - prefs.js: browser.search.selectedEngine - Search Results FF - prefs.js: browser.startup.homepage - www.yahoo.com FF - prefs.js: keyword.URL - hxxp://search.fantastigames.com/web?src=ffb&appid=100&systemid=455&sr=0&q= FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll FF - plugin: c:\program files\mozilla firefox\plugins\npM2MPlugin.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll FF - ExtSQL: 2012-10-08 14:22; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} . ============= SERVICES / DRIVERS =============== . . =============== Created Last 30 ================ . 2012-10-18 18:34:58 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-18 18:34:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-10-18 17:40:18 98816 ----a-w- c:\windows\sed.exe 2012-10-18 17:40:18 256000 ----a-w- c:\windows\PEV.exe 2012-10-18 17:40:18 208896 ----a-w- c:\windows\MBR.exe 2012-10-18 17:00:52 -------- d-----w- C:\TDSSKiller_Quarantine 2012-10-17 20:21:12 37376 ----a-w- c:\program files\mozilla firefox\plugins\npM2MPlugin.dll 2012-10-17 20:21:05 -------- d-----w- c:\program files\CRYPTOCard 2012-10-10 22:46:21 -------- d-----w- c:\program files\PurePlay 2012-10-09 17:05:03 36864 ----a-w- c:\program files\mozilla firefox\plugins\nphssb.dll 2012-10-09 17:05:03 36864 ----a-w- C:\nphssb.dll 2012-10-09 17:05:03 184320 ----a-w- c:\windows\system32\OESICore.dll 2012-10-09 17:05:02 45056 ----a-w- c:\windows\system32\HSSICore.dll 2012-10-09 17:05:01 46480 ----a-w- c:\windows\system32\HS_live.ocx 2012-10-09 17:00:24 98136 ----a-w- c:\windows\gzip.exe 2012-10-09 17:00:02 -------- d-----w- c:\program files\Homestead 2012-10-09 02:24:56 10240 ----a-w- c:\windows\system32\m2mLog.dll 2012-10-08 18:22:14 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-10-08 18:22:14 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-10-07 02:43:29 -------- d-----w- c:\documents and settings\family\local settings\application data\NPE 2012-10-02 18:35:53 -------- d-----w- c:\documents and settings\family\application data\.purple 2012-10-02 18:34:54 -------- d-----w- c:\program files\Pidgin 2012-10-01 21:29:31 388216 ----a-w- c:\windows\system32\drivers\nav\1309000.009\symtdi.sys 2012-10-01 21:29:31 345208 ----a-w- c:\windows\system32\drivers\nav\1309000.009\symtdiv.sys 2012-10-01 21:29:31 318584 ----a-w- c:\windows\system32\drivers\nav\1309000.009\symnets.sys 2012-10-01 21:29:29 924320 ----a-w- c:\windows\system32\drivers\nav\1309000.009\symefa.sys 2012-10-01 21:29:28 574112 ----a-w- c:\windows\system32\drivers\nav\1309000.009\srtsp.sys 2012-10-01 21:29:28 340088 ----a-r- c:\windows\system32\drivers\nav\1309000.009\symds.sys 2012-10-01 21:29:28 32928 ----a-w- c:\windows\system32\drivers\nav\1309000.009\srtspx.sys 2012-10-01 21:29:28 149624 ----a-w- c:\windows\system32\drivers\nav\1309000.009\ironx86.sys 2012-10-01 21:29:27 132768 ----a-w- c:\windows\system32\drivers\nav\1309000.009\ccsetx86.sys 2012-10-01 21:28:36 8942 ----a-w- c:\windows\system32\drivers\nav\1309000.009\symvtcer.dat 2012-10-01 21:28:35 -------- d-----w- c:\windows\system32\drivers\nav\1309000.009 . ==================== Find3M ==================== . 2012-10-09 17:05:21 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-09 17:05:20 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-08 18:21:45 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-04 01:37:10 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL 2012-09-04 01:37:10 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2012-07-23 18:15:19 4269368 ----a-w- c:\windows\uninst.exe . ============= FINISH: 21:57:27.71 =============== AND . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-10-14.05) . . ==== Disk Partitions ========================= . . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) Adobe Shockwave Player 11.6 AIM for Windows Driver Genius Professional Edition Homestead SiteBuilder Java Auto Updater Java 6 Update 35 Lexmark 7300 Series Malwarebytes Anti-Malware version 1.65.1.1000 Marvell Miniport Driver Microsoft Application Error Reporting Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Software Update for Web Folders (English) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Motorola SM56 Speakerphone Modem Mozilla Firefox 14.0.1 (x86 en-US) Mozilla Maintenance Service Norton AntiVirus NVIDIA Control Panel 296.10 NVIDIA Drivers NVIDIA Graphics Driver 296.10 NVIDIA Install Application NVIDIA nView 136.18 NVIDIA Update Components Pidgin PurePlay Poker Realtek High Definition Audio Driver SafeNet Authentication Service Software Tools Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Shutterfly Express Uploader Skype™ 5.10 swMSM UltraISO Premium V9.36 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition Update for Windows Internet Explorer 8 (KB976662) VLC media player 2.0.1 WebFldrs XP Windows Internet Explorer 7 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 . ==== End Of File =========================== Again, thank you so much!
  2. iris
    Hi everyone, Most of the time I use Google, but I think any search engine is redirecting me to sites I didn't click on. Obviously it's some kind of malware. I've tried TDSSKiller and it found something, but I'm still getting redirected. I also tried Backdoor.Tidserv Removal Tool from Symantec. It didn't find anything. Now, I just found your forum and another person had the same problem, he was told to try ComboFix. I tried that as well and it found something. I saved the log as well (please find attached). But Google is still redirecting me. Please help, I am desperate. Any help will be greatly appreciated!!! Thank you so much. log.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.