iris
-
Posts
2 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by iris
-
-
Hi everyone,
Most of the time I use Google, but I think any search engine is redirecting me to sites I didn't click on. Obviously it's some kind of malware. I've tried TDSSKiller and it found something, but I'm still getting redirected. I also tried Backdoor.Tidserv Removal Tool from Symantec. It didn't find anything. Now, I just found your forum and another person had the same problem, he was told to try ComboFix. I tried that as well and it found something. I saved the log as well (please find attached). But Google is still redirecting me.
Please help, I am desperate.
Any help will be greatly appreciated!!!
Thank you so much.
Google redirecting
in Resolved Malware Removal Logs
Posted
Hi Maniac,
First of all thanks for your prompt response!
I ran a scan with Malwarebytes Anti-Malware. It found something and got rid of it. Google was still redirecting me, so i downloaded DDS.
Here are the logs:
DDS (Ver_2012-10-14.05) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_35
Run by family at 21:56:53 on 2012-10-18
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe
C:\Program Files\Lexmark 7300 Series\ezprint.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80887&lng=en
uURLSearchHooks: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton antivirus\engine\19.9.0.9\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [lxcimon.exe] "c:\program files\lexmark 7300 series\lxcimon.exe"
mRun: [EzPrint] "c:\program files\lexmark 7300 series\ezprint.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [skyTel] SkyTel.EXE
mRun: [sMSERIAL] sm56hlpr.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [cryptocardRdpM2Mreg] rdpM2M.vbs
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\family\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1332259392686
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343935447968
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{377A72A3-97CF-415F-BB91-6129A571793A} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\family\application data\mozilla\firefox\profiles\o8myh830.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.fantastigames.com/web?src=ffb&appid=100&systemid=455&sr=0&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npM2MPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2012-10-08 14:22; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-10-18 18:34:58 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-18 18:34:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-18 17:40:18 98816 ----a-w- c:\windows\sed.exe
2012-10-18 17:40:18 256000 ----a-w- c:\windows\PEV.exe
2012-10-18 17:40:18 208896 ----a-w- c:\windows\MBR.exe
2012-10-18 17:00:52 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-17 20:21:12 37376 ----a-w- c:\program files\mozilla firefox\plugins\npM2MPlugin.dll
2012-10-17 20:21:05 -------- d-----w- c:\program files\CRYPTOCard
2012-10-10 22:46:21 -------- d-----w- c:\program files\PurePlay
2012-10-09 17:05:03 36864 ----a-w- c:\program files\mozilla firefox\plugins\nphssb.dll
2012-10-09 17:05:03 36864 ----a-w- C:\nphssb.dll
2012-10-09 17:05:03 184320 ----a-w- c:\windows\system32\OESICore.dll
2012-10-09 17:05:02 45056 ----a-w- c:\windows\system32\HSSICore.dll
2012-10-09 17:05:01 46480 ----a-w- c:\windows\system32\HS_live.ocx
2012-10-09 17:00:24 98136 ----a-w- c:\windows\gzip.exe
2012-10-09 17:00:02 -------- d-----w- c:\program files\Homestead
2012-10-09 02:24:56 10240 ----a-w- c:\windows\system32\m2mLog.dll
2012-10-08 18:22:14 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-08 18:22:14 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-10-07 02:43:29 -------- d-----w- c:\documents and settings\family\local settings\application data\NPE
2012-10-02 18:35:53 -------- d-----w- c:\documents and settings\family\application data\.purple
2012-10-02 18:34:54 -------- d-----w- c:\program files\Pidgin
2012-10-01 21:29:31 388216 ----a-w- c:\windows\system32\drivers\nav\1309000.009\symtdi.sys
2012-10-01 21:29:31 345208 ----a-w- c:\windows\system32\drivers\nav\1309000.009\symtdiv.sys
2012-10-01 21:29:31 318584 ----a-w- c:\windows\system32\drivers\nav\1309000.009\symnets.sys
2012-10-01 21:29:29 924320 ----a-w- c:\windows\system32\drivers\nav\1309000.009\symefa.sys
2012-10-01 21:29:28 574112 ----a-w- c:\windows\system32\drivers\nav\1309000.009\srtsp.sys
2012-10-01 21:29:28 340088 ----a-r- c:\windows\system32\drivers\nav\1309000.009\symds.sys
2012-10-01 21:29:28 32928 ----a-w- c:\windows\system32\drivers\nav\1309000.009\srtspx.sys
2012-10-01 21:29:28 149624 ----a-w- c:\windows\system32\drivers\nav\1309000.009\ironx86.sys
2012-10-01 21:29:27 132768 ----a-w- c:\windows\system32\drivers\nav\1309000.009\ccsetx86.sys
2012-10-01 21:28:36 8942 ----a-w- c:\windows\system32\drivers\nav\1309000.009\symvtcer.dat
2012-10-01 21:28:35 -------- d-----w- c:\windows\system32\drivers\nav\1309000.009
.
==================== Find3M ====================
.
2012-10-09 17:05:21 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 17:05:20 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-08 18:21:45 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-04 01:37:10 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-09-04 01:37:10 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-07-23 18:15:19 4269368 ----a-w- c:\windows\uninst.exe
.
============= FINISH: 21:57:27.71 ===============
AND
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-14.05)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
AIM for Windows
Driver Genius Professional Edition
Homestead SiteBuilder
Java Auto Updater
Java 6 Update 35
Lexmark 7300 Series
Malwarebytes Anti-Malware version 1.65.1.1000
Marvell Miniport Driver
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Motorola SM56 Speakerphone Modem
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
Norton AntiVirus
NVIDIA Control Panel 296.10
NVIDIA Drivers
NVIDIA Graphics Driver 296.10
NVIDIA Install Application
NVIDIA nView 136.18
NVIDIA Update Components
Pidgin
PurePlay Poker
Realtek High Definition Audio Driver
SafeNet Authentication Service Software Tools
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Shutterfly Express Uploader
Skype™ 5.10
swMSM
UltraISO Premium V9.36
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB976662)
VLC media player 2.0.1
WebFldrs XP
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== End Of File ===========================
Again, thank you so much!