Jump to content

jgull13

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

 Content Type 

Everything posted by jgull13

  1. jgull13
    Hello, I have managed to get infected by some form of a browser hijacker and cannot get rid of it. Whenever I search for anything using a search engine such as Google or Bing, the page with results gets displayed correctly, however, upon clicking on a result I get redirected to a different page. The page to which the browser redirects varies. At times the target page attempts to open a javascript file (search.js), which I obviously decline to do. The only surefire way to use the search engines now is to copy the link to which the engine points (not by "copy link", but by manually copying the green link underneath the search result), open a new tab and pasting the link there. I might also mention that I suspect that it is this very malware that rendered my Google Chrome completely useless (it crashes so often I had to switch to Mozilla) and that prevents me to install Windows 7 Service Pack 1 due to an unknown rights sharing violation. I usually am able to take care of my business myself, but this particular piece of malicious software has proven to be too much of a challenge for me. Please help... . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25 Run by MARK at 3:21:15 on 2011-06-30 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.2940.1675 [GMT 1:00] . AV: COMODO Antivirus *Disabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51} AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC} FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Windows\system32\svchost.exe -k NetworkService c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k apphost C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe C:\Windows\System32\tcpsvcs.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k iissvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Eraser\Eraser.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\sppsvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\KeyScrambler\KeyScrambler.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uInternet Settings,ProxyServer = 123.125.156.82:80 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [Google Update] "c:\users\mark\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [Eraser] "c:\progra~1\eraser\Eraser.exe" --atRestart mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [COMODO] c:\program files\comodo\comodo geekbuddy\CLPSLA.exe mRun: [CPA] c:\program files\comodo\comodo geekbuddy\VALA.exe mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h uPolicies-explorer: ClearRecentProgForNewUserInStartMenu = 1 (0x1) uPolicies-explorer: NoInstrumentation = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab TCP: DhcpNameServer = 10.0.0.1 TCP: Interfaces\{023CEC8E-FC65-44C0-AD56-C2003F865F71} : NameServer = 156.154.70.22,156.154.71.22 TCP: Interfaces\{023CEC8E-FC65-44C0-AD56-C2003F865F71} : DhcpNameServer = 10.0.0.1 TCP: Interfaces\{023CEC8E-FC65-44C0-AD56-C2003F865F71}\072796465677F6F646 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{023CEC8E-FC65-44C0-AD56-C2003F865F71}\244584572633D263D41593 : NameServer = 156.154.70.22,156.154.71.22 TCP: Interfaces\{023CEC8E-FC65-44C0-AD56-C2003F865F71}\244584572633D263D41593 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{023CEC8E-FC65-44C0-AD56-C2003F865F71}\2445F40756E6A7F6E656 : DhcpNameServer = 192.168.22.22 192.168.22.23 TCP: Interfaces\{023CEC8E-FC65-44C0-AD56-C2003F865F71}\87C6E62627F616462616E646 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{023CEC8E-FC65-44C0-AD56-C2003F865F71}\E696767616 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{0C904E8B-176C-44A1-B1B7-705092B20F3C} : NameServer = 156.154.70.22,156.154.71.22 TCP: Interfaces\{E9CE7E0A-EE1D-4AA0-AEAF-72F20D9186C1} : NameServer = 192.168.137.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Notify: igfxcui - igfxdev.dll AppInit_DLLs: c:\windows\system32\guard32.dll c:\windows\system32\guard32.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\xh1j5jx7.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\users\mark\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} FF - Ext: PimpZilla: {a02c0c70-605c-11da-8cd6-0800200c9a66} - %profile%\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66} FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa . ============= SERVICES / DRIVERS =============== . R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2011-5-2 19088] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-5-2 238960] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-5-2 37592] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264] R1 MpKsl2a8fcf3b;MpKsl2a8fcf3b;c:\programdata\microsoft\microsoft antimalware\definition updates\{b0acd2e9-1b7d-47a8-8928-316b145fbec1}\MpKsl2a8fcf3b.sys [2011-6-29 28752] R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2010-11-10 7168] R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-10-26 114952] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392] . =============== Created Last 30 ================ . 2011-06-29 22:26:01 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b0acd2e9-1b7d-47a8-8928-316b145fbec1}\MpKsl2a8fcf3b.sys 2011-06-29 20:45:42 7074640 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b0acd2e9-1b7d-47a8-8928-316b145fbec1}\mpengine.dll 2011-06-29 07:47:54 -------- d-----w- c:\windows\system32\SPReview 2011-06-27 11:33:42 -------- d-----w- c:\program files\RegCleaner 2011-06-27 01:44:57 98816 ----a-w- c:\windows\sed.exe 2011-06-27 01:44:57 518144 ----a-w- c:\windows\SWREG.exe 2011-06-27 01:44:57 256512 ----a-w- c:\windows\PEV.exe 2011-06-27 01:44:57 208896 ----a-w- c:\windows\MBR.exe 2011-06-27 01:44:45 -------- d-s---w- C:\ComboFix 2011-06-26 21:32:36 -------- d--h--w- C:\VritualRoot 2011-06-26 20:24:25 -------- d-----w- c:\users\mark\appdata\local\ElevatedDiagnostics 2011-06-26 20:20:57 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-26 20:20:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-26 02:31:24 -------- d-----w- c:\users\mark\appdata\local\COMODO 2011-06-23 20:32:52 -------- d-----w- c:\program files\Panda Security 2011-06-23 14:02:23 352641 ----a-w- c:\windows\system32\drivers\sfi.dat 2011-06-23 13:58:59 -------- d-----w- c:\programdata\Comodo 2011-06-23 13:58:51 -------- d-----w- c:\program files\COMODO 2011-06-20 23:24:45 63488 ----a-w- c:\windows\system32\drivers\wanarp.sys 2011-06-20 23:24:45 48128 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2011-06-20 23:08:25 -------- d-----w- c:\windows\CheckSur 2011-06-20 22:14:52 -------- d-----w- c:\windows\system32\wbem\repository 2011-06-20 14:26:34 -------- d-----w- c:\windows\system32\BestPractices 2011-06-20 14:26:32 -------- d-----w- C:\inetpub 2011-06-15 19:30:46 -------- d-----w- c:\users\mark\appdata\roaming\Malwarebytes 2011-06-15 19:30:19 -------- d-----w- c:\programdata\Malwarebytes 2011-06-15 09:41:27 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-06-15 09:41:25 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll 2011-06-15 09:41:18 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-06-15 04:42:02 311296 ----a-w- c:\windows\system32\drivers\srv.sys 2011-06-15 04:42:02 309760 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-15 04:42:01 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-15 04:41:54 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-15 04:41:53 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-15 04:41:44 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-15 04:41:41 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys 2011-06-15 04:41:38 740864 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-15 04:41:36 161792 ----a-w- c:\windows\system32\d3d10_1.dll 2011-06-15 04:39:58 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-15 04:39:57 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-15 04:39:56 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-07 11:35:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll 2011-06-07 07:48:33 24448 ----a-w- c:\windows\system32\drivers\rkhdrv40.sys 2011-06-07 07:47:11 -------- d-sh--w- C:\$RECYCLE.BIN 2011-06-07 07:47:07 -------- d-----w- c:\users\mark\appdata\local\temp 2011-06-05 14:56:54 -------- d-----w- c:\windows\system32\EventProviders 2011-06-04 17:52:28 -------- d-----w- C:\foo 2011-06-04 17:28:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ==================== Find3M ==================== . 2011-05-31 00:06:53 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-06 10:05:12 1700352 ----a-w- c:\windows\system32\gdiplus.dll 2011-05-02 19:36:44 37592 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2011-05-02 19:36:42 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2011-05-02 19:36:42 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys 2011-05-02 19:36:04 284744 ----a-w- c:\windows\system32\guard32.dll 2011-04-22 19:36:05 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-04-09 06:13:06 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-04-09 06:13:06 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-04-09 05:56:38 123904 ----a-w- c:\windows\system32\poqexec.exe . ============= FINISH: 3:25:55.82 =============== logs.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.