Jump to content

Google redirecting


iris

Recommended Posts

Hi everyone,

Most of the time I use Google, but I think any search engine is redirecting me to sites I didn't click on. Obviously it's some kind of malware. I've tried TDSSKiller and it found something, but I'm still getting redirected. I also tried Backdoor.Tidserv Removal Tool from Symantec. It didn't find anything. Now, I just found your forum and another person had the same problem, he was told to try ComboFix. I tried that as well and it found something. I saved the log as well (please find attached). But Google is still redirecting me.

Please help, I am desperate.

Any help will be greatly appreciated!!!

Thank you so much.

log.txt

Link to post
Share on other sites

Hello iris and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please do not run this tool without special supervision and instruction of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here . Now, please manually delete ComboFix.exe.

Then follow the instructions here and post the log files in your next reply:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

Hi Maniac,

First of all thanks for your prompt response!

I ran a scan with Malwarebytes Anti-Malware. It found something and got rid of it. Google was still redirecting me, so i downloaded DDS.

Here are the logs:

DDS (Ver_2012-10-14.05) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_35

Run by family at 21:56:53 on 2012-10-18

.

============== Running Processes ================

.

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe

C:\Program Files\Lexmark 7300 Series\ezprint.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\sm56hlpr.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80887&lng=en

uURLSearchHooks: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton antivirus\engine\19.9.0.9\ips\ipsbho.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

mRun: [lxcimon.exe] "c:\program files\lexmark 7300 series\lxcimon.exe"

mRun: [EzPrint] "c:\program files\lexmark 7300 series\ezprint.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [sMSERIAL] sm56hlpr.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [cryptocardRdpM2Mreg] rdpM2M.vbs

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\docume~1\family\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1332259392686

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343935447968

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{377A72A3-97CF-415F-BB91-6129A571793A} : DHCPNameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\family\application data\mozilla\firefox\profiles\o8myh830.default\

FF - prefs.js: browser.search.selectedEngine - Search Results

FF - prefs.js: browser.startup.homepage - www.yahoo.com

FF - prefs.js: keyword.URL - hxxp://search.fantastigames.com/web?src=ffb&appid=100&systemid=455&sr=0&q=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npM2MPlugin.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

FF - ExtSQL: 2012-10-08 14:22; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

.

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

2012-10-18 18:34:58 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-18 18:34:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-10-18 17:40:18 98816 ----a-w- c:\windows\sed.exe

2012-10-18 17:40:18 256000 ----a-w- c:\windows\PEV.exe

2012-10-18 17:40:18 208896 ----a-w- c:\windows\MBR.exe

2012-10-18 17:00:52 -------- d-----w- C:\TDSSKiller_Quarantine

2012-10-17 20:21:12 37376 ----a-w- c:\program files\mozilla firefox\plugins\npM2MPlugin.dll

2012-10-17 20:21:05 -------- d-----w- c:\program files\CRYPTOCard

2012-10-10 22:46:21 -------- d-----w- c:\program files\PurePlay

2012-10-09 17:05:03 36864 ----a-w- c:\program files\mozilla firefox\plugins\nphssb.dll

2012-10-09 17:05:03 36864 ----a-w- C:\nphssb.dll

2012-10-09 17:05:03 184320 ----a-w- c:\windows\system32\OESICore.dll

2012-10-09 17:05:02 45056 ----a-w- c:\windows\system32\HSSICore.dll

2012-10-09 17:05:01 46480 ----a-w- c:\windows\system32\HS_live.ocx

2012-10-09 17:00:24 98136 ----a-w- c:\windows\gzip.exe

2012-10-09 17:00:02 -------- d-----w- c:\program files\Homestead

2012-10-09 02:24:56 10240 ----a-w- c:\windows\system32\m2mLog.dll

2012-10-08 18:22:14 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-10-08 18:22:14 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-10-07 02:43:29 -------- d-----w- c:\documents and settings\family\local settings\application data\NPE

2012-10-02 18:35:53 -------- d-----w- c:\documents and settings\family\application data\.purple

2012-10-02 18:34:54 -------- d-----w- c:\program files\Pidgin

2012-10-01 21:29:31 388216 ----a-w- c:\windows\system32\drivers\nav\1309000.009\symtdi.sys

2012-10-01 21:29:31 345208 ----a-w- c:\windows\system32\drivers\nav\1309000.009\symtdiv.sys

2012-10-01 21:29:31 318584 ----a-w- c:\windows\system32\drivers\nav\1309000.009\symnets.sys

2012-10-01 21:29:29 924320 ----a-w- c:\windows\system32\drivers\nav\1309000.009\symefa.sys

2012-10-01 21:29:28 574112 ----a-w- c:\windows\system32\drivers\nav\1309000.009\srtsp.sys

2012-10-01 21:29:28 340088 ----a-r- c:\windows\system32\drivers\nav\1309000.009\symds.sys

2012-10-01 21:29:28 32928 ----a-w- c:\windows\system32\drivers\nav\1309000.009\srtspx.sys

2012-10-01 21:29:28 149624 ----a-w- c:\windows\system32\drivers\nav\1309000.009\ironx86.sys

2012-10-01 21:29:27 132768 ----a-w- c:\windows\system32\drivers\nav\1309000.009\ccsetx86.sys

2012-10-01 21:28:36 8942 ----a-w- c:\windows\system32\drivers\nav\1309000.009\symvtcer.dat

2012-10-01 21:28:35 -------- d-----w- c:\windows\system32\drivers\nav\1309000.009

.

==================== Find3M ====================

.

2012-10-09 17:05:21 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-09 17:05:20 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-08 18:21:45 473072 ----a-w- c:\windows\system32\deployJava1.dll

2012-09-04 01:37:10 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL

2012-09-04 01:37:10 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2012-07-23 18:15:19 4269368 ----a-w- c:\windows\uninst.exe

.

============= FINISH: 21:57:27.71 ===============

AND

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-10-14.05)

.

.

==== Disk Partitions =========================

.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

Adobe Shockwave Player 11.6

AIM for Windows

Driver Genius Professional Edition

Homestead SiteBuilder

Java Auto Updater

Java 6 Update 35

Lexmark 7300 Series

Malwarebytes Anti-Malware version 1.65.1.1000

Marvell Miniport Driver

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Motorola SM56 Speakerphone Modem

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

Norton AntiVirus

NVIDIA Control Panel 296.10

NVIDIA Drivers

NVIDIA Graphics Driver 296.10

NVIDIA Install Application

NVIDIA nView 136.18

NVIDIA Update Components

Pidgin

PurePlay Poker

Realtek High Definition Audio Driver

SafeNet Authentication Service Software Tools

Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Shutterfly Express Uploader

Skype™ 5.10

swMSM

UltraISO Premium V9.36

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition

Update for Windows Internet Explorer 8 (KB976662)

VLC media player 2.0.1

WebFldrs XP

Windows Internet Explorer 7

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

.

==== End Of File ===========================

Again, thank you so much!

Link to post
Share on other sites

  • 3 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.