Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Virus - Can't seem to even detect it


  • This topic is locked This topic is locked
2 replies to this topic

#1 Darklegion

Darklegion

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 07 January 2011 - 11:28 PM

Hi, I discovered this website while searching around for various ways to help my problem. I've turned to the professionals here before I go to my last resort and reformat my machine. My problem has me being redirected to websites like scour.com whenever I click a google search result on any browser. Whenever I start my browser I get a prompt asking if I'd like to set it as my default browser (which always persists since I've had this redirecting problem.) I've tried plenty of malwarebytes, hitman pro 3.5 and ad-aware scans but failed in remedying my problem. I've also attempted to try TDSS killer but couldn't get it to boot. I've even tried renaming it and changing the extension. Please help me get rid of this problem because I really need my computer to fill out college applications and etc. Here is my dds log and attachments.



DDS (Ver_10-12-12.02) - NTFSx86
Run by Owner at 22:08:20.50 on Fri 01/07/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13

============== Running Processes ===============

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunServices: [RegisterDropHandler] c:\progra~1\scansoft\textbr~1.0\bin\REGIST~1.EXE
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1225223496328
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\uxi1oq4n.default\
FF - prefs.js: browser.startup.homepage - hxxp://gamefaqs.com
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {35100F66-8826-4D58-8328-38E81F039B9E} - c:\documents and settings\owner\local settings\application data\{35100F66-8826-4D58-8328-38E81F039B9E}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R? NDISKIO;NDISKIO
R? pmxscan;PrimaScan USB Kernel
R? PsSdk30;PsSdk30
R? rjawa;rjawa
S? Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service
S? Lavasoft Kernexplorer;Lavasoft helper driver
S? Lbd;Lbd
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? Viewpoint Manager Service;Viewpoint Manager Service

=============== Created Last 30 ================

2011-01-08 02:57:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-01-08 02:57:30 -------- d-----w- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2011-01-08 02:55:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-08 02:32:10 -------- d-sh--w- c:\documents and settings\owner\PrivacIE
2011-01-08 02:29:20 -------- d-sh--w- c:\documents and settings\owner\IETldCache
2011-01-07 00:28:24 -------- d-----w- c:\windows\ie8updates
2011-01-07 00:23:29 -------- dc-h--w- c:\windows\ie8
2011-01-07 00:20:47 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-01-07 00:20:47 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-01-07 00:20:47 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-01-07 00:20:45 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-01-07 00:20:45 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-01-07 00:20:44 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-01-07 00:20:38 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-01-07 00:03:09 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-01-06 22:29:04 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-01-06 22:28:56 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-01-06 22:20:02 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Sunbelt Software
2011-01-06 22:18:44 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-01-06 22:16:01 -------- d-----w- c:\program files\Lavasoft
2011-01-06 00:17:43 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-01-06 00:17:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2011-01-05 23:54:18 -------- d-----w- c:\program files\SpywareBlaster
2011-01-05 23:43:22 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Temp
2011-01-05 23:43:15 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Google
2011-01-01 20:55:53 53248 ----a-w- c:\windows\system32\drivers\sst5F.sys
2011-01-01 20:55:53 0 ----a-w- c:\windows\system32\drivers\sst5F.tmp
2010-12-24 03:55:58 -------- d-----w- c:\docume~1\owner\applic~1\PriceGong
2010-12-22 20:38:50 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\{35100F66-8826-4D58-8328-38E81F039B9E}

==================== Find3M ====================

2011-01-05 21:04:32 0 ----a-w- c:\windows\Qdiha.bin

============= FINISH: 22:24:32.48 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:18 PM

Posted 11 January 2011 - 07:25 AM

Hello Darklegion ,

Posted Image

Sorry for the delay. :( If you still need help, please post a new DDS/HijackThis log and I'll be happy to look at it. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:18 PM

Posted 19 January 2011 - 08:20 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users